On 10/22/2014 7:31 AM, Dan McAllister wrote: > On 10/21/2014 10:18 PM, Eric Shubert wrote: >> On 10/21/2014 05:45 PM, Dan McAllister wrote: >>> OK, to review: >>> >>> I have a QMT install that doesn't seem to be running SpamAssassin >>> against inbound mail. I hope here to show what is going on so that >>> someone can interpret the logs (better than I can). >>> >>> I have setup a forward on the domain that is not being scanned >>> properly. >>> Messages go into the account (through what should be a spam/virus >>> scanner) and then gets bounced back to my regular mail server. >>> >>> Here are the header entries for the message going into the client's >>> mail >>> server (remember, log file entries work their way UP -- that is, new >>> log >>> entries go at the TOP of the header): >>> >>> *Received:*(qmail 13916 invoked by uid 89); 22 Oct 2014 00:10:45 >>> -0000 >>> *Received:*by simscan 1.4.0 ppid: 13908, pid: 13912, t: 0.3950s >>> scanners: attach: 1.4.0 clamav: 0.98.1/m:55/d:19525 >>> *Received:*from unknown (HELO b-b-b.com) ([email protected] >>> >>> <https://mail.it4soho.com/src/compose.php?send_to=dan%40it4soho.com>@10.11.12.13) >>> by >>> mail.host.com with ESMTPA; 22 Oct 2014 00:10:45 -0000 >>> >>> And here are the headers for when the message comes back into my >>> server... >>> >>> *Received:*(qmail 13967 invoked by uid 89); 22 Oct 2014 00:11:03 >>> -0000 >>> *Received:*by simscan 1.4.0 ppid: 13952, pid: 13955, t: 3.6881s >>> scanners: attach: 1.4.0 clamav: 0.98.1/m:55/d:19525 spam: >>> 3.3.2 >>> *X-Spam-Checker-Version:*SpamAssassin 3.3.2 (2011-06-06) on >>> host.it4soho.com >>> *X-Spam-Level:**** >>> *X-Spam-Status:*No, score=3.3 required=5.0 >>> tests=AWL,BAYES_99,HTML_MESSAGE, >>> RDNS_NONE autolearn=no version=3.3.2 >>> *Received:*from unknown (HELO a-a-a.com) (1.2.3.4) >>> by mail.it4soho.com with SMTP; 22 Oct 2014 00:11:00 -0000 >>> >>> Note the conspicuous ABSENCE of the X-Spam-* entries that come from >>> SpamAssassin in the first collection... >>> >>> Now, when I look at the contents of the spamd log file, I see the same >>> types of entries I see in the main server that DOES put the headers >>> where they are expected. >>> >>> So I am next thinking there is an issue with SpamAssassin itself... but >>> I have ZERO experience with SA (I have so much else to do, I typically >>> turn it on and just let it go! Never debugged SA before!) :) >>> >>> Any help is appreciated.. >>> >>> Dan >>> IT4SOHO >> >> I'm real glad other have chimed in, because from what you've >> described, I don't really have a clue. >> >> The Received: by simscan line above shows that spamassassin isn't >> being used. Yet your simcontrol says that it should be. >> >> I think EricB may be on to something. Run cdb to activate the latest >> simcontrol file. >> >> Short of that, I'd like to see samples of your spamd log file, and >> the contents of your local.cf configuration file. Maybe something's >> defeating sa there. >> >> Who knows what you did to turn it off??? ;) >> The normal way would be to modify the simcontrol file, then run >> "qmailctl cdb". >> >> Let us know how you make out. >> Thanks. >> > > Agreed - the "normal" way would be the simcontrol file followed by a > CDB rebuild... but I checked that first... > > Per the OTHER Eric's request: > 1) spamd is in the /var/qmail/supervise folder and the run file > matches my "good" server > exec /usr/bin/spamd -x -u vpopmail -s stderr 2>&1 > 2) the contents of the simcontrol file have been posted already, but are: > :clam=yes,spam=yes,spam_hits=12,attach=.mp3:.src:.bat:.pif > 3) per Eric Shubert's request, contents of the spamd log file > > # qmlog spamd | tail > 10-22 09:29:09 Oct 22 09:29:09.397 [7613] info: spamd: connection > from localhost [127.0.0.1] at port 50523 > 10-22 09:29:09 Oct 22 09:29:09.401 [7613] info: spamd: processing > message <053A7D23649B4DB25B2DBE8718FFE98FE55CF97F@APPSERVER3> for > clamav:89 > 10-22 09:29:09 Oct 22 09:29:09.899 [7613] info: spamd: clean > message (1.3/5.0) for clamav:89 in 0.5 seconds, 8275 bytes. > 10-22 09:29:09 Oct 22 09:29:09.899 [7613] info: spamd: result: . 1 > - HTML_MESSAGE,RDNS_NONE > > scantime=0.5,size=8275,user=clamav,uid=89,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=50523,mid=<053A7D23649B4DB25B2DBE8718FFE98FE55CF97F@APPSERVER3>,autolearn=no > 10-22 09:29:09 Oct 22 09:29:09.933 [27470] info: prefork: child > states: II > 10-22 09:29:32 Oct 22 09:29:32.780 [7613] info: spamd: connection > from localhost [127.0.0.1] at port 50525 > 10-22 09:29:32 Oct 22 09:29:32.784 [7613] info: spamd: processing > message <[email protected]> for clamav:89 > 10-22 09:29:32 Oct 22 09:29:32.963 [7613] info: spamd: clean > message (1.2/5.0) for clamav:89 in 0.2 seconds, 9156 bytes. > 10-22 09:29:32 Oct 22 09:29:32.964 [7613] info: spamd: result: . 1 > - DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HTML_MESSAGE,RDNS_NONE > > scantime=0.2,size=9156,user=clamav,uid=89,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=50525,mid=<[email protected]>,autolearn=no > 10-22 09:29:32 Oct 22 09:29:32.999 [27470] info: prefork: child > states: II > > I'm learning more and more about simscan & spamassassin -- more than I > think I ever really wanted to know :) > > Thanks in advance for any help offered. > > Dan McAllister > IT4SOHO > > > > > -- > IT4SOHO, LLC > 33 - 4th Street N, Suite 211 > St. Petersburg, FL 33701-3806 > > CALL TOLL FREE: > 877-IT4SOHO > > 877-484-7646 Phone > 727-647-7646 Local > 727-490-4394 Fax > > We have support plans for QMail! > Dan,
Can you create an email--I did it my simply saving a draft--and then pipe it into 'spamc' manually to test 'spamd' and see if it adds the Spamassassin header? I piped the email in my drafts folder into spamc by doing the following: # cat 'email in drafts folder' | spamc And got all the headers. I also piped a simple text file with arbitrary content into 'spamc' and got all the Spamassassin headers. This might be an easier way of testing. Eric
