On 02/08, email builder wrote: > Hello, > > I have a server where I never customized any of the SA > rules/tests (SA v.3.3.1). The server does run sa-update > every day. Is this the right place to look to know what > tests the server should be running? > > https://spamassassin.apache.org/tests_3_0_x.html
At the top of that page, it says "Tests Performed: v3.0.x" which is not the version you are running. https://spamassassin.apache.org/tests_3_3_x.html contains tests for 3.3. I don't know when they get updated, maybe only when 3.3.0 was released. I wouldn't trust it much. Run: sa-update -D 2>&1| grep DIR That will output something like: Feb 9 12:08:49.609 [20855] dbg: generic: Perl 5.010001, PREFIX=/usr, DEF_RULES_DIR=/usr/share/spamassassin, LOCAL_RULES_DIR=/etc/spamassassin, LOCAL_STATE_DIR=/var/lib/spamassassin On this system, sa-update downloads rules to /var/lib/spamassassin, so I guess you're looking for the LOCAL_STATE_DIR. That directory will contain a directory related to your SA version, something like 3.003001, which will contain updates_spamassassin_org, which will contain the files defining all the rules. Although that doesn't necessarily tell you which are enabled by default. Some require configuration changes. I believe for SPF you *should* be doing the detecting at your MTA (mail server software) and inserting a header for spamassassin to use: Received-SPF. (Because SPF is supposed to use the "envelope from", which is not necessarily included in a header.) > From that page, it seems that SPF checks are normal > but DKIM is not. Is this right? > > Contrary to that, this page suggests that DKIM test are > enabled by default in version 3.3: > > https://wiki.apache.org/spamassassin/Plugin/DKIM I don't have anything in my /etc/spamassassin/local.cf related to DKIM, and I'm getting DKIM rule hits, so I agree that DKIM is enabled by default (although I'm running trunk / v3.4.0 which is unreleased). I believe SPF tests are also enabled by default, but won't do quite the right thing unless you're inserting the Received-SPF header at your MTA. > Also, where can I look to verify the tests/rules currently > in place on the server? (per-user rules are not implemented) > > I looked in /usr/share/spamassassin and there are a few > files with "spf" and "dkim" in their names. Does that > mean those tests are active? Using the official Debian / Ubuntu packages, that directory contains the rules installed by the spamassassin package, which are only used if you do not run sa-update. Which would obviously be sub-optimal. > ls *spf* > -rw-r--r-- 1 root root 3100 Mar 15 2010 25_spf.cf > -rw-r--r-- 1 root root 3584 Mar 15 2010 60_whitelist_spf.cf > > ls *dkim* > -rw-r--r-- 1 root root 4407 Mar 15 2010 25_dkim.cf > -rw-r--r-- 1 root root 9288 Mar 15 2010 60_adsp_override_dkim.cf > -rw-r--r-- 1 root root 6455 Mar 15 2010 60_whitelist_dkim.cf Those are related, although their presence doesn't indicate anything about defaults. None of the SPF or DKIM rules are particularly highly ranked in spamassassin rule QA, so I wouldn't actually expect significant improvements in accuracy from it: http://ruleqa.spamassassin.org/?daterev=20120204 They both have some substantial flaws. -- "Every man, woman and child on the face of this earth is at the mercy of chaos." - a maxwell smart movie http://www.ChaosReigns.com