View Source: SpamAssassinNotes - Waikato Linux Users Group

Edit PageHistory Diff Info LikePages
!! How to make SpamAssassin run on your local e-mail machine (with [Evolution] in mind)

* get and install SpamAssassin, test that it works by piping a good email and a spam email through it
* check that fetchmail(1) works, write a <tt>.fetchmailrc</tt> file
* check that procmail(1) works, write a <tt>.procmailrc</tt> file
* disable the regular pop mailboxes in Evolution
* add a new "local delivery" mailbox to Evolution
* write a tiny script I called <tt>getmail</tt> that does <tt>fetchmail -m procmail</tt> and make sure that it gets your email from the POP3 server correctly
* add <tt>getmail</tt> to your crontab to run every 5 minutes
* add a filter rule to Evolution: if specific header <tt>X-Spam-Flag = YES</tt>, drop the email in my Spam folder

<tt>.fetchmailrc</tt>::
    <verbatim>
    poll mail.myisp.co.nz protocol POP3
          user "pop3user" password "secret" is user "localuser" here mda "/usr/bin/procmail";
    </verbatim>

<tt>.procmailrc</tt>::
    <verbatim>
    # correct incoming messages for programs like Evolution and mail
    :0 fhw
    | formail -I "From " -a "From "

    :0fw
    | spamassassin
    </verbatim>

<tt>~/bin/getmail</tt>::
    <verbatim>
    #!/bin/bash
    /usr/bin/fetchmail >> ~/log/fetchmail
    </verbatim>

crontab::
    <verbatim>
    */5 * * * * /home/localuser/bin/getmail
    </verbatim>

!! SpamAssassin's ClamAV Plugin

This plugin submits the entire email to a locally running [ClamAV] server for virus detection. If a virus is found, it returns a positive return code to indicate spam and sets the header <tt>X-Spam-Virus: Yes ($virusname)</tt>. If you'd like to sort virus emails to a separate folder, create a rule looking for this header.

This isn't necessarily the best way to run [ClamAV]; for example, your MailTransferAgent, if it has a method to call SpamAssassin, probably has a method to call [ClamAV] too.


It requires
* [ClamAV] installed so that scanning a mail with <tt>clamscan</tt> works
* the [File::Scan::ClamAV | http://search.cpan.org/dist/File-Scan-ClamAV/] [Perl] module


To install, create the files in <tt>/etc/mail/spamassassin/</tt>. You can adjust the default score of 10 in <tt>clamav.cf</tt> if you like. Restart the <tt>spamd</tt> daemon if you're using that, and you should be all set.

<tt>clamav.cf</tt>::
    <verbatim>
    loadplugin ClamAV clamav.pm
    full CLAMAV eval:check_clamav()
    describe CLAMAV Clam AntiVirus detected a virus
    score CLAMAV 10
    </verbatim>

<tt>clamav.pm</tt>::
    <verbatim>
    package ClamAV;
    use strict;
    use warnings;

    use Mail::SpamAssassin;
    use Mail::SpamAssassin::Plugin;
    use File::Scan::ClamAV;

    our @ISA = qw(Mail::SpamAssassin::Plugin);

    sub new {
        my ( $class, $mailsa ) = @_;
        my $self = $class->SUPER::new( $mailsa );
        bless( $self, $class );
        $self->register_eval_rule( "check_clamav" );
        return $self;
    }

    sub _set_header {
        my ( $msgstatus, $header ) = @_;
        $msgstatus->{ main }->{ conf }->{ $_ }->{ "Virus" } = $header
            for qw( headers_spam headers_ham );
    }

    sub check_clamav {
        my ( $self, $permsgstatus, $fulltext ) = @_;
        my $clamav = File::Scan::ClamAV->new( port => 3310 );
        my ( $code, $virus ) = $clamav->streamscan( ${ $fulltext } );
        if ( !$code ) {
            my $errstr = $clamav->errstr();
            Mail::SpamAssassin::Plugin::dbg( "ClamAV: Error scanning: $errstr" );
            _set_header( $permsgstatus, "Error ($errstr)" );
        }
        elsif ( $code eq 'OK' ) {
            Mail::SpamAssassin::Plugin::dbg( "ClamAV: No virus detected" );
            _set_header( $permsgstatus, "No" );
        }
        elsif ( $code eq 'FOUND' ) {
            Mail::SpamAssassin::Plugin::dbg( "ClamAV: Detected virus: $virus" );
            _set_header( $permsgstatus, "Yes ($virus)" );
            return 1;
        }
        else {
            Mail::SpamAssassin::Plugin::dbg( "ClamAV: Error, unknown return code: $code" );
            _set_header( $permsgstatus, "Error (Unknown return code from ClamAV: $code)" );
        }
        return;
    }
    1;
    </verbatim>

!!Inappropriate ioctl for device in your debug logs under Sarge/Hoary

<verbatim>
debug: using "/root/.spamassassin" for user state dir
debug: lock: 29656 created /root/.spamassassin/auto-whitelist.lock.firewall.itpartners.co.nz.29656
debug: lock: 29656 trying to get lock on /root/.spamassassin/auto-whitelist with 0 retries
debug: lock: 29656 link to /root/.spamassassin/auto-whitelist.lock: link ok
debug: Tie-ing to DB file R/W in /root/.spamassassin/auto-whitelist
debug: unlock: 29656 unlink /root/.spamassassin/auto-whitelist.lock
debug: open of AWL file failed: Cannot open auto_whitelist_path /root/.spamassassin/auto-whitelist: Inappropriate ioctl for device
</verbatim>

You're using old format database files.

The perl version change effected a change of the BDB version being used.  The bayes_seen and bayes_toks fixes are BDB files and
can be fixed by doing an db4.x_upgrade on them. sarge/hoary use Berkely DB 4.2, and you can install the db4.2-util package. with HTML

!! I'm running spamassassin from my MTA, and I get the error <tt>spam acl condition: cannot parse spamd output</tt> or similar.

This occurs if you have upgraded perl, and not restarted spamd.  Try restarting spamd and see if it solves the problem. It could also be a version mismatch, in which case you'll have to upgrade whichever process is calling spamassassin

!! I'm running spamassassin on [Debian] and get this error <tt>Cannot open bayes databases /home/jimbobdobalina/.spamassassin/bayes_* R/O: tie failed:</tt> (or similar)

Fix:

<verbatim>
apt-get install db4.3-util
</verbatim>

Go to where you Bayes DB's lie.

<verbatim>
db4.3_upgrade bayes_seen
db4.3_upgrade bayes_toks
</verbatim>

Restart spamassassin, and voila!

!!Web based spam management

[Maia Mailguard|http://renaissoft.com/maia/] is a web-based interface and quarantine management system for amavisd-new, which allows users to manage their own spam.  It has all the pitfalls of amavis, but might suit your needs.

!!Making Razor go

Is Razor running?

Uncomment it in /etc/spamassassin/v310.pre and you're effectively away.  If you want to be able to submit, you have to [create an account|http://wiki.apache.org/spamassassin/InstallingRazor].

!!Making DCC go

Is DCC running?  Have you uncommnented it in /etc/spamassassin/v310.pre?

<verbatim>
# spamassassin -t -D < /tmp/spam
<snip>
[8407] dbg: dcc: dccifd is not available: no r/w dccifd socket found
[8407] dbg: dcc: check timed out after 5 seconds
</verbatim>

Default Ubuntu/Debian installation,  SA probably can't find the <tt>dccifd</tt> file - add to /etc/spamassassin/local.cf:

<verbatim>
# Enable DCC
use_dcc                 1
dcc_home                /var/lib/dcc
</verbatim>

!!Making Pyzor go

Is Pyzor running? Have you uncommnented it in /etc/spamassassin/v310.pre?

<verbatim>
# spamassassin -t -D < /tmp/spam
<snip>
[8615] dbg: util: executable for pyzor was found at /usr/bin/pyzor
[8615] dbg: pyzor: pyzor is available: /usr/bin/pyzor
[8615] dbg: info: entering helper-app run mode
[8615] dbg: pyzor: opening pipe: /usr/bin/pyzor  check < /tmp/.spamassassin8615OvQ1ymtmp
[8617] dbg: util: setuid: ruid=0 euid=0
[8615] dbg: pyzor: killed stale helper [8617]
[8615] dbg: pyzor: [8617] terminated:  exit=0x000f
[8615] dbg: info: leaving helper-app run mode
[8615] dbg: pyzor: check timed out after 5 seconds
</verbatim>

The old Pyzor server has disappeared.  Locate .pyzor/servers (systemwide on Debian/Ubuntu, it's under /root/.pyzor/servers) and replace the contents with <tt>82.94.255.100:24441</tt>.  Don't run <tt>pyzor discover</tt> again, as it will overwrite the contents with the broken server.  (Thanks to [this Nabble post|http://www.nabble.com/Pyzor-issue-since-upgrade-to-3.1.3-t1742083.html] for the answer)

!!Graphing your SA scores

Thanks to Tom from ItPartners for this cool script.  Requires gnuplot.  Graphs your spam scores.

<verbatim>
#!/bin/bash

# Generate a graph of SpamAssassin spam score frequencies.
# Needs gnuplot.

LOGFILES=/var/log/mail.log*

SCOREFILE=/tmp/spamscores
IMAGEFILE=/tmp/spamplot.gif

> $SCOREFILE
for score in `zegrep "identified spam|clean message" $LOGFILES | awk '{print $9}' | cut -d "/" -f 1 | cut -d '(' -f 2`
do
    echo $score 1 >> $SCOREFILE
done

gnuplot <<EOF
set term gif
set output "$IMAGEFILE"
plot "$SCOREFILE" smooth frequency
EOF
</verbatim>

!!Systemwide filtering

~SpamAssassin is normally supposed to be invoked on a per-user basis, perhaps via a procmail(1) rule, or  directly in a <tt>.forward</tt> entry, that kind of thing. However, it is possible to filter all users' e-mail on a systemwide basis. The procedure for doing this with [Postfix] is described [here|http://www.geekly.com/entries/archives/00000155.htm].


!![SUSE] notes

Under SuSE, spamd is configured by default not to apply any rules that require Internet access (like accessing Pyzor, blocklists etc). To fix this, edit /etc/sysconfig/spamd. Look for the line

<verbatim>
  SPAMD_ARGS="-d -c -L"
</verbatim>

and remove the "-L" switch.

----
CategoryAntiSpam %%%
CategoryNotes
2 pages link to SpamAssassinNotes:
Last edited on Tuesday, December 26, 2006 2:53:42 pm by LawrenceDoliveiro
Edit PageHistory Diff Info LikePages