Re: [qmailtoaster] Re: SpamAssassin (continued)

[Dan McAllister]

On 10/21/2014 10:18 PM, Eric Shubert wrote:
On 10/21/2014 05:45 PM, Dan McAllister wrote:
OK, to review:
  I have a QMT install that doesn't seem to be running SpamAssassin
against inbound mail. I hope here to show what is going on so that
someone can interpret the logs (better than I can).

I have setup a forward on the domain that is not being scanned properly.
Messages go into the account (through what should be a spam/virus
scanner) and then gets bounced back to my regular mail server.

Here are the header entries for the message going into the client's mail
server (remember, log file entries work their way UP -- that is, new log
entries go at the TOP of the header):

    *Received:*(qmail 13916 invoked by uid 89); 22 Oct 2014 00:10:45 
-0000
    *Received:*by simscan 1.4.0 ppid: 13908, pid: 13912, t: 0.3950s
          scanners: attach: 1.4.0 clamav: 0.98.1/m:55/d:19525
    *Received:*from unknown (HELO b-b-b.com) (u...@it4soho.com
<https://mail.it4soho.com/src/compose.php?send_to=dan%40it4soho.com>@10.11.12.13)
    by
          mail.host.com with ESMTPA; 22 Oct 2014 00:10:45 -0000

And here are the headers for when the message comes back into my 
server...

    *Received:*(qmail 13967 invoked by uid 89); 22 Oct 2014 00:11:03 
-0000
    *Received:*by simscan 1.4.0 ppid: 13952, pid: 13955, t: 3.6881s
          scanners: attach: 1.4.0 clamav: 0.98.1/m:55/d:19525 spam: 
3.3.2
    *X-Spam-Checker-Version:*SpamAssassin 3.3.2 (2011-06-06) on
    host.it4soho.com
    *X-Spam-Level:****
    *X-Spam-Status:*No, score=3.3 required=5.0
    tests=AWL,BAYES_99,HTML_MESSAGE,
          RDNS_NONE autolearn=no version=3.3.2
    *Received:*from unknown (HELO a-a-a.com) (1.2.3.4)
          by mail.it4soho.com with SMTP; 22 Oct 2014 00:11:00 -0000

Note the conspicuous ABSENCE of the X-Spam-* entries that come from
SpamAssassin in the first collection...

Now, when I look at the contents of the spamd log file, I see the same
types of entries I see in the main server that DOES put the headers
where they are expected.

So I am next thinking there is an issue with SpamAssassin itself... but
I have ZERO experience with SA (I have so much else to do, I typically
turn it on and just let it go! Never debugged SA before!) :)

Any help is appreciated..

Dan
IT4SOHO

I'm real glad other have chimed in, because from what you've 
described, I don't really have a clue.

The Received: by simscan line above shows that spamassassin isn't 
being used. Yet your simcontrol says that it should be.

I think EricB may be on to something. Run cdb to activate the latest 
simcontrol file.

Short of that, I'd like to see samples of your spamd log file, and the 
contents of your local.cf configuration file. Maybe something's 
defeating sa there.

Who knows what you did to turn it off??? ;)
The normal way would be to modify the simcontrol file, then run 
"qmailctl cdb".

Let us know how you make out.
Thanks.


Agreed - the "normal" way would be the simcontrol file followed by a CDB 
rebuild... but I checked that first...

Per the OTHER Eric's request:
1) spamd is in the /var/qmail/supervise folder and the run file matches 
my "good" server
    exec /usr/bin/spamd -x -u vpopmail -s stderr 2>&1
2) the contents of the simcontrol file have been posted already, but are:
    :clam=yes,spam=yes,spam_hits=12,attach=.mp3:.src:.bat:.pif
3) per Eric Shubert's request, contents of the spamd log file

   # qmlog spamd | tail
   10-22 09:29:09 Oct 22 09:29:09.397 [7613] info: spamd: connection
   from localhost [127.0.0.1] at port 50523
   10-22 09:29:09 Oct 22 09:29:09.401 [7613] info: spamd: processing
   message <053A7D23649B4DB25B2DBE8718FFE98FE55CF97F@APPSERVER3> for
   clamav:89
   10-22 09:29:09 Oct 22 09:29:09.899 [7613] info: spamd: clean message
   (1.3/5.0) for clamav:89 in 0.5 seconds, 8275 bytes.
   10-22 09:29:09 Oct 22 09:29:09.899 [7613] info: spamd: result: . 1 -
   HTML_MESSAGE,RDNS_NONE
   
scantime=0.5,size=8275,user=clamav,uid=89,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=50523,mid=<053A7D23649B4DB25B2DBE8718FFE98FE55CF97F@APPSERVER3>,autolearn=no
   10-22 09:29:09 Oct 22 09:29:09.933 [27470] info: prefork: child
   states: II
   10-22 09:29:32 Oct 22 09:29:32.780 [7613] info: spamd: connection
   from localhost [127.0.0.1] at port 50525
   10-22 09:29:32 Oct 22 09:29:32.784 [7613] info: spamd: processing
   message <696d8c8c293aecacc28402d816919...@oesty.com> for clamav:89
   10-22 09:29:32 Oct 22 09:29:32.963 [7613] info: spamd: clean message
   (1.2/5.0) for clamav:89 in 0.2 seconds, 9156 bytes.
   10-22 09:29:32 Oct 22 09:29:32.964 [7613] info: spamd: result: . 1 -
   DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HTML_MESSAGE,RDNS_NONE
   
scantime=0.2,size=9156,user=clamav,uid=89,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=50525,mid=<696d8c8c293aecacc28402d816919...@oesty.com>,autolearn=no
   10-22 09:29:32 Oct 22 09:29:32.999 [27470] info: prefork: child
   states: II

I'm learning more and more about simscan & spamassassin -- more than I 
think I ever really wanted to know :)

Thanks in advance for any help offered.

Dan McAllister
IT4SOHO




--
IT4SOHO, LLC
33 - 4th Street N, Suite 211
St. Petersburg, FL 33701-3806

CALL TOLL FREE:
  877-IT4SOHO

877-484-7646 Phone
727-647-7646 Local
727-490-4394 Fax

We have support plans for QMail!