Penguin
Note: You are viewing an old revision of this page. View the current version.

SpamAssassin Notes


How to make SpamAssassin run on your local e-mail machine (with Evolution in mind)

  • get and install SpamAssassin, test that it works by piping a good email and a spam email through it
  • check that fetchmail(1) works, write a .fetchmailrc file
  • check that procmail(1) works, write a .procmailrc file
  • disable the regular pop mailboxes in Evolution
  • add a new "local delivery" mailbox to Evolution
  • write a tiny script I called getmail that does fetchmail -m procmail and make sure that it gets your email from the POP3 server correctly
  • add getmail to your crontab to run every 5 minutes
  • add a filter rule to Evolution: if specific header X-Spam-Flag = YES, drop the email in my Spam folder
.fetchmailrc:
poll mail.myisp.co.nz protocol POP3
      user "pop3user" password "secret" is user "localuser" here mda "/usr/bin/procmail";
.procmailrc:
# correct incoming messages for programs like Evolution and mail
:0 fhw
| formail -I "From " -a "From "

:0fw
| spamassassin
/bin/getmail:
#!/bin/bash
/usr/bin/fetchmail >> ~/log/fetchmail
crontab:
*/5 * * * * /home/localuser/bin/getmail

The ClamAV Plugin

This plugin submits the entire email to a locally running ClamAV server for virus detection. If a virus is found, it returns a positive return code to indicate spam and sets the header X-Spam-Virus: Yes ($virusname). If you'd like to sort virus emails to a separate folder, create a rule looking for this header.

It requires

To install, create the files in /etc/mail/spamassassin/. You can adjust the default score of 10 in clamav.cf if you like. Restart the spamd daemon if you're using that, and you should be all set.

clamav.cf:
loadplugin ClamAV clamav.pm
full CLAMAV eval:check_clamav()
describe CLAMAV Clam AntiVirus detected a virus
score CLAMAV 10
clamav.pm:
package ClamAV;
use strict;
use warnings;

use Mail::SpamAssassin;
use Mail::SpamAssassin::Plugin;
use File::Scan::ClamAV;

our @ISA = qw(Mail::SpamAssassin::Plugin);

sub new {
    my ( $class, $mailsa ) = @_;
    my $self = $class->SUPER::new( $mailsa );
    bless( $self, $class );
    $self->register_eval_rule( "check_clamav" );
    return $self;
}

sub _set_header {
    my ( $msgstatus, $header ) = @_;
    $msgstatus->{ main }->{ conf }->{ $_ }->{ "Virus" } = $header
        for qw( headers_spam headers_ham );
}

sub check_clamav {
    my ( $self, $permsgstatus, $fulltext ) = @_;
    my $clamav = File::Scan::ClamAV->new( port => 3310 );
    my ( $code, $virus ) = $clamav->streamscan( ${ $fulltext } );
    if ( !$code ) {
        my $errstr = $clamav->errstr();
        Mail::SpamAssassin::Plugin::dbg( "ClamAV: Error scanning: $errstr" );
        _set_header( $permsgstatus, "Error ($errstr)" );
    }
    elsif ( $code eq 'OK' ) {
        Mail::SpamAssassin::Plugin::dbg( "ClamAV: No virus detected" );
        _set_header( $permsgstatus, "No" );
    }
    elsif ( $code eq 'FOUND' ) {
        Mail::SpamAssassin::Plugin::dbg( "ClamAV: Detected virus: $virus" );
        _set_header( $permsgstatus, "Yes ($virus)" );
        return 1;
    }
    else {
        Mail::SpamAssassin::Plugin::dbg( "ClamAV: Error, unknown return code: $code" );
        _set_header( $permsgstatus, "Error (Unknown return code from ClamAV: $code)" );
    }
    return;
}
1;

GreigMcGill has found that MaiaMailguard? is an excellent meta tool for managing your anti spam solution.


Inappropriate ioctl for device in your debug logs under Sarge/Hoary

debug: using "/root/.spamassassin" for user state dir
debug: lock: 29656 created /root/.spamassassin/auto-whitelist.lock.firewall.itpartners.co.nz.29656
debug: lock: 29656 trying to get lock on /root/.spamassassin/auto-whitelist with 0 retries
debug: lock: 29656 link to /root/.spamassassin/auto-whitelist.lock: link ok
debug: Tie-ing to DB file R/W in /root/.spamassassin/auto-whitelist
debug: unlock: 29656 unlink /root/.spamassassin/auto-whitelist.lock
debug: open of AWL file failed: Cannot open auto_whitelist_path /root/.spamassassin/auto-whitelist: Inappropriate ioctl for device

You're using old format database files.

The perl version change effected a change of the BDB version being used. The bayes_seen and bayes_toks fixes are BDB files and can be fixed by doing an db4.x_upgrade on them. sarge/hoary use Berkely DB 4.2, and you can install the db4.2-util package. with HTML


I'm running spamassassin from my MTA, and I get the error spam acl condition: cannot parse spamd output or similar.

This occurs if you have upgraded perl, and not restarted spamd. Try restarting spamd and see if it solves the problem. It could also be a version mismatch, in which case you'll have to upgrade whichever process is calling spamassassin


I'm running spamassassin on Debian and get this error Cannot open bayes databases /home/jimbobdobalina/.spamassassin/bayes_* R/O: tie failed: (or similar)

Fix:

apt-get install db4.3-util

Go to where you Bayes DB's lie.

db4.3_upgrade bayes_seen
db4.3_upgrade bayes_toks

Restart spamassassin, and voila!


CategoryAntiSpam CategoryNotes