SpamAssassin MX Gateway Server
I have a unique but interesting problem:
I have a farm of servers that use Sendmail/ProcMail/SpamAssassin.
Due to their very heavy loads and my custom rules, I have built a
dual-proc-dual-core FBSD AMD64 bit OS server to do nothing but my major
spam knockdowns and processing to send back to the
Sendmail/Procmail/SpamAssassin server farm.
On my gateway MX server, I'm using Postfix/AmavisD and Spamassassin, and
it works great. It's flat out rejecting spam scored over 150 spam score,
it tags spam as spam if it's over 15 size, and it just puts in the spam
headers over 15 size as well. If it scores UNDER 15, it neither get's
scored nor given headers.
Then, on the Sendmail farm, I use this recipe, which works great:
:0:
* ! ^X-Spam-Status: YES
{
:0fw
* 256000
|/usr/local/bin/spamc -f
}
:0:
* ^X-Spam-Status: Yes
$HOME/mail/Caught-Spam
Basically, anything that arrives over 15 in score, will have that
SPAM-STATUS header embedded, so it does NOT run SpamAssassin on this
server, and just puts it in the Caught-Spam. If it has LOWER than a score
of 15 from the MX, then the MX server didn't put a header on it, so it's
processed here and filed here.
Why do that? Because my users on the sendmail server farm have a whole
variety of score choices they are using, so I want their specfic score to
be utilized - but by making the score on the MX 15, I'm saving the
sendmail server from a WHOLE LOT of processing, and nobody's going to have
a default score over 15... so that's a safe number?
Make sense? This works great. The MX get's the mail, knocks down the
really bad spam, tags the medium spam and let's the end servers re-score
the questionable stuff to the user preferences.
Ok - my question/problem is this:
Is there a way I can run spamc (or spamassassin) so that it doesn't
actually RESCORE/REPROCESS the mail (the large amount of work), but
instead just looks at the users required score (required_score 6.0) and
only re-tags the X-Spam-Status flag to YES or No??
See, in my current setup (as explained above):
MX server scores it as spam score 205 -- sendmail farm nukes it
MX server scores it as spam score 16 - MX tags it as spam -- sendmail
farm just files it in the user's Caught-Spam folder.
MX server scores it as score 7, which is below questionable as 15, so it
doesn't score it --- sendmail then runs spamass on it, rescores it and
then files it to user's settings.
Re: SpamAssassin MX Gateway Server
Fix to above post's last lines: MX server scores it as spam score 200 -- MX server just nukes it MX server scores it as spam score 16 - MX tags it as spam -- sendmail farm just files it in the user's \Caught-Spam folder. MX server scores it as score 7, which is below questionable which is set to 15, so it doesn't score it (nor gives it any spam headers) --- sendmail then runs spamass on it, rescores it and then files it to user's settings.
Bayes Help! Stopped working 3.0.x -- 3.1.0
I'm upgrading my existing server farm from SpamAss 3.0.x to 3.1.0... all is fine except Bayes. Identical setup, no pathing changes, same local.cf file - everything... but bayes isn't working. Here are my bayes setups in my local.cf: use_bayes 1 use_bayes_rules 1 bayes_auto_learn 1 bayes_auto_learn_threshold_nonspam 0.8 bayes_auto_learn_threshold_spam 12.0 bayes_auto_expire 1 bayes_expiry_max_db_size 15 bayes_journal_max_size 102400 bayes_learn_to_journal 1 bayes_path /usr/local/etc/bayes/bayes bayes_file_mode 0777 lock_method flock score BAYES_00 -3.5 score BAYES_50 -1.0 score BAYES_60 0.3 score BAYES_70 0.7 score BAYES_80 1.0 score BAYES_90 1.5 score BAYES_95 2.0 score BAYES_99 3.5 Now... I've been using a server-side bayes where everyone uses the same bayes files which has been working GREAT, and it's easier for me to push known spam updates via a distribution script to all our servers at once, making it so ALL users get our bayes changes... The bayes files live in /usr/local/etc/bayes/bayes just like the config says... The permissions are correct, as you can see below: drwxr-xr-x 8 root wheel 1024 Feb 12 01:44 ../ drwxrwxrwx 3 root wheel 3072 Feb 12 03:43 ./ -rw-rw-rw- 1 root wheel 30 Feb 12 03:05 bayes.mutex -rw-rw-rw- 1 loria wheel 58 Feb 2 00:20 bayes.lock -rw-rw-rw- 1 root wheel 65536 Feb 12 13:05 bayes_toks -rw-rw-rw- 1 root wheel 65536 Feb 12 13:05 bayes_seen And in the user accounts, inside ~user/.spamassassin, I have: lrwxr-xr-x 1 root techs56 Feb 12 03:12 user_prefs@ - /usr/local/apache/htdocs/squirrelmail/data/username_goes_here.spam lrwxr-xr-x 1 root techs31 Feb 12 04:45 bayes_toks@ - /usr/local/etc/bayes/bayes_toks lrwxr-xr-x 1 root techs31 Feb 12 04:45 bayes_seen@ - /usr/local/etc/bayes/bayes_seen lrwxr-xr-x 1 root techs34 Feb 12 04:45 bayes_journal@ - /usr/local/etc/bayes/bayes_journal (where username_goes_here is the name of the user who's account it is) ... and all that works GREAT on 3.0.x, but broke on 3.1.0... Broke as in no bayes scoring is going on in logs, no activity going on in the bayes directory of /usr/local/etc/bayes as shown above. Any ideas? Thanks!
Re: Bayes Help! Stopped working 3.0.x -- 3.1.0
According to the docs these two options where removed. http://spamassassin.apache.org/full/3.1.x/dist/doc/Mail_SpamAssassin_Conf.html bayes_auto_learn_threshold_nonspam 0.8 bayes_auto_learn_threshold_spam 12.0 Check your log to see if you have any errors. Jonn I don't know how I missed this, but found this in the log... config: SpamAssassin failed to parse line, /usr/local/etc/bayes is not valid for bayes_path, skipping: bayes_path /usr/local/etc/bayes (Along with the fails on the threshholds, as you're correct - they were removed) I've tried both /usr/local/etc/bayes and /usr/local/etc/bayes/bayes.. to no avail. And once again the : bayes_path /usr/local/etc/bayes/bayes ... works GREAT in 2.x and 3.0.x.. but in 3.1.0? UG.. what am I missing? The Docs for Spamass 3.1.x say: bayes_path /path/filename (default: ~/.spamassassin/bayes) This is the directory and filename for Bayes databases. Several databases will be created, with this as the base directory and filename, with _toks, _seen, etc. appended to the base. The default setting results in files called ~/.spamassassin/bayes_seen, ~/.spamassassin/bayes_toks, etc. By default, each user has their own in their ~/.spamassassin directory with mode 0700/0600. For system-wide SpamAssassin use, you may want to reduce disk space usage by sharing this across all users. However, Bayes appears to be more effective with individual user databases.
Re: Bayes Help! Stopped working 3.0.x -- 3.1.0
Russ.. did you run sa-learn --sync after you did your upgrade? I did, and I ran it again and noticed something odd... My config dir is /etc/mail/spamassassin My local.cf USED to have /usr/local/etc/bayes/bayes as the bayes_path, but I have since changed it to /tmp/bayes/bayes and /tmp/bayes for testing purposes. It currently has the /tmp/bayes/bayes setting. However with /tmp/bayes/bayes in the .cf file - when I run sa-learn --siteconfigpath=/etc/mail/spamassassin --sync, it updates the datestamp on the bayes files in my old bayes location - /usr/local/etc/bayes/bayes ls -altr /usr/local/etc/bayes -rw-rw-rw- 1 root wheel 65536 Feb 12 15:09 bayes_toks -rw-rw-rw- 1 root wheel 65536 Feb 12 15:09 bayes_seen ... and that's AFTER I've restarted spamd multiple times - even gettting confirmation with this in my log file: spamd[96453]: config: SpamAssassin failed to parse line, /tmp/bayes/bayes is not valid for bayes_path, skipping: bayes_path_/tmp/bayes/bayes So my original question was: 1. What's wrong with bayes_path /usr/local/etc/bayes/bayes where it was working before in 3.0.x and now not in 3.1.x... ...to ADD a new find.. using sa-learn obviously is messing with the files in my old location at /usr/local/etc/bayes/bayes when my config file says /tmp/bayes/bayes ... and yes, I've done a word search on my /etc/mail/spamassassin directory and there is absolutely no other instance of bayes_path or /usr/local/etc/bayes/bayes anywhere other than that once instance in my /etc/mail/spamassassin/local.cf. Baffled.
Re: Bayes Help! Stopped working 3.0.x -- 3.1.0
Did you check v310.pre and init.pre config files? Jonn Those are in /usr/local/etc/mail/spamassassin and I'm not using those So since my config directory is defined as /etc/mail/spamassassin... it should ignore those, yes? But if it WASN'T ignoring those, why does sa-learn still go after /usr/local/etc/bayes/bayes as the config dir - which definately isn't in the /usr/local/etc/mail/spamassassin/v310.pre and init.pre files..? Appreciate the help! Russ
Re: Spam count down today
For what it's worth, our spam counts are also significantly down. I think the main spammer that's been doing the Rolex and Mitigating drugs went on vacation with the stock spamer for a few days. -Russ
Re: lots of new spam
I wrote these rules last week that stop em fast, even before the URIBL's kick in. # This will fire if 2 or more are found rawbody __DRUGS268A /^V$/i rawbody __DRUGS268B /^I$/i rawbody __DRUGS268C /^C$/i rawbody __DRUGS268D /^E$/i rawbody __DRUGS268E /^33$/i rawbody __DRUGS268F /^\=20$/i meta DRUGS268 (( __DRUGS268A + __DRUGS268B + __DRUGS268C + __DRUGS268D + __DRUGS268E + __DRUGS268F) 1) score DRUGS268 105.5 describe DRUGS268 Disguised Drug Message rawbody URL52 /\.\.org\/(?:..|...)\//i score URL52 6.5 describe URL52 Short Drug URL rawbody URL52a /\..\.org\/(?:..|...)\//i score URL52a 6.5 describe URL52a Short Drug URL rawbody URL52b /\...\.org\/(?:..|...)\//i score URL52b 6.5 describe URL52b Short Drug URL rawbody URL52c /\\.org\/(?:..|...)\//i score URL52c 6.5 describe URL52c Short Drug URL
