From: "Jeff Portwine" <[EMAIL PROTECTED]>
Hello... I am a complete newbie with Spamassassin, so I hope you will all bear with me.
The job of fixing our spam filter has fallen on me, as the person who used to handle
everything relating to our mail server recently left my company.
We're running spamassassin 3.0.2 with perl 5.8.4, and exim 3.35 on Debian.
In the last 3 weeks or so , we have started receiving a ton of spam, especially a lot of
pharmeceutical adds and some other random nonsense. However, Spamassassin isn't
completely broken.. it is actually catching some spam but it's letting a lot go. When I
look at the headers in the spam, I see SA is assigning rediculously low scores to the ones
that are getting through but normal scores to the ones it's stopping. Some of the spam
that is getting through is actually receving negative scores, which as I understand it
shouldn't even be possible unless the spam is whitelisted somehow.
Here are the SA related headers for a couple of spams that are getting through:
X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at veritime.com
X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on mail2
<<jdow>> establishes what is running as 3.0.2. This hints at several
issues. <see below>
X-Spam-Level: *
X-Spam-Status: No, score=1.8 required=4.9 tests=BAYES_50,HTML_80_90,
HTML_MESSAGE,PORN_URL_SEX,RAZOR2_CF_RANGE_51_100,RAZOR2_CHECK,
UPPERCASE_25_50 autolearn=no version=3.0.2
X-Spam-Veritime: Valid
X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at veritime.com
X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on mail2
X-Spam-Level:
X-Spam-Status: No, score=-2.6 required=4.9 tests=BAYES_00 autolearn=ham
version=3.0.2
X-Spam-Veritime: Valid
As opposed to this one which is a spam message that SA caught:
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on mail2
X-Spam-Level: *************
X-Spam-Status: Yes, score=13.2 required=4.9 tests=BAYES_99,DIGEST_MULTIPLE,
DRUGS_ERECTILE,DRUG_DOSAGE,DRUG_ED_CAPS,HELO_DYNAMIC_IPADDR,
HTML_FONT_BIG,HTML_FONT_SIZE_LARGE,HTML_MESSAGE,HTML_SHOUTING5,
INVALID_DATE,PYZOR_CHECK,RAZOR2_CF_RANGE_51_100,RAZOR2_CHECK,
UPPERCASE_25_50 autolearn=spam version=3.0.2
X-Spam-Veritime: Valid
X-Spam-Veritime-Spam: True
The first thing I did when I was looking at this was to run spamassassin -lint to see if
it was parsing the configuration file properly and it gave me:
config: SpamAssassin failed to parse line, skipping: use_terse_report 0
config: SpamAssassin failed to parse line, skipping: auto_learn 1
lint: 2 issues detected. please rerun with debug enabled for more information.
When I looked these up, I found that they were deprecated options from version 2.6x. At
some point SA must have been updated with a apt-get update or
<<jdow>> apt-get screwed you. <see below>
something and the configuration file was not updated along with it. I'm not sure if
this is the cause of the problem though, since it appears that SA was updated about a year
ago and we've only been having problems with spam for the last few weeks.
At this point i'm considering just wiping out spamassassin and reinstalling it fresh and
having it relearn all of the spam that we have been saving for a while but it seems there
must be a better solution.
<<jdow>> Don't wipe out SA, necessarily. It's not time to do that yet.
But it is time to update to 3.0.5, at least. 3.0.2 has a DoS vulnerability.
That said you also need to clear the Bayes databases, simply remove all
the "bayes_*" files. In most installs that use per user Bayes and rules
that's the $HOME/.spamassassin/bayes_* files for each user on the system.
What happened is that to move from 2.64 to 3.x the Bayes database needs
to be upgraded. There is a process that needs to be followed to make this
work correctly. It was apparently not followed. So now the Bayes database
is hopelessly messed up, I suspect. A start for it is the easiest solution.
You also probably want to update your SARE rules, if any. They are different
for 2.x and 3.x.
{^_^}
