Re: Site-wide config check
Ralph B wrote: Thanks for the response, Matt. Matt Kettler wrote: Ralph B wrote: I've tried to set up spamassissin approximately as described in http://wiki.apache.org/spamassassin/SiteWideBayesSetup. When my users (only 5 of us) receive a spam we redirect it to [EMAIL PROTECTED] Periodically I do a "sa-learn --showdots --mbox --spam /home/spam/mbox" from root. Spamassassin's local.cf contains: required_hits 5 rewrite_subject 1 subject_tag [SPAM] Are you using a *REALLY* old spamassassin? if not, rewrite_subject and subject_tag become obsolete as of SpamAssassin 3.0.0. Yes, really old - 2.63. :-) The current format is rewrite_header Subject [SPAM] However, none of that is relevant under mailscanner, so I'd just delete the rewrite_subject and subject_tag lines. They're ancient, so SpamAssassin won't understand them (and will generate lint warnings on them), and MailScanner over-rides them. While you're at it, you might want to run spamassassin --lint to see if there are any other configfile errors. "spamassassin --lint" returns without a word. Is this good or bad? Good. Basically lint will print any errors, but if everything is fine, it prints nothing. report_safe 0 bayes_path /etc/mail/spamassassin/bayes/bayes bayes_file_mode 0777 use_bayes 1 That should create a global bayes db for all invocations of SpamAssassin.. What are the permissions on the directory /etc/mail/spamassassin/bayes/? Are they 777? (note: I'm asking about the directory, not the files in it) Yes, the directory has 777. And each user has a .procmailrc with contents MAILDIR=$HOME/mail :0 H * ^X-Spam-Status: Yes { EXITCODE=67 :0: spam } This all seems to work OK, with most spams successfully being marked as [SPAM] (for BAYES_99) and then dumped in user's spam folder. However, when I occasionally visit the mbox of user "spam", I find that many more mails are identified as [SPAM] than are at the users' own mboxes. i.e. User "fred" sees spam which is NOT identified as [SPAM], he redirects it to user "spam" and, for user "spam" it IS identified as [SPAM]. So, my question is, why is filtering working better for user "spam" than for the other users? And how do I get the other users' mboxes filtered so well as user "spam"? My guess is your redirects aren't really transparent, and are rewriting the headers. Have you checked to make sure the original headers (ie: Received:) are unmodified? If the headers are replaced, this mechanism is essentially training SpamAssassin that redirected mail is spam. Which means every time a message gets redirected, it looks a lot more like spam than it did before.. Perhaps you're right. In the mbox of user "spam" I see headers such as: [snip] I'm using MailRedirect 0.7.4 with Thunderbird 2.0.0.12. Is there a better way of redirecting mails from Thunderbird? None that I'm aware of. I've never tried to use this mechanism, but in general the "forward/redirect/whatever" all your spam mechanism is fraught with error. Most folks I've seen that do similar things successfully use IMAP and wind up moving mail into a folder that a cronjob later winds up picking up on the server side...
Re: Site-wide config check
Thanks for the response, Matt. Matt Kettler wrote: > Ralph B wrote: >> I've tried to set up spamassissin approximately as described in >> http://wiki.apache.org/spamassassin/SiteWideBayesSetup. >> >> When my users (only 5 of us) receive a spam we redirect it to >> [EMAIL PROTECTED] Periodically I do a "sa-learn --showdots --mbox --spam >> /home/spam/mbox" from root. >> >> Spamassassin's local.cf contains: >> required_hits 5 >> rewrite_subject 1 >> subject_tag [SPAM] > > Are you using a *REALLY* old spamassassin? if not, rewrite_subject and > subject_tag become obsolete as of SpamAssassin 3.0.0. Yes, really old - 2.63. :-) > The current format is > rewrite_header Subject [SPAM] > > However, none of that is relevant under mailscanner, so I'd just delete > the rewrite_subject and subject_tag lines. They're ancient, so > SpamAssassin won't understand them (and will generate lint warnings on > them), and MailScanner over-rides them. > > While you're at it, you might want to run spamassassin --lint to see if > there are any other configfile errors. "spamassassin --lint" returns without a word. Is this good or bad? >> report_safe 0 >> bayes_path /etc/mail/spamassassin/bayes/bayes >> bayes_file_mode 0777 >> use_bayes 1 > > That should create a global bayes db for all invocations of > SpamAssassin.. What are the permissions on the directory > /etc/mail/spamassassin/bayes/? Are they 777? (note: I'm asking about the > directory, not the files in it) Yes, the directory has 777. >> And each user has a .procmailrc with contents >> MAILDIR=$HOME/mail >> >> :0 H >> * ^X-Spam-Status: Yes >> { >> EXITCODE=67 >> :0: >> spam >> } >> >> This all seems to work OK, with most spams successfully being marked as >> [SPAM] (for BAYES_99) and then dumped in user's spam folder. >> >> However, when I occasionally visit the mbox of user "spam", I find that >> many more mails are identified as [SPAM] than are at the users' own >> mboxes. >> >> i.e. User "fred" sees spam which is NOT identified as [SPAM], he >> redirects >> it to user "spam" and, for user "spam" it IS identified as [SPAM]. >> >> So, my question is, why is filtering working better for user "spam" than >> for the other users? And how do I get the other users' mboxes filtered so >> well as user "spam"? > > My guess is your redirects aren't really transparent, and are rewriting > the headers. Have you checked to make sure the original headers (ie: > Received:) are unmodified? > > If the headers are replaced, this mechanism is essentially training > SpamAssassin that redirected mail is spam. Which means every time a > message gets redirected, it looks a lot more like spam than it did > before.. Perhaps you're right. In the mbox of user "spam" I see headers such as: F rom [EMAIL PROTECTED] Mon Apr 7 14:27:03 2008 R esent-From: Fred Person <[EMAIL PROTECTED]> R esent-To: [EMAIL PROTECTED] R esent-Date: Mon, 7 Apr 2008 14:27:02 +0200 R esent-User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.12) Gecko/20080213 Lightning/0.8 Thunderbird/2.0.0.12 X -Mozilla-Keys: U ser-Agent: Microsoft-Entourage/12.1.0.080305 D ate: Mon, 7 Apr 2008 13:06:30 +0300 S ubject: [SPAM] [spammy subject redacted] F rom: binger <[EMAIL PROTECTED]> T o: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> T hread-Topic: [spammy thread-topic redacted] T hread-Index: AciYsDKDWbSQnF1pTAK68hQ3KBjANw== M ime-version: 1.0 C ontent-type: multipart/alternative; boundary="B_8350452663_24541" [snip] I'm using MailRedirect 0.7.4 with Thunderbird 2.0.0.12. Is there a better way of redirecting mails from Thunderbird? Thanks again. Ralph.
Re: Site-wide config check
Ralph B wrote: I've tried to set up spamassissin approximately as described in http://wiki.apache.org/spamassassin/SiteWideBayesSetup. When my users (only 5 of us) receive a spam we redirect it to [EMAIL PROTECTED] Periodically I do a "sa-learn --showdots --mbox --spam /home/spam/mbox" from root. Spamassassin's local.cf contains: required_hits 5 rewrite_subject 1 subject_tag [SPAM] Are you using a *REALLY* old spamassassin? if not, rewrite_subject and subject_tag become obsolete as of SpamAssassin 3.0.0. The current format is rewrite_header Subject [SPAM] However, none of that is relevant under mailscanner, so I'd just delete the rewrite_subject and subject_tag lines. They're ancient, so SpamAssassin won't understand them (and will generate lint warnings on them), and MailScanner over-rides them. While you're at it, you might want to run spamassassin --lint to see if there are any other configfile errors. report_safe 0 bayes_path /etc/mail/spamassassin/bayes/bayes bayes_file_mode 0777 use_bayes 1 That should create a global bayes db for all invocations of SpamAssassin.. What are the permissions on the directory /etc/mail/spamassassin/bayes/? Are they 777? (note: I'm asking about the directory, not the files in it) And each user has a .procmailrc with contents MAILDIR=$HOME/mail :0 H * ^X-Spam-Status: Yes { EXITCODE=67 :0: spam } This all seems to work OK, with most spams successfully being marked as [SPAM] (for BAYES_99) and then dumped in user's spam folder. However, when I occasionally visit the mbox of user "spam", I find that many more mails are identified as [SPAM] than are at the users' own mboxes. i.e. User "fred" sees spam which is NOT identified as [SPAM], he redirects it to user "spam" and, for user "spam" it IS identified as [SPAM]. So, my question is, why is filtering working better for user "spam" than for the other users? And how do I get the other users' mboxes filtered so well as user "spam"? My guess is your redirects aren't really transparent, and are rewriting the headers. Have you checked to make sure the original headers (ie: Received:) are unmodified? If the headers are replaced, this mechanism is essentially training SpamAssassin that redirected mail is spam. Which means every time a message gets redirected, it looks a lot more like spam than it did before..
Re: site-wide config?
Russell Jones wrote: Sorry if this is covered somewhere in the documentation, and if so can someone be nice enough to point it to me :) I can't seem to locate it. I would like to set spamassassin to use a site-wide configuration, so that when I tell it to sa-learn, it will apply what it learns to every single email account on the server. If someone can point me to the documentation and/or examples of how to set this, I would be very grateful. Thanks! The easiest way is to use mysql, and set: ## global bayes ddb bayes_sql_override_username spamassassin
RE: site-wide config?
Russell Jones wrote: > Sorry if this is covered somewhere in the documentation, and if so > can someone be nice enough to point it to me :) I can't seem to > locate it. > > I would like to set spamassassin to use a site-wide configuration, so > that when I tell it to sa-learn, it will apply what it learns to > every single email account on the server. > > If someone can point me to the documentation and/or examples of how > to set this, I would be very grateful. > > Thanks! man Mail::SpamAssassin::Conf Search for the bayes_path and bayes_file_mode settings. You need to create a bayes directory that is not relative to the user's home and set the mode so that everyone can read and write to it. Make sure to read the bayes_path description carefully. This is NOT a simple directory path. -- Bowie