Topic: How to check if spamassasin is working correctly

[oegeeks]

SMESERVER 9.2 - last updates
I configured spam assassin and autolearn and tried some configurations with rules either for procmail or mail drop.
As far is i could find out, spam assassin is not writing anything in the mail header.

The user config is shortened for the confidential data

sa-learn --dump magic
0.000          0          3          0  non-token data: bayes db version
0.000          0         53          0  non-token data: nspam
0.000          0          0          0  non-token data: nham
0.000          0      13454          0  non-token data: ntokens
0.000          0 1502200801          0  non-token data: oldest atime
0.000          0 1502726102          0  non-token data: newest atime
0.000          0          0          0  non-token data: last journal sync atime
0.000          0          0          0  non-token data: last expiry atime
0.000          0          0          0  non-token data: last expire atime delta
0.000          0          0          0  non-token data: last expire reduction count


xxx=user
    AdminPanels=bugreport,clamav,cronmanager,dar2,diskusage,emailsettings,qmailanalog,reboot,sme9admin,sysmon,user-email,userpanel-mailsort,viewlogfiles,yum
    Dept=
    EmailForward=local
    EmailVacation=no
    EmailVacationFrom=20170804
    EmailVacationTo=20170805
    ForwardAddress=
    PasswordSet=yes
    Shell=/bin/bash
    SortSpam=enabled
    VPNClientAccess=no


In no mail there is any X-SPAM or other related Header TAG.
How i can debug the problem?
Best regards
Andreas

[oegeeks]

Some more config details:
spamassassin=service
    BayesAutoLearnThresholdNonspam=0.10
    BayesAutoLearnThresholdSpam=6.00
    DNSAvailable=yes
    MaxMessageSize=2000000
    MessageRetentionTime=14
    OkLanguages=all
    OkLocales=all
    RejectLevel=12
    ReportSafe=0
    Sensitivity=custom
    SkipRBLChecks=0
    SortSpam=enabled
    Subject=[SPAM]
    SubjectTag=enabled
    TagLevel=4
    UseBayes=1
    status=enabled
spamd=service
    status=enabled

qmail=service
    DoubleBounceTo=devnull
    FilterType=procmail
    MaxMessageSize=15000000
    status=enabled
qpsmtpd=service
    Bcc=disabled
    BccMode=off
    BccUser=maillog
    DNSBL=enabled
    LogLevel=8
    MaxScannerSize=25000000
    RBLList=bl.spamcop.net,dnsbl-1.uceprotect.net,dnsbl-2.uceprotect.net,psbl.surriel.com,zen.spamhaus.org
    RHSBL=enabled
    RelayRequiresAuth=enabled
    SBLList=multi.surbl.org,black.uribl.com,rhsbl.sorbs.net
    TlsBeforeAuth=1
    UBLList=multi.surbl.org:8-16-64-128,black.uribl.com,rhsbl.sorbs.net
    URIBL=disabled
    access=public
    qplogsumm=disabled
    status=enabled

[oegeeks]

An Example of the Mail-Headers of a learned spam email. The confidential data is tripped out:

Return-Path: <upfoktt@newtokkin.biz.ua>
X-policyd-weight: using cached result; rate: -6.1
Received: from mail.newtokkin.biz.ua (mail.newtokkin.biz.ua [62.141.45.219])
Received: from newtokkin.biz.ua (mail.newtokkin.biz.ua [62.141.45.219])
   by mail.newtokkin.biz.ua (Postfix) with ESMTPA id 22AC8C65E0;
   Mon, 14 Aug 2017 10:57:21 +0300 (EEST)
Message-ID: <upfoktt27213144.88058520@mail.newtokkin.biz.ua>
Reply-To: "Rezeptpflichtige Medikamente" <upfoktt@newtokkin.biz.ua>
From: "Rezeptpflichtige Medikamente" <upfoktt@newtokkin.biz.ua>
To: <cconrady@cowa.de>
Subject: =?utf-8?B?VGFibGV0dGVuIGbDvHIgRXJla3Rpb25zc3TDtnJ1bmc=?=
Date: Mon, 14 Aug 2017 10:57:23 +0300
MIME-Version: 1.0
Content-Type: multipart/related;
   type="multipart/alternative";
   boundary="----=_NextPart_000_0006_01D314EA.1CC01710"
Precedence: bulk
List-Id: b28258464v37384072
X-Complaints-To: abuse@newtokkin.biz.ua
List-Unsubscribe: <http://newtokkin.biz.ua/ru/unsubscribe/do?hash=1806640373585266>
X-Virus-Status: No
X-KasScanner: clean

[oegeeks]

By the way:
The to field is not my email address. This is just a make-up of the spam mail.
Just by the subject, spam assassin should reject the message.

[oegeeks]

The information in the previous posts is still valid, but i changed the get mail behavior.
I changed getmail.sh to use mail drop instead of qmail inbox.
Now nearly every mail is moved to the spam folder, even the good email. Whitelist is working as expected.
I changed the rating to 8, but still no really usable results.
How to see, what score an email from mail drop or spam assassin gets and why?

[oegeeks]

Here is the spamassasin local.cf, but no Header is changed as written in the config-file.
#------------------------------------------------------------
#              !!DO NOT MODIFY THIS FILE!!
#
# Manual changes will be lost when this file is regenerated.
#
# Please read the developer's guide, which is available
# at http://www.contribs.org/development/
#
# Copyright (C) 1999-2006 Mitel Networks Corporation
#------------------------------------------------------------
dns_available yes
internal_networks 192.168.4.221
lock_method flock

ok_locales all
bayes_path /var/spool/spamd/.spamassassin/bayes
bayes_file_mode 750
report_safe 0
required_score 8
rewrite_header Subject [SPAM]
skip_rbl_checks 0
clear_trusted_networks
trusted_networks 192.168.4.221

use_bayes 1
add_header all Status _YESNO_, score=_SCORE_ required=_REQD_ autolearn=_AUTOLEARN_
add_header all Details _REPORT_

[ReetP]

As a thought

1. Are you collecting mail via POP ? In which case you need to look in the bug tracker as there are issues with spamassassin not checking mail collected via fetchmail etc

e.g. https://bugs.contribs.org/show_bug.cgi?id=10290

2. If that isn't the case then a) have you had a read through the bugs and b) if you have and haven't found anything then you should create one

Rgds
John

[oegeeks]

Hi John,
thanks for the hints. I will check if the workaround of the bug will help me. Maybe i have to open a new bug, because mail drop is not related to the old bug.

Anyway you shed a light.
Regards
Andreas

[ReetP]

No problems.

Rgds
John

[oegeeks]

I use getmail and tried fetch mail for this bug. The workaround for fetch mail did not work for me, but i found a working solution for getmail.

in the config file *.mailrc insert this section:

[filter]
type = Filter_external
path = /usr/bin/spamc
arguments = ("-s","250000","-p","783","-u","USER",)