Topic: Spam puzzle

[firstbishop]

I've had ongoing trouble with SpamAssassin and tried removing all the rpms and running Knuddi's script again.

The current version of SA on my 6.5 server is 3.1.0-1. Can anyone tell me why when I view the source of any incoming mail, the version reported is:

X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11)

[raem]

firstbishop

>...the version reported is:
> X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11

It should say
X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13)

> I've had ongoing trouble with SpamAssassin and
> tried removing all the rpms and running Knuddi's
> script again.

As far as I understand re-running knuddi's script should reinstall the contrib, including various required rpms.
I also believe that it removes old versions.

So when you run the install script does it appear to complete the whole installation correctly ? Something must be going wrong somewhere.

You say you are using sme 6.5. Are you using the correct install script, there is a different one for sme 6.5 ?

For SME 6.5RC1 use:
cd /root
wget -N http://sme.swerts-knudsen.dk/downloads/SpamFilter/spamfilter_installbeta.sh
sh spamfilter_installbeta.sh


Also check the FAQ at the bottom of this page

http://sme.swerts-knudsen.dk/index.html?frame=http%3A//sme.swerts-knudsen.dk/howtos/howto_29.htm

[firstbishop]

Thanks for your reply, Ray.

I did use the "installbeta" script which is for 6.5 and the install seemed to run fine.

I can find no trace of a version SpamAssassin 2.63 on my system and rpm -qa |grep spam returns:

spamassassin-3.1.0-1
sortspam-1.1.0-05sme02
spamassassin-tools-3.1.0-1
sme-spamfilter-1.2.2-1

I also went through Knuddi's FAQ but couldn't find anything there to help with this.

The version number issue wouldn't bug me if SA was actually working, but every morning I get an email from the server looking something like this:

Total spam rejected   :        0 (  0.00%)
       RBL rejected   :        0 (  0.00%)
     Score above 15   :        0 (  0.00%)
Total ham accepted    :        0 (  0.00%)
                        -------------------
Total emails processed:        0 (    0/hr)

??

[raem]

firstbishop

To state the obvious, you did enable the spam filter
using the server manager panel ?


Check your various db entries relating to antivirus and spam processing.
Here are mine from a 6.0 install.

/sbin/e-smith/db configuration show smtpfront-qmail
smtpfront-qmail=service
    ExternalInterfacesFilter=/usr/bin/qmail-queue.amavis
    Instances=40
    InternalInterfacesFilter=/usr/bin/qmail-queue.amavis
    MaxMessageSize=25000000
    Patterns=enabled
    PatternsFile=/var/qmail/control/patterns.default
    Proxy=enabled
    RBLList=dnsbl.sorbs.net:whois.rfc-ignorant.org:relays.ordb.org:sbl-xbl.spamhaus.org
    access=public
    authentication=disabled
    status=enabled

/sbin/e-smith/db configuration show amavis-ng
amavis-ng=service
    MailFrom=antivirus@xxxxxxx.xxxx
    Notifiers=Admin
    qmail-queue=/var/qmail/bin/qmail-spamc
    status=enabled

/sbin/e-smith/db configuration show spamassassin
spamassassin=service
    status=enabled

/sbin/e-smith/db configuration show spamd
spamd=service
    status=enabled

/sbin/e-smith/db configuration show spamfilter
spamfilter=service
    status=enabled

/sbin/e-smith/db configuration show qmail
qmail=service
    ConcurrencyLocal=5
    ConcurrencyRemote=3
    DeliveryInstruction=sortspam
    DeliveryType=program
    status=enabled

/sbin/e-smith/db configuration show antivirus
antivirus=service
    AutoDelete=0
    StatusReport=no
    status=enabled

/sbin/e-smith/db configuration show clamd
clamd=service
    InitscriptOrder=60
    status=enabled


/sbin/e-smith/db configuration show clamscan
clamscan=service
    ScanFreq=weekly
    ScanMode=homes
    status=enabled



I have the following rpms on my system

spamassassin-3.1.0-1
spamassassin-tools-3.1.0-1
sme-spamfilter-1.2.2-1
sortspam-1.1.0-05

[firstbishop]

Hi Ray. Yes, the spam filter is enabled in the Server-Manager.

You may see something in the config settings below, but the one obvious error was that the command
/sbin/e-smith/db configuration show spamd

returned nothing. spamd does appear to be running:

ps -A | grep spamd
11238 ?        00:00:00 spamd

but does this mean something is not set up properly in the config database?

My config settings are:

/sbin/e-smith/db configuration show smtpfront-qmail
smtpfront-qmail=service
ExternalInterfacesFilter=/usr/bin/qmail-queue.amavis
Instances=40
InternalInterfacesFilter=/usr/bin/qmail-queue.amavis
Patterns=enabled
PatternsFile=/var/qmail/control/patterns.default
Proxy=enabled
RBLList=sbl-xbl.spamhaus.org
TCPPort=25
access=private
authentication=disabled
status=enabled

/sbin/e-smith/db configuration show amavis-ng
amavis-ng=service
MailAdmin=admin@xxx.xx.za
MailFrom=viruses@xxx.xx.za
Notifiers=Admin
qmail-queue=/var/qmail/bin/qmail-spamc
status=enabled

/sbin/e-smith/db configuration show spamassassin
spamassassin=service
status=enabled

/sbin/e-smith/db configuration show spamfilter
spamfilter=service
status=enabled

/sbin/e-smith/db configuration show qmail
qmail=service
ConcurrencyLocal=5
ConcurrencyRemote=3
status=enabled

/sbin/e-smith/db configuration show antivirus
antivirus=service
AutoDelete=10
StatusReport=yes
status=enabled

/sbin/e-smith/db configuration show clamd
clamd=service
InitscriptOrder=60
status=enabled

/sbin/e-smith/db configuration show clamscan
clamscan=service
MailReport=admin@xxx.xx.za
ScanFreq=weekly
ScanMode=full
status=enabled

Thanks - I appreciate your help

Mike

[raem]

firstbishop

> ../sbin/e-smith/db configuration show spamd
> returned nothing. spamd does appear to be running:

I checked another similarly configured server but it did not have a spamd db entry, so that is probably as stray entry from an older version of spmassassin.

Everything else looks OK except

/sbin/e-smith/db configuration show smtpfront-qmail
RBLList=sbl-xbl.spamhaus.org
TCPPort=25
access=private

You would improve your spam reduction (when it starts working) by adding 2 or 3 more RBL's.

I don't know why the TCPPort entry is there.

Why is access=private

2 servers I looked at (gateway/servers) are set to public
It appears your server is set to private server & gateway mode.

The configuration screem says:
Private server and gateway mode also acts as a firewll but disables all incoming services

That's why you have no mail coming in and therefore nothing gets scanned for viruses or for spam !!

Re run your configuration and select server and gateway mode (not private server and gateway).

[firstbishop]

OK, I didn't realise that Spamassassin couldn't be used with a server in private server and gateway mode. Our server is set up that way because we don't want or need any external access to our network at all - our website is hosted elsewhere and no users need external access. I thought from a security perspective that private server-gateway would be the way to go.

We don't have any problem receiving email though - my problem is keeping the spam out! If the mail is able to reach my server, is SA not able to check it at some stage?

Should I still try the server-gateway option?

Thanks

Mike

[raem]

firstbishop

> We don't have any problem receiving email though...

How are you receiving/collecting that mail ?
Are your email clients configured to collect directly from your external ISP mail server or are they configured to collect from your local sme server ?


> X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11)

The header may be from the external mail server



> ...my problem is keeping the spam out! If the mail > is able to reach my server, is SA not able to
> check it at some stage?

Is it really reaching your server ?
... or is it reaching your email clients directly.

Your sme server has to be running a publically accessible mail server in order to collect mail for your domain, process that mail & then scan for viruses and spam.


> Should I still try the server-gateway option?

Sounds appropriate to me.

[raem]

firstbishop

I think you need to explain how your domain and server and email collection is configured.
Even changing the mode from private server and gateway to server and gateway may not be enough.

You need to configure your server to receive the mail for your domain, and based on what you have said already, that may need some external records to be changed at your ISP/host etc, so mail goes to your sme servers domain mail server.

[firstbishop]

In the server-manager panel the email settings are as follows:

Public POP and IMAP access is disabled
Webmail for internal users is enabled
The address of the internal mail server is left blank as suggested
The ISP's mail server is correctly inserted
A secondary mail server is provided for multi-drop purposes
Email is collected every 15 minutes (I assume that is using fetchmail)
Email is sorted to local users using the X-MDRcpt-To:
header

We do not have a static IP address. We have a single POP account on our ISP's server. Email is delivered to our server via our ISP and then delivered by our server to the various local users. Likewise outgoing mail is sent via our ISP (some email recipients were rejecting mail when we sent it directly to them).

I hope this helps

Mike

[firstbishop]

I understand that SpamAssassin is built into SME 7beta. If the problems I have at the moment are to do with the fact that our mail is picked up off our ISP's server, does anyone know whether I am likely to have more success with SME7 (notwithstanding the usual warnings about it being a Beta version)?