On 10/21/2014 10:18 PM, Eric Shubert wrote:
On 10/21/2014 05:45 PM, Dan McAllister wrote:
OK, to review:
I have a QMT install that doesn't seem to be running SpamAssassin
against inbound mail. I hope here to show what is going on so that
someone can interpret the logs (better than I can).
I have setup a forward on the domain that is not being scanned properly.
Messages go into the account (through what should be a spam/virus
scanner) and then gets bounced back to my regular mail server.
Here are the header entries for the message going into the client's mail
server (remember, log file entries work their way UP -- that is, new log
entries go at the TOP of the header):
*Received:*(qmail 13916 invoked by uid 89); 22 Oct 2014 00:10:45
-0000
*Received:*by simscan 1.4.0 ppid: 13908, pid: 13912, t: 0.3950s
scanners: attach: 1.4.0 clamav: 0.98.1/m:55/d:19525
*Received:*from unknown (HELO b-b-b.com) (u...@it4soho.com
<https://mail.it4soho.com/src/compose.php?send_to=dan%40it4soho.com>@10.11.12.13)
by
mail.host.com with ESMTPA; 22 Oct 2014 00:10:45 -0000
And here are the headers for when the message comes back into my
server...
*Received:*(qmail 13967 invoked by uid 89); 22 Oct 2014 00:11:03
-0000
*Received:*by simscan 1.4.0 ppid: 13952, pid: 13955, t: 3.6881s
scanners: attach: 1.4.0 clamav: 0.98.1/m:55/d:19525 spam:
3.3.2
*X-Spam-Checker-Version:*SpamAssassin 3.3.2 (2011-06-06) on
host.it4soho.com
*X-Spam-Level:****
*X-Spam-Status:*No, score=3.3 required=5.0
tests=AWL,BAYES_99,HTML_MESSAGE,
RDNS_NONE autolearn=no version=3.3.2
*Received:*from unknown (HELO a-a-a.com) (1.2.3.4)
by mail.it4soho.com with SMTP; 22 Oct 2014 00:11:00 -0000
Note the conspicuous ABSENCE of the X-Spam-* entries that come from
SpamAssassin in the first collection...
Now, when I look at the contents of the spamd log file, I see the same
types of entries I see in the main server that DOES put the headers
where they are expected.
So I am next thinking there is an issue with SpamAssassin itself... but
I have ZERO experience with SA (I have so much else to do, I typically
turn it on and just let it go! Never debugged SA before!) :)
Any help is appreciated..
Dan
IT4SOHO
I'm real glad other have chimed in, because from what you've
described, I don't really have a clue.
The Received: by simscan line above shows that spamassassin isn't
being used. Yet your simcontrol says that it should be.
I think EricB may be on to something. Run cdb to activate the latest
simcontrol file.
Short of that, I'd like to see samples of your spamd log file, and the
contents of your local.cf configuration file. Maybe something's
defeating sa there.
Who knows what you did to turn it off??? ;)
The normal way would be to modify the simcontrol file, then run
"qmailctl cdb".
Let us know how you make out.
Thanks.
Agreed - the "normal" way would be the simcontrol file followed by a CDB
rebuild... but I checked that first...
Per the OTHER Eric's request:
1) spamd is in the /var/qmail/supervise folder and the run file matches
my "good" server
exec /usr/bin/spamd -x -u vpopmail -s stderr 2>&1
2) the contents of the simcontrol file have been posted already, but are:
:clam=yes,spam=yes,spam_hits=12,attach=.mp3:.src:.bat:.pif
3) per Eric Shubert's request, contents of the spamd log file
# qmlog spamd | tail
10-22 09:29:09 Oct 22 09:29:09.397 [7613] info: spamd: connection
from localhost [127.0.0.1] at port 50523
10-22 09:29:09 Oct 22 09:29:09.401 [7613] info: spamd: processing
message <053A7D23649B4DB25B2DBE8718FFE98FE55CF97F@APPSERVER3> for
clamav:89
10-22 09:29:09 Oct 22 09:29:09.899 [7613] info: spamd: clean message
(1.3/5.0) for clamav:89 in 0.5 seconds, 8275 bytes.
10-22 09:29:09 Oct 22 09:29:09.899 [7613] info: spamd: result: . 1 -
HTML_MESSAGE,RDNS_NONE
scantime=0.5,size=8275,user=clamav,uid=89,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=50523,mid=<053A7D23649B4DB25B2DBE8718FFE98FE55CF97F@APPSERVER3>,autolearn=no
10-22 09:29:09 Oct 22 09:29:09.933 [27470] info: prefork: child
states: II
10-22 09:29:32 Oct 22 09:29:32.780 [7613] info: spamd: connection
from localhost [127.0.0.1] at port 50525
10-22 09:29:32 Oct 22 09:29:32.784 [7613] info: spamd: processing
message <696d8c8c293aecacc28402d816919...@oesty.com> for clamav:89
10-22 09:29:32 Oct 22 09:29:32.963 [7613] info: spamd: clean message
(1.2/5.0) for clamav:89 in 0.2 seconds, 9156 bytes.
10-22 09:29:32 Oct 22 09:29:32.964 [7613] info: spamd: result: . 1 -
DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HTML_MESSAGE,RDNS_NONE
scantime=0.2,size=9156,user=clamav,uid=89,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=50525,mid=<696d8c8c293aecacc28402d816919...@oesty.com>,autolearn=no
10-22 09:29:32 Oct 22 09:29:32.999 [27470] info: prefork: child
states: II
I'm learning more and more about simscan & spamassassin -- more than I
think I ever really wanted to know :)
Thanks in advance for any help offered.
Dan McAllister
IT4SOHO
--
IT4SOHO, LLC
33 - 4th Street N, Suite 211
St. Petersburg, FL 33701-3806
CALL TOLL FREE:
877-IT4SOHO
877-484-7646 Phone
727-647-7646 Local
727-490-4394 Fax
We have support plans for QMail!