Topic: After upgrade from 9.1 to 9.2 spamd stopped working

[kb-ohnemus]

After the upgrade from 9.1 to 9.2 my users got a lot of spam in Inbox while the junkmail folders stayed empty. Looking at the mail's sourcecode I noticed the line X-Spam-Status is missing.
My /var/log/spamd/current says:

Code: [Select]

@40000000590e178d2695191c May  6 20:35:47.642 [2458] info: pyzor: [2679] error: TERMINATED, signal 15 (00$
@40000000590e178d2e0d6fb4 May  6 20:35:47.773 [2458] info: spamd: server started on IO::Socket::INET6 [12$
@40000000590e178d2e115b9c May  6 20:35:47.773 [2458] info: spamd: server pid: 2458
@40000000590e178d2e2e808c May  6 20:35:47.775 [2458] info: spamd: server successfully spawned child proce$

It seems to be running but doing nothing.

Befor to the upgrade there appeared actions like this:

Code: [Select]

40000000590d52810eb9ad1c May  6 06:35:03.247 [29449] info: spamd: connection from 127.0.0.1 [127.0.0.1]:$
@40000000590d52810eeca014 May  6 06:35:03.250 [29449] info: spamd: checking message <0b3f1a458d6d4308288a$
@40000000590d528431aad60c May  6 06:35:06.833 [29449] info: spamd: clean message (0.7/3.0) for qpsmtpd:10$
@40000000590d528431ad7dbc May  6 06:35:06.833 [29449] info: spamd: result: . 0 - DKIM_SIGNED,DKIM_VALID,D$
@40000000590d5284342e21a4 May  6 06:35:06.875 [2461] info: prefork: child states: II

I have already searched the forums and the bugtracker but no one else seems to have this problem.

[Stefano]

do you have any custom fragment?

Code: [Select]

/sbin/e-smith/audittools/templates

and

Code: [Select]

rpm -qa | grep -i spam


[Daniel B.]

You should check your qpsmtpd logs (/var/log/qpsmtpd/current) which could contains some hints

[kb-ohnemus]

Code: [Select]

# /sbin/e-smith/audittools/templates
/etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/20LoadModule80AuthFile: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/99allow_url_fopen: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/20LoadModule80PHP: OWNED_BY_RPM, OVERRIDE
/etc/e-smith/templates-custom/etc/crontab/99_kbo: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/smb.conf/10globals: MANUALLY_ADDED, OVERRIDE
/etc/e-smith/templates-custom/etc/inittab/91ttyIAX0: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/dhcpd.conf/25Routers: MANUALLY_ADDED, OVERRIDE
/etc/e-smith/templates-custom/etc/yum.conf/99installonly_limit: MANUALLY_ADDED, ADDITION
/etc/e-smith/templates-custom/etc/php.ini/99ioncube: MANUALLY_ADDED, ADDITION


Code: [Select]

# rpm -qa | grep -i spam
smeserver-spamassassin-2.4.0-8.el6.sme.noarch
spamassassin-3.4.1-1.el6.sme.x86_64


[kb-ohnemus]

Logs before upgrade:

Code: [Select]

[root@server2 qpsmtpd]# grep spamassassin @40000000590c2fe12731d234.s
@40000000590c2eb4182d23ec 23733 spamassassin hooking data_post
@40000000590c2eb4182dd3b4 23733 spamassassin hooking data_post
@40000000590c2eb528c63d74 23733 running plugin (data_post): spamassassin
@40000000590c2eb528c704ac 23733 spamassassin plugin (data_post): check_spam
@40000000590c2eb528cb1f74 23733 spamassassin plugin (data_post): check_spam: connected to spamd
@40000000590c2eb52975c6f4 23733 spamassassin plugin (data_post): check_spam: finished sending to spamd
@40000000590c2eb919c822c4 23733 spamassassin plugin (data_post): check_spam: spamd: SPAMD/1.1 0 EX_OK
@40000000590c2eb919c83264 23733 spamassassin plugin (data_post): check_spam: spamd: Content-length: 58
@40000000590c2eb919c83a34 23733 spamassassin plugin (data_post): check_spam: spamd: Spam: False ; 0.7 / 3.0
@40000000590c2eb919c83e1c 23733 spamassassin plugin (data_post): check_spam: spamd:
@40000000590c2eb919f5512c 23733 spamassassin plugin (data_post): check_spam: finished reading from spamd
@40000000590c2eb919f55ce4 23733 spamassassin plugin (data_post): check_spam: No, hits=0.7, required=3.0, tests=HTML_MESSAGE,MIME_HTML_MOSTLY,MPART_ALT_DIFF,URIBL_BLOCKED
@40000000590c2eb919f564b4 23733 Plugin spamassassin, hook data_post returned DECLINED,
@40000000590c2eb919f5689c 23733 running plugin (data_post): spamassassin
@40000000590c2eb919f56c84 23733 spamassassin plugin (data_post): check_spam_reject: reject_threshold=10
@40000000590c2eb919f5977c 23733 spamassassin plugin (data_post): check_spam_reject: score=0.7
@40000000590c2eb919f59b64 23733 spamassassin plugin (data_post): check_spam_reject: passed
@40000000590c2eb919f5a334 23733 Plugin spamassassin, hook data_post returned DECLINED,
@40000000590c2fe12140eaa4 23822 config(peers/0) returning (logging/logterse tls ssl/cert.pem ssl/cert.pem ssl/cert.pem auth/auth_cvm_unix_local cvm_socket /var/lib/cvm/cvm-unix-local.socket enable_smtp yes enable_ssmtp yes check_earlytalker count_unrecognized_commands 4 check_relay check_norelay require_resolvable_fromhost check_basicheaders check_badmailfrom check_badrcptto_patterns check_badrcptto check_spamhelo check_goodrcptto extn - rcpt_ok virus/pattern_filter check=patterns action=deny tnef2mime spamassassin reject_threshold 10 virus/clamav clamscan_path=/usr/bin/clamdscan action=reject max_size=25000000 queue/qmail-queue) from cache

and after:

Code: [Select]

[root@server2 qpsmtpd]# grep spamassassin @40000000590da80c367323ec.s
40000000590da6e016893bd4 29564 spamassassin hooking data_post
@40000000590da6e11bbbc8ec 29564 (data_post) running plugin: spamassassin
@40000000590da6e11bbe41bc 29564 (data_post) spamassassin: skip, relay client
@40000000590da6e11bbe45a4 29564 Plugin spamassassin, hook data_post returned DECLINED,
@40000000590da80c24626e24 29686 (init) peers: Loading spamassassin reject_threshold 10 from /usr/share/qpsmtpd/plugins/spamassassin


[Daniel B.]

We can see the reason why spamassassin does not scan this particular email: skip, relay client (in fact, you most likely have no filtering at all, except ClamAV). Now, we need to find why this is seen like a realy_client, but as we don't have the IP address of the sender, it's hard to tell. could you show the output of:

Code: [Select]

db networks show
db configuration show qpsmtpd


[kb-ohnemus]

Code: [Select]

[root@server2 ~]# db networks show
192.168.0.0=network
    Mask=255.255.255.0
    SystemLocalNetwork=yes
[root@server2 ~]# db configuration show qpsmtpd
qpsmtpd=service
    Bcc=disabled
    BccMode=cc
    BccUser=maillog
    DNSBL=disabled
    LogLevel=8
    MaxScannerSize=25000000
    RBLList=whois.rfc-ignorant.org,dnsbl.njabl.org,zen.spamhaus.org
    RHSBL=disabled
    RelayRequiresAuth=enabled
    SBLList=dsn.rfc-ignorant.org
    TlsBeforeAuth=1
    UBLList=multi.surbl.org:8-16-64-128,black.uribl.com,rhsbl.sorbs.net
    URIBL=disabled
    access=public
    qplogsumm=disabled
    status=enabled


[Daniel B.]

Look at /service/qpsmtpd/config/relayclients to see which IP are allowed as relay_client. Also, tell us from which IP you receive emails (are you getting them from a single relay ? Or directly from the oustide ?)

[Stefano]

Code: [Select]

[root@server2 ~]# db networks show
192.168.0.0=network
    Mask=255.255.255.0
    SystemLocalNetwork=yes
[root@server2 ~]# db configuration show qpsmtpd
qpsmtpd=service
    Bcc=disabled
    BccMode=cc
    BccUser=maillog
    DNSBL=disabled
    LogLevel=8
    MaxScannerSize=25000000
    RBLList=whois.rfc-ignorant.org,dnsbl.njabl.org,zen.spamhaus.org
    RHSBL=disabled
    RelayRequiresAuth=enabled
    SBLList=dsn.rfc-ignorant.org
    TlsBeforeAuth=1
    UBLList=multi.surbl.org:8-16-64-128,black.uribl.com,rhsbl.sorbs.net
    URIBL=disabled
    access=public
    qplogsumm=disabled
    status=enabled


as a side note, I suggest you to enable dnsbl and rhsbl to improve your spam fight efficency

[Daniel B.]

as a side note, I suggest you to enable dnsbl and rhsbl to improve your spam fight efficency

I'd also suggest that, but it won't do anything if all the emails are coming from a relay client IP. This is what the OP should find

[Stefano]

I'd also suggest that, but it won't do anything if all the emails are coming from a relay client IP. This is what the OP should find

mine was, infact, a side note

[kb-ohnemus]

Code: [Select]

[root@server2 config]# cat relayclients
#------------------------------------------------------------
#------------------------------------------------------------
# Format is IP, or IP part with trailing dot
# e.g. "127.0.0.1", or "192.168."
127.0.0.
192.168.0.2
where 192.168.0.2 is the sme-server itself.
I fetch mail only through the fetchmailcontrib (https://wiki.contribs.org/Fetchmail) from kb-ohnemus.de.

[Daniel B.]

That's an issue with the fetchmail contrib in this case. IIRC fetchmail uses 127.0.0.200 as source IP address to submit emails to the local qpsmtpd, this IP should be added to /service/qpsmtpd/config/norelayclients. Can you try adding it, restart qpsmtpd, and check the result ? Then, please open a new bug on https://bugs.contribs.org so we can publish a fix

[kb-ohnemus]

Ok, now I've changed norelayclients:

Code: [Select]

[root@server2 config]# cat norelayclients
#------------------------------------------------------------
#------------------------------------------------------------
# Format is IP, or IP part with trailing dot
# e.g. "127.0.0.1", or "192.168."
192.168.0.10
127.0.0.200

and spamd seems to do something again:

Code: [Select]

@40000000591336c018e1be4c May 10 17:50:14.417 [2580] info: spamd: result: . 1 - DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HTML_FONT_LOW_CONTRAST,HTML_MESSAGE,LOTS_OF_MONEY,MIME_HTML_MOSTLY,MPART_ALT_DIFF,SPF_SOFTFAIL,URIBL_BLOCKED scantime=6.2,size=15514,user=qpsmtpd,uid=1005,required_score=3.0,rhost=127.0.0.1,raddr=127.0.0.1,rport=58962,mid=<Y1-j-6U.3621541.16751@vmx-8.kjm2.de>,autolearn=disabled

Thank you both. But I don't understand the relation to the 9.2 upgrade. What should I write in the bugtracker?

[SchulzStefan]

9.2 up-to-date. Server only. All spam coming through since the last update. E-mail WBL blacklist also no longer working...

Bug opened https://bugs.contribs.org/show_bug.cgi?id=10291

Any help would be greatly appreciated.

regards,
stefan