[tech] [wheel] Spamassassin broken

Matt Johnston matt at ucc.asn.au
Sun Jul 31 23:26:54 WST 2011 

This should go to tech@ not just wheel@, providing some
notes on UCC's spamassasssin. If anyone wants to see the
bits on mooneye that are wheel-only let me know.

The context is that spamassassin was tagging large amounts
of genuine mail as spam so it's been (either permanently or
temporarily) disabled.

Filter on "X-SpamTest-Status: SPAM" from ITS's Ironports
instead, it's more reliable anyway.

Matt

On Sun, Jul 31, 2011 at 10:37:24PM +0800, Bob Adamson wrote:
> I'm just gonna put it out there - I have no idea how our mail spam 
> filtering works or where it's configured. I've had a bit of a look at my 
> procmailrc file and afaict it just looks for [SPAM] in the subject line. 
> Anyway, could you possibly explain how/where it's configured and what 
> exactly needs to change?

To expand on what's what:

- There's a spamd server for Spamassassin on mooneye. It
  listens on port 783
- When it used to be enabled postfix (in
  /etc/postfix/master.cf) had "smtpd -o content_filter=spamfilter:"
  That then ran:
- /usr/local/sbin/newspamfilter.pl is what Bernard (iirc)
  wrote to run non-local mail through
  /usr/local/sbin/spamfilter which feeds mail to spamd. I
  think the latter script's what's packaged with spamassin.
- The spamd learning happens with the "spamass" account. It
  has a logfile ~spamass/learnlog. I just took a look at it
  and it was complaining about 
  "bayes: bad permissions on journal, can't read:
  /var/spamassassin-nobody/.spamassassin/bayes_journal"
  because that file's owned as root. I've now chowned it
  back to spamass. I wonder if that was related...
- There's a special spamass crontab:
  spamass at mooneye:~$ crontab -l -u spamass
  # m h dom mon dow command
  53/30 * * * * ~/learnspam
- That learns stuff that gets forwarded to the spamass
  user. I think spamassassin also learned from spam it
  filtered, see all the rules in /etc/spamassin/local.cf

So perhaps we could try and fix the
/var/spamassassin-nobody/ bayesian database and then turn
spamassassin back on.

Matt

More information about the tech mailing list