[tech] [wheel] Spamassassin broken
Matt Johnston
matt at ucc.asn.au
Sun Jul 31 23:26:54 WST 2011
This should go to tech@ not just wheel@, providing some
notes on UCC's spamassasssin. If anyone wants to see the
bits on mooneye that are wheel-only let me know.
The context is that spamassassin was tagging large amounts
of genuine mail as spam so it's been (either permanently or
temporarily) disabled.
Filter on "X-SpamTest-Status: SPAM" from ITS's Ironports
instead, it's more reliable anyway.
Matt
On Sun, Jul 31, 2011 at 10:37:24PM +0800, Bob Adamson wrote:
> I'm just gonna put it out there - I have no idea how our mail spam
> filtering works or where it's configured. I've had a bit of a look at my
> procmailrc file and afaict it just looks for [SPAM] in the subject line.
> Anyway, could you possibly explain how/where it's configured and what
> exactly needs to change?
To expand on what's what:
- There's a spamd server for Spamassassin on mooneye. It
listens on port 783
- When it used to be enabled postfix (in
/etc/postfix/master.cf) had "smtpd -o content_filter=spamfilter:"
That then ran:
- /usr/local/sbin/newspamfilter.pl is what Bernard (iirc)
wrote to run non-local mail through
/usr/local/sbin/spamfilter which feeds mail to spamd. I
think the latter script's what's packaged with spamassin.
- The spamd learning happens with the "spamass" account. It
has a logfile ~spamass/learnlog. I just took a look at it
and it was complaining about
"bayes: bad permissions on journal, can't read:
/var/spamassassin-nobody/.spamassassin/bayes_journal"
because that file's owned as root. I've now chowned it
back to spamass. I wonder if that was related...
- There's a special spamass crontab:
spamass at mooneye:~$ crontab -l -u spamass
# m h dom mon dow command
53/30 * * * * ~/learnspam
- That learns stuff that gets forwarded to the spamass
user. I think spamassassin also learned from spam it
filtered, see all the rules in /etc/spamassin/local.cf
So perhaps we could try and fix the
/var/spamassassin-nobody/ bayesian database and then turn
spamassassin back on.
Matt
More information about the tech
mailing list