# [SOLVED!] spamassassin via amavisd-new not working

## bunder

edited title: squirrelmail?  wtf was i thinking.   :Laughing: 

hi there,

been working on setting up my mail server.  all seems to be working, except spamassassin.  my mail setup is such:

postfix -> amavisd-new -> clamav/spamassassin -> postfix -> courier-imap/squirrelmail

the mail goes through amavisd-new and gets delivered to the mailbox, but i never see the x-spam header information.

hopefully this can help...

```
www ~ # spamassassin --lint -D

[11151] dbg: logger: adding facilities: all

[11151] dbg: logger: logging level is DBG

[11151] dbg: generic: SpamAssassin version 3.1.3

[11151] dbg: config: score set 0 chosen.

[11151] dbg: util: running in taint mode? no

[11151] dbg: message: ---- MIME PARSER START ----

[11151] dbg: message: main message type: text/plain

[11151] dbg: message: parsing normal part

[11151] dbg: message: added part, type: text/plain

[11151] dbg: message: ---- MIME PARSER END ----

[11151] dbg: dns: is Net::DNS::Resolver available? yes

[11151] dbg: dns: Net::DNS version: 0.53

[11151] dbg: diag: perl platform: 5.008008 linux

[11151] dbg: diag: module installed: Digest::SHA1, version 2.11

[11151] dbg: diag: module installed: LWP::UserAgent, version 2.033

[11151] dbg: diag: module installed: HTTP::Date, version 1.46

[11151] dbg: diag: module installed: Archive::Tar, version 1.28

[11151] dbg: diag: module installed: IO::Zlib, version 1.04

[11151] dbg: diag: module installed: MIME::Base64, version 3.07

[11151] dbg: diag: module installed: HTML::Parser, version 3.48

[11151] dbg: diag: module installed: DB_File, version 1.814

[11151] dbg: diag: module installed: Net::DNS, version 0.53

[11151] dbg: diag: module installed: Net::SMTP, version 2.29

[11151] dbg: diag: module installed: Mail::SPF::Query, version 1.998

[11151] dbg: diag: module installed: IP::Country::Fast, version 309.002

[11151] dbg: diag: module not installed: Razor2::Client::Agent ('require' failed)

[11151] dbg: diag: module installed: Net::Ident, version 1.20

[11151] dbg: diag: module not installed: IO::Socket::INET6 ('require' failed)

[11151] dbg: diag: module installed: IO::Socket::SSL, version 0.97

[11151] dbg: diag: module installed: Time::HiRes, version 1.86

[11151] dbg: diag: module not installed: DBI ('require' failed)

[11151] dbg: diag: module installed: Getopt::Long, version 2.35

[11151] dbg: ignore: using a test message to lint rules

[11151] dbg: config: using "/etc/mail/spamassassin" for site rules pre files

[11151] dbg: config: read file /etc/mail/spamassassin/init.pre

[11151] dbg: config: read file /etc/mail/spamassassin/v310.pre

[11151] dbg: config: read file /etc/mail/spamassassin/v312.pre

[11151] dbg: config: using "/usr/share/spamassassin" for sys rules pre files

[11151] dbg: config: using "/usr/share/spamassassin" for default rules dir

[11151] dbg: config: read file /usr/share/spamassassin/10_misc.cf

[11151] dbg: config: read file /usr/share/spamassassin/11_gentoo.cf

[11151] dbg: config: read file /usr/share/spamassassin/20_advance_fee.cf

[11151] dbg: config: read file /usr/share/spamassassin/20_anti_ratware.cf

[11151] dbg: config: read file /usr/share/spamassassin/20_body_tests.cf

[11151] dbg: config: read file /usr/share/spamassassin/20_compensate.cf

[11151] dbg: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf

[11151] dbg: config: read file /usr/share/spamassassin/20_drugs.cf

[11151] dbg: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf

[11151] dbg: config: read file /usr/share/spamassassin/20_head_tests.cf

[11151] dbg: config: read file /usr/share/spamassassin/20_html_tests.cf

[11151] dbg: config: read file /usr/share/spamassassin/20_meta_tests.cf

[11151] dbg: config: read file /usr/share/spamassassin/20_net_tests.cf

[11151] dbg: config: read file /usr/share/spamassassin/20_phrases.cf

[11151] dbg: config: read file /usr/share/spamassassin/20_porn.cf

[11151] dbg: config: read file /usr/share/spamassassin/20_ratware.cf

[11151] dbg: config: read file /usr/share/spamassassin/20_uri_tests.cf

[11151] dbg: config: read file /usr/share/spamassassin/23_bayes.cf

[11151] dbg: config: read file /usr/share/spamassassin/25_accessdb.cf

[11151] dbg: config: read file /usr/share/spamassassin/25_antivirus.cf

[11151] dbg: config: read file /usr/share/spamassassin/25_body_tests_es.cf

[11151] dbg: config: read file /usr/share/spamassassin/25_body_tests_pl.cf

[11151] dbg: config: read file /usr/share/spamassassin/25_dcc.cf

[11151] dbg: config: read file /usr/share/spamassassin/25_dkim.cf

[11151] dbg: config: read file /usr/share/spamassassin/25_domainkeys.cf

[11151] dbg: config: read file /usr/share/spamassassin/25_hashcash.cf

[11151] dbg: config: read file /usr/share/spamassassin/25_pyzor.cf

[11151] dbg: config: read file /usr/share/spamassassin/25_razor2.cf

[11151] dbg: config: read file /usr/share/spamassassin/25_replace.cf

[11151] dbg: config: read file /usr/share/spamassassin/25_spf.cf

[11151] dbg: config: read file /usr/share/spamassassin/25_textcat.cf

[11151] dbg: config: read file /usr/share/spamassassin/25_uribl.cf

[11151] dbg: config: read file /usr/share/spamassassin/30_text_de.cf

[11151] dbg: config: read file /usr/share/spamassassin/30_text_fr.cf

[11151] dbg: config: read file /usr/share/spamassassin/30_text_it.cf

[11151] dbg: config: read file /usr/share/spamassassin/30_text_nl.cf

[11151] dbg: config: read file /usr/share/spamassassin/30_text_pl.cf

[11151] dbg: config: read file /usr/share/spamassassin/30_text_pt_br.cf

[11151] dbg: config: read file /usr/share/spamassassin/50_scores.cf

[11151] dbg: config: read file /usr/share/spamassassin/60_awl.cf

[11151] dbg: config: read file /usr/share/spamassassin/60_whitelist.cf

[11151] dbg: config: read file /usr/share/spamassassin/60_whitelist_dkim.cf

[11151] dbg: config: read file /usr/share/spamassassin/60_whitelist_spf.cf

[11151] dbg: config: read file /usr/share/spamassassin/60_whitelist_subject.cf

[11151] dbg: config: using "/etc/mail/spamassassin" for site rules dir

[11151] dbg: config: read file /etc/mail/spamassassin/local.cf

[11151] dbg: config: using "/root/.spamassassin" for user state dir

[11151] dbg: config: using "/root/.spamassassin/user_prefs" for user prefs file

[11151] dbg: config: read file /root/.spamassassin/user_prefs

[11151] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC

[11151] dbg: pyzor: network tests on, attempting Pyzor

[11151] dbg: plugin: registered Mail::SpamAssassin::Plugin::Pyzor=HASH(0x8e9d7a4)

[11151] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC

[11151] dbg: razor2: razor2 is not available

[11151] dbg: plugin: registered Mail::SpamAssassin::Plugin::Razor2=HASH(0x82f1c60)

[11151] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from @INC

[11151] dbg: reporter: network tests on, attempting SpamCop

[11151] dbg: plugin: registered Mail::SpamAssassin::Plugin::SpamCop=HASH(0x8ec3cd4)

[11151] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC

[11151] dbg: plugin: registered Mail::SpamAssassin::Plugin::AWL=HASH(0x8eda8ec)

[11151] dbg: plugin: loading Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC

[11151] dbg: plugin: registered Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x8ee230c)

[11151] dbg: plugin: loading Mail::SpamAssassin::Plugin::WhiteListSubject from @INC

[11151] dbg: plugin: registered Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x8ede2ac)

[11151] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader from @INC

[11151] dbg: plugin: registered Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x8edef3c)

[11151] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags from @INC

[11151] dbg: plugin: registered Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x8ef06cc)

[11151] dbg: config: adding redirector regex: /^http:\/\/chkpt\.zdnet\.com\/chkpt\/\w+\/(.*)$/i

[11151] dbg: config: adding redirector regex: /^http:\/\/www(?:\d+)?\.nate\.com\/r\/\w+\/(.*)$/i

[11151] dbg: config: adding redirector regex: /^http:\/\/.+\.gov\/(?:.*\/)?externalLink\.jhtml\?.*url=(.*?)(?:&.*)?$/i

[11151] dbg: config: adding redirector regex: /^http:\/\/redir\.internet\.com\/.+?\/.+?\/(.*)$/i

[11151] dbg: config: adding redirector regex: /^http:\/\/(?:.*?\.)?adtech\.de\/.*(?:;|\|)link=(.*?)(?:;|$)/i

[11151] dbg: config: adding redirector regex: m'^http.*?/redirect\.php\?.*(?<=[?&])goto=(.*?)(?:$|[&\#])'i

[11151] dbg: config: adding redirector regex: m'^https?:/*(?:[^/]+\.)?emf\d\.com/r\.cfm.*?&r=(.*)'i

[11151] dbg: config: adding redirector regex: m'/(?:index.php)?\?.*(?<=[?&])URL=(.*?)(?:$|[&\#])'i

[11151] dbg: config: adding redirector regex: m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/url\?.*?(?<=[?&])q=(.*?)(?:$|[&\#])'i

[11151] dbg: config: adding redirector regex: m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]*?(?<=%20|..[=+\s])site:(.*?)(?:$|%20|[\s+&\#])'i

[11151] dbg: config: adding redirector regex: m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]*?(?<=%20|..[=+\s])(?:"|%22)(.*?)(?:$|%22|["\s+&\#])'i

[11151] dbg: config: adding redirector regex: m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/translate\?.*?(?<=[?&])u=(.*?)(?:$|[&\#])'i

[11151] dbg: plugin: Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x8ef06cc) implements 'finish_parsing_end'

[11151] dbg: replacetags: replacing tags

[11151] dbg: replacetags: done replacing tags

[11151] dbg: config: using "/root/.spamassassin" for user state dir

[11151] dbg: bayes: no dbs present, cannot tie DB R/O: /root/.spamassassin/bayes_toks

[11151] dbg: config: score set 1 chosen.

[11151] dbg: message: ---- MIME PARSER START ----

[11151] dbg: message: main message type: text/plain

[11151] dbg: message: parsing normal part

[11151] dbg: message: added part, type: text/plain

[11151] dbg: message: ---- MIME PARSER END ----

[11151] dbg: bayes: no dbs present, cannot tie DB R/O: /root/.spamassassin/bayes_toks

[11151] dbg: dns: name server: 192.168.1.13, family: 2, ipv6: 0

[11151] dbg: dns: testing resolver nameservers: 192.168.1.13, 24.226.10.193

[11151] dbg: dns: trying (3) ebay.com...

[11151] dbg: dns: looking up NS for 'ebay.com'

[11151] dbg: dns: NS lookup of ebay.com using 192.168.1.13 succeeded => DNS available (set dns_available to override)

[11151] dbg: dns: is DNS available? 1

[11151] dbg: metadata: X-Spam-Relays-Trusted:

[11151] dbg: metadata: X-Spam-Relays-Untrusted:

[11151] dbg: metadata: X-Spam-Relays-Internal:

[11151] dbg: metadata: X-Spam-Relays-External:

[11151] dbg: message: no encoding detected

[11151] dbg: dns: checking RBL sbl-xbl.spamhaus.org., set sblxbl-lastexternal

[11151] dbg: dns: checking RBL sa-accredit.habeas.com., set habeas-firsttrusted

[11151] dbg: dns: checking RBL sbl-xbl.spamhaus.org., set sblxbl

[11151] dbg: dns: checking RBL sa-other.bondedsender.org., set bsp-untrusted

[11151] dbg: dns: checking RBL combined.njabl.org., set njabl-lastexternal

[11151] dbg: dns: checking RBL combined.njabl.org., set njabl

[11151] dbg: dns: checking RBL combined-HIB.dnsiplists.completewhois.com., set whois

[11151] dbg: dns: checking RBL list.dsbl.org., set dsbl-lastexternal

[11151] dbg: dns: checking RBL bl.spamcop.net., set spamcop

[11151] dbg: dns: checking RBL sa-trusted.bondedsender.org., set bsp-firsttrusted

[11151] dbg: dns: checking RBL combined-HIB.dnsiplists.completewhois.com., set whois-lastexternal

[11151] dbg: dns: checking RBL dnsbl.sorbs.net., set sorbs-lastexternal

[11151] dbg: dns: checking RBL dnsbl.sorbs.net., set sorbs

[11151] dbg: dns: checking RBL iadb.isipp.com., set iadb-firsttrusted

[11151] dbg: check: running tests for priority: 0

[11151] dbg: rules: running header regexp tests; score so far=0

[11151] dbg: rules: ran header rule __HAS_MSGID ======> got hit: "<"

[11151] dbg: rules: ran header rule __SANE_MSGID ======> got hit: "<1166782320@lint_rules>

[11151] dbg: rules: "

[11151] dbg: rules: ran header rule NO_REAL_NAME ======> got hit: "ignore@compiling.spamassassin.taint.org

[11151] dbg: rules: "

[11151] dbg: rules: ran header rule __MSGID_OK_HOST ======> got hit: "@lint_rules>"

[11151] dbg: rules: ran header rule __MSGID_OK_DIGITS ======> got hit: "1166782320"

[11151] dbg: eval: all '*From' addrs: ignore@compiling.spamassassin.taint.org

[11151] dbg: plugin: registering glue method for check_subject_in_blacklist (Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x8ede2ac))

[11151] dbg: eval: all '*To' addrs:

[11151] dbg: rules: ran eval rule NO_RELAYS ======> got hit

[11151] dbg: rules: ran eval rule __UNUSABLE_MSGID ======> got hit

[11151] dbg: plugin: registering glue method for check_subject_in_whitelist (Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x8ede2ac))

[11151] dbg: rules: ran eval rule MISSING_HEADERS ======> got hit

[11151] dbg: rules: running body-text per-line regexp tests; score so far=0.738

[11151] dbg: rules: ran body rule __NONEMPTY_BODY ======> got hit: "I"

[11151] dbg: uri: running uri tests; score so far=0.738

[11151] dbg: bayes: no dbs present, cannot tie DB R/O: /root/.spamassassin/bayes_toks

[11151] dbg: bayes: not scoring message, returning undef

[11151] dbg: bayes: opportunistic call attempt failed, DB not readable

[11151] dbg: rules: running raw-body-text per-line regexp tests; score so far=0.738

[11151] dbg: rules: running full-text regexp tests; score so far=0.738

[11151] dbg: plugin: registering glue method for check_razor2_range (Mail::SpamAssassin::Plugin::Razor2=HASH(0x82f1c60))

[11151] dbg: plugin: registering glue method for check_razor2 (Mail::SpamAssassin::Plugin::Razor2=HASH(0x82f1c60))

[11151] dbg: plugin: registering glue method for check_pyzor (Mail::SpamAssassin::Plugin::Pyzor=HASH(0x8e9d7a4))

[11151] dbg: util: current PATH is: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin:/usr/i686-pc-linux-gnu/gcc-bin/4.1.1:/usr/i686-pc-linux-gnu/gcc-bin/4.1.1

[11151] dbg: pyzor: pyzor is not available: no pyzor executable found

[11151] dbg: pyzor: no pyzor found, disabling Pyzor

[11151] dbg: check: running tests for priority: 500

[11151] dbg: rules: running meta tests; score so far=0.738

[11151] dbg: rules: running header regexp tests; score so far=2.216

[11151] dbg: rules: running body-text per-line regexp tests; score so far=2.216

[11151] dbg: uri: running uri tests; score so far=2.216

[11151] dbg: rules: running raw-body-text per-line regexp tests; score so far=2.216

[11151] dbg: rules: running full-text regexp tests; score so far=2.216

[11151] dbg: check: running tests for priority: 1000

[11151] dbg: rules: running meta tests; score so far=2.216

[11151] dbg: rules: running header regexp tests; score so far=2.216

[11151] dbg: plugin: registering glue method for check_from_in_auto_whitelist (Mail::SpamAssassin::Plugin::AWL=HASH(0x8eda8ec))

[11151] dbg: config: using "/root/.spamassassin" for user state dir

[11151] dbg: locker: safe_lock: created /root/.spamassassin/auto-whitelist.lock.www.internal.hamiltonshells.com.11151

[11151] dbg: locker: safe_lock: trying to get lock on /root/.spamassassin/auto-whitelist with 0 retries

[11151] dbg: locker: safe_lock: link to /root/.spamassassin/auto-whitelist.lock: link ok

[11151] dbg: auto-whitelist: tie-ing to DB file of type DB_File R/W in /root/.spamassassin/auto-whitelist

[11151] dbg: auto-whitelist: db-based ignore@compiling.spamassassin.taint.org|ip=none scores 0/0

[11151] dbg: auto-whitelist: AWL active, pre-score: 2.216, autolearn score: 2.216, mean: undef, IP: undef

[11151] dbg: auto-whitelist: DB addr list: untie-ing and unlocking

[11151] dbg: auto-whitelist: DB addr list: file locked, breaking lock

[11151] dbg: locker: safe_unlock: unlink /root/.spamassassin/auto-whitelist.lock

[11151] dbg: auto-whitelist: post auto-whitelist score: 2.216

[11151] dbg: rules: running body-text per-line regexp tests; score so far=2.216

[11151] dbg: uri: running uri tests; score so far=2.216

[11151] dbg: rules: running raw-body-text per-line regexp tests; score so far=2.216

[11151] dbg: rules: running full-text regexp tests; score so far=2.216

[11151] dbg: check: is spam? score=2.216 required=5

[11151] dbg: check: tests=MISSING_HEADERS,MISSING_SUBJECT,NO_REAL_NAME,NO_RECEIVED,NO_RELAYS,TO_CC_NONE

[11151] dbg: check: subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__NONEMPTY_BODY,__SANE_MSGID,__UNUSABLE_MSGID
```

i don't use razor nor ipv6, so i hopefully shouldn't have to resolve those errors.

any help would be appreciated, i can post conf files when i get home.

cheers, thanks in advance   :Smile: 

----------

## bunder

it seems i missed dbi...

```
[11151] dbg: diag: module not installed: DBI ('require' failed)
```

however this doesn't fix anything, or make a visible change in the --lint.

----------

## elgato319

i see two things:

 *Quote:*   

> 
> 
> [11151] dbg: bayes: no dbs present, cannot tie DB R/O: /root/.spamassassin/bayes_toks
> 
> [11151] dbg: bayes: not scoring message, returning undef
> ...

 

can you check that amavis can write here?

 *Quote:*   

> 
> 
> [11151] dbg: rules: running full-text regexp tests; score so far=2.216
> 
> [11151] dbg: check: is spam? score=2.216 required=5 
> ...

 

There are no headers because the spam score you get isn´t high enough

----------

## bunder

 *elgato319 wrote:*   

> i see two things:
> 
>  *Quote:*   
> 
> [11151] dbg: bayes: no dbs present, cannot tie DB R/O: /root/.spamassassin/bayes_toks
> ...

 

why would i want it to write to root's home directory?   :Laughing: 

i don't remember setting a directory for the bayes database.

 *Quote:*   

> 
> 
>  *Quote:*   
> 
> [11151] dbg: rules: running full-text regexp tests; score so far=2.216
> ...

 

so i take it that this isn't working?

```
$sa_tag_level_deflt  = -100.0; # add spam info headers if at, or above that level;

                            # undef is interpreted as lower than any spam level

```

----------

## elgato319

could you post

/etc/spamassassin/local.cf

and

amavisd.conf

if those aren´t too big.

----------

## dashnu

 *bunder wrote:*   

>  *elgato319 wrote:*   i see two things:
> 
>  *Quote:*   
> 
> [11151] dbg: bayes: no dbs present, cannot tie DB R/O: /root/.spamassassin/bayes_toks
> ...

 

What ever user runs the amavis daemon does all spamassassin related things.

Set up a directory in amavis.conf

$MYHOME = '/var/spool/amavis';

that is where i store all my bayes and spamassassin files.

$daemon_user = 'vscan';

$daemon_group = 'vscan';

this is my user/group they have full access to $MYHOME

add this to see spam headers on all email

$sa_tag_level_deflt  = -999; # add spam info headers if at, or above that level

I switched over to my vscan user to setup spamassassin & bayes.. You need to do a few spamassassin things to make it work also.

It has been a long time since I ran this on Gentoo but there are a few ideas for you anyways...

----------

## bunder

 *elgato319 wrote:*   

> could you post
> 
> /etc/spamassassin/local.cf
> 
> and
> ...

 

```
www ~ # perl -ne 'print if /^\s*[^#\s]/' < /etc/amavisd.conf

use strict;

$MYHOME = '/var/amavis';   # (default is '/var/amavis')

$mydomain = 'internal.hs.com';      # (no useful default)

$myhostname = 'mail.internal.hs.com';  # fqdn of this host, default by uname(3)

$daemon_user  = 'amavis';   # (no default;  customary: vscan or amavis)

$daemon_group = 'amavis';   # (no default;  customary: vscan or amavis or sweep)

$TEMPBASE = "$MYHOME/tmp";     # prefer to keep home dir /var/amavis clean?

$ENV{TMPDIR} = $TEMPBASE;       # wise to set TMPDIR, but not obligatory

$enable_db = 1;              # enable use of BerkeleyDB/libdb (SNMP and nanny)

$enable_global_cache = 1;    # enable use of libdb-based cache if $enable_db=1

$max_servers  =  4;   # number of pre-forked children          (default 2)

$max_requests = 20;   # retire a child after that many accepts (default 10)

$child_timeout=5*60;  # abort child if it does not complete its processing in

$smtpd_timeout = 120; # disconnect session if client is idle for too long

@local_domains_maps = ( [".$mydomain"] );  # $mydomain and its subdomains

$unix_socketname = "$MYHOME/amavisd.sock"; # amavis helper protocol socket

$inet_socket_port = 10024;        # accept SMTP on this local TCP port

$inet_socket_bind = '127.0.0.1'; # limit socket bind to loopback interface

@inet_acl = qw(127.0.0.1 [::1]);  # allow SMTP access only from localhost IP

$DO_SYSLOG = 1;                   # (defaults to 0)

$syslog_ident = 'amavis';     # Syslog ident string (defaults to 'amavis')

$syslog_facility = 'mail';    # Syslog facility as a string

$syslog_priority = 'debug';   # Syslog base (minimal) priority as a string,

$LOGFILE = "$MYHOME/amavis.log";  # (defaults to empty, no log)

$log_level = 2;           # (defaults to 0)

$log_recip_templ = undef;  # undef disables by-recipient level-0 log entries

%final_destiny_by_ccat = (

  CC_VIRUS,      D_DISCARD,

  CC_BANNED,     D_BOUNCE,

  CC_UNCHECKED,  D_PASS,

  CC_SPAM,       D_DISCARD,

  CC_BADH,       D_PASS,

  CC_OVERSIZED,  D_BOUNCE,

  CC_CLEAN,      D_PASS,

  CC_CATCHALL,   D_PASS,

);

@viruses_that_fake_sender_maps = (new_RE(

  qr'nimda|hybris|klez|bugbear|yaha|braid|sobig|fizzer|palyh|peido|holar'i,

  qr'tanatos|lentin|bridex|mimail|trojan\.dropper|dumaru|parite|spaces'i,

  qr'dloader|galil|gibe|swen|netwatch|bics|sbrowse|sober|rox|val(hal)?la'i,

  qr'frethem|sircam|be?agle|tanx|mydoom|novarg|shimg|netsky|somefool|moodown'i,

  qr'@mm|@MM',    # mass mailing viruses as labeled by f-prot and uvscan

  qr'Worm'i,      # worms as labeled by ClamAV, Kaspersky, etc

  [qr/^/ => 1],   # true by default  (remove or comment-out if undesired)

));

$virus_admin = "virusalert\@$mydomain";

$mailfrom_notify_admin     = "virusalert\@$mydomain";

$mailfrom_notify_recip     = "virusalert\@$mydomain";

$mailfrom_notify_spamadmin = "spam.police\@$mydomain";

$mailfrom_to_quarantine = '';   # override sender address with null return path

$QUARANTINEDIR = "$MYHOME/quarantine";

$virus_quarantine_to  = 'virus-quarantine';    # traditional local quarantine

$banned_quarantine_to     = 'banned-quarantine';     # local quarantine

$bad_header_quarantine_to = 'bad-header-quarantine'; # local quarantine

$spam_quarantine_to = "spamalert\@$mydomain";

$X_HEADER_TAG = 'X-Virus-Scanned';      # (default: 'X-Virus-Scanned')

$undecipherable_subject_tag = '***UNCHECKED*** ';  # undef disables it

$defang_virus  = 1;  # default is false: don't modify mail body

$defang_banned = 1;  # default is false: don't modify mail body

$remove_existing_x_scanned_headers = 0; # leave existing X-Virus-Scanned alone

$remove_existing_spam_headers  = 1;     # remove existing spam headers if

@keep_decoded_original_maps = (new_RE(

  qr'^MAIL-UNDECIPHERABLE$',  # retain full mail if it contains undecipherables

  qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i,

));

$banned_filename_re = new_RE(

  qr'\.[^./]*[A-Za-z][^./]*\.(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)\.?$'i,

  qr'^application/x-msdownload$'i,                  # block these MIME types

  qr'^application/x-msdos-program$'i,

  qr'^application/hta$'i,

  [ qr'^\.(rpm|cpio|tar)$'       => 0 ],  # allow any in Unix-type archives

  qr'.\.(exe|vbs|pif|scr|bat|cmd|com|cpl)$'i, # banned extension - basic

  qr'^\.(exe-ms)$',                       # banned file(1) types

);

$banned_namepath_re = new_RE(

  qr'(?#NO X-MSDOWNLOAD)   ^(.*\t)? M=application/x-msdownload   (\t.*)? $'xmi,

  qr'(?#NO X-MSDOS-PROGRAM)^(.*\t)? M=application/x-msdos-program(\t.*)? $'xmi,

  qr'(?#NO HTA)            ^(.*\t)? M=application/hta            (\t.*)? $'xmi,

  [ qr'(?#rule-4) ^ (.*\t)? T=(tar|rpm|cpio) (\t.*)? $'xmi => 0 ],  # allow

  qr'(?# BLOCK DOUBLE-EXTENSIONS )

     ^ (.*\t)? N= [^\t\n]* \. [^./\t\n]* [A-Za-z] [^./\t\n]* \.

                  (exe|vbs|pif|scr|bat|cmd|com|cpl|dll) \.? (\t.*)? $'xmi,

  qr'(?# BLOCK COMMON NAME EXENSIONS )

     ^ (.*\t)? N= [^\t\n]* \. (exe|vbs|pif|scr|bat|com|cpl) (\t.*)? $'xmi,

  [ qr'(?# BLOCK EMPTY MIME PART APPLICATION/OCTET-STREAM )

       ^ (.*\t)? M=application/octet-stream \t(.*\t)* T=empty (\t.*)? $'xmi

    => 'DISCARD' ],

  qr'(?# BLOCK Microsoft EXECUTABLES )

     ^ (.*\t)? T=exe-ms (\t.*)? $'xm,              # banned file(1) type

);

  $banned_namepath_re = undef;  # to disable new-style

%banned_rules = (

  'MYNETS-DEFAULT' => new_RE(   # permissive set of rules for internal hosts

    [ qr'^\.(rpm|cpio|tar)$' => 0 ],  # allow any name/type in Unix archives

    qr'.\.(vbs|pif|scr)$'i,     # banned extension - rudimentary

  ),

  'DEFAULT' => $banned_filename_re,

);

$sql_select_white_black_list = undef;  # undef disables SQL white/blacklisting

$localpart_is_case_sensitive = 0;       # (default is false)

@score_sender_maps = ({  # a by-recipient hash lookup table

  '.' => [  # the _first_ matching sender determines the score boost

   new_RE(  # regexp-type lookup table, just happens to be all soft-blacklist

    [qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@'i         => 5.0],

    [qr'^(greatcasino|investments|lose_weight_today|market\.alert)@'i=> 5.0],

    [qr'^(money2you|MyGreenCard|new\.tld\.registry|opt-out|opt-in)@'i=> 5.0],

    [qr'^(optin|saveonlsmoking2002k|specialoffer|specialoffers)@'i   => 5.0],

    [qr'^(stockalert|stopsnoring|wantsome|workathome|yesitsfree)@'i  => 5.0],

    [qr'^(your_friend|greatoffers)@'i                                => 5.0],

    [qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i                    => 5.0],

   ),

   { # a hash-type lookup table (associative array)

     'nobody@cert.org'                        => -3.0,

     'cert-advisory@us-cert.gov'              => -3.0,

     'owner-alert@iss.net'                    => -3.0,

     'slashdot@slashdot.org'                  => -3.0,

     'bugtraq@securityfocus.com'              => -3.0,

     'ntbugtraq@listserv.ntbugtraq.com'       => -3.0,

     'security-alerts@linuxsecurity.com'      => -3.0,

     'mailman-announce-admin@python.org'      => -3.0,

     'amavis-user-admin@lists.sourceforge.net'=> -3.0,

     'spamassassin.apache.org'                => -3.0,

     'notification-return@lists.sophos.com'   => -3.0,

     'owner-postfix-users@postfix.org'        => -3.0,

     'owner-postfix-announce@postfix.org'     => -3.0,

     'owner-sendmail-announce@lists.sendmail.org'   => -3.0,

     'sendmail-announce-request@lists.sendmail.org' => -3.0,

     'donotreply@sendmail.org'                => -3.0,

     'ca+envelope@sendmail.org'               => -3.0,

     'noreply@freshmeat.net'                  => -3.0,

     'owner-technews@postel.acm.org'          => -3.0,

     'ietf-123-owner@loki.ietf.org'           => -3.0,

     'cvs-commits-list-admin@gnome.org'       => -3.0,

     'rt-users-admin@lists.fsck.com'          => -3.0,

     'clp-request@comp.nus.edu.sg'            => -3.0,

     'surveys-errors@lists.nua.ie'            => -3.0,

     'emailnews@genomeweb.com'                => -5.0,

     'yahoo-dev-null@yahoo-inc.com'           => -3.0,

     'returns.groups.yahoo.com'               => -3.0,

     'clusternews@linuxnetworx.com'           => -3.0,

     lc('lvs-users-admin@LinuxVirtualServer.org')    => -3.0,

     lc('owner-textbreakingnews@CNNIMAIL12.CNN.COM') => -5.0,

     'sender@example.net'                     =>  3.0,

     '.example.net'                           =>  1.0,

   },

  ],  # end of site-wide tables

});

@blacklist_sender_maps = ( new_RE(

    qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou|greatcasino)@'i,

    qr'^(investments|lose_weight_today|market\.alert|money2you|MyGreenCard)@'i,

    qr'^(new\.tld\.registry|opt-out|opt-in|optin|saveonlsmoking2002k)@'i,

    qr'^(specialoffer|specialoffers|stockalert|stopsnoring|wantsome)@'i,

    qr'^(workathome|yesitsfree|your_friend|greatoffers)@'i,

    qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i,

));

$MAXLEVELS = 14;                # (default is undef, no limit)

$MAXFILES = 1500;               # (default is undef, no limit)

$MIN_EXPANSION_QUOTA =      100*1024;  # bytes  (default undef, not enforced)

$MAX_EXPANSION_QUOTA = 300*1024*1024;  # bytes  (default undef, not enforced)

$MIN_EXPANSION_FACTOR =   5;  # times original mail size  (default is 5)

$MAX_EXPANSION_FACTOR = 500;  # times original mail size  (default is 500)

$virus_check_negative_ttl=  3*60; # time to remember that mail was not infected

$virus_check_positive_ttl= 30*60; # time to remember that mail was infected

$spam_check_negative_ttl = 30*60; # time to remember that mail was not spam

$spam_check_positive_ttl = 30*60; # time to remember that mail was spam

$path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin:/opt/bin';

$file   = 'file';   # file(1) utility; use 3.41 or later to avoid vulnerability

$dspam  = 'dspam';

@decoders = (

  ['mail', \&do_mime_decode],

  ['asc',  \&do_ascii],

  ['uue',  \&do_ascii],

  ['hqx',  \&do_ascii],

  ['ync',  \&do_ascii],

  ['F',    \&do_uncompress, ['unfreeze','freeze -d','melt','fcat'] ],

  ['Z',    \&do_uncompress, ['uncompress','gzip -d','zcat'] ],

  ['gz',   \&do_gunzip],

  ['gz',   \&do_uncompress,  'gzip -d'],

  ['bz2',  \&do_uncompress,  'bzip2 -d'],

  ['lzo',  \&do_uncompress,  'lzop -d'],

  ['rpm',  \&do_uncompress, ['rpm2cpio.pl','rpm2cpio'] ],

  ['cpio', \&do_pax_cpio,   ['pax','gcpio','cpio'] ],

  ['tar',  \&do_pax_cpio,   ['pax','gcpio','cpio'] ],

  ['tar',  \&do_tar],

  ['deb',  \&do_ar,          'ar'],

  ['zip',  \&do_unzip],

  ['rar',  \&do_unrar,      ['rar','unrar'] ],

  ['arj',  \&do_unarj,      ['arj','unarj'] ],

  ['arc',  \&do_arc,        ['nomarch','arc'] ],

  ['zoo',  \&do_zoo,         'zoo'],

  ['lha',  \&do_lha,         'lha'],

  ['cab',  \&do_cabextract,  'cabextract'],

  ['tnef', \&do_tnef_ext,    'tnef'],

  ['tnef', \&do_tnef],

  ['exe',  \&do_executable, ['rar','unrar'], 'lha', ['arj','unarj'] ],

);

$sa_local_tests_only = 0;   # only tests which do not require internet access?

$sa_mail_body_size_limit = 200*1024; # don't waste time on SA if mail is larger

$sa_tag_level_deflt  = -100.0; # add spam info headers if at, or above that level;

$sa_tag2_level_deflt = 5.0; # add 'spam detected' headers at that level to

$sa_kill_level_deflt = $sa_tag2_level_deflt; # triggers spam evasive actions

$sa_dsn_cutoff_level = 9;   # spam level beyond which a DSN is not sent,

$sa_spam_subject_tag = '***SPAM*** ';   # (defaults to undef, disabled)

$sa_spam_modifies_subj = 1; # in @spam_modifies_subj_maps, default is true

$sa_spam_level_char = '*';  # char for X-Spam-Level bar, defaults to '*';

$sa_spam_report_header = 1; # insert X-Spam-Report header field? default false

@av_scanners = (

 ['ClamAV-clamd',

   \&ask_daemon, ["CONTSCAN {}\n", "/var/amavis/clamd"],

   qr/\bOK$/, qr/\bFOUND$/,

   qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],

);

@av_scanners_backup = (

  ['ClamAV-clamscan', 'clamscan',

    "--stdout --disable-summary -r --tempdir=$TEMPBASE {}",

    [0], qr/:.*\sFOUND$/, qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],

);

   forward_method => 'smtp:[127.0.0.1]:10025',

   notify_method  => $forward_method,

1;  # insure a defined return

```

it seems that my spamassassin local.cf is all commented... but i read somewhere that it reads its stuff from amavisd.conf and ignores its own local.cf.  

thanks for your continued help

----------

## elgato319

if you set:

 *Quote:*   

> 
> 
> $sa_tag_level_deflt  = 1.0;
> 
> $sa_tag2_level_deflt = 2.0;
> ...

 

will the mail you send before get tagged und inserted a header?

 *Quote:*   

> 
> 
> [11151] dbg: check: is spam? score=2.216
> 
> 

 

2.2 isn´t really alot for a spam mail, you got some "real" spam mail to test your config?

----------

## bunder

tried setting sa_tag_level_deflt and tag2 to those numbers and i don't see a change.

----------

## elgato319

hmm ok lets see if we apply a high spam score a mail gets x-spam headers

local.cf

 *Quote:*   

> 
> 
> header TEST           Subject =~ /SPAM/
> 
> score TEST            50
> ...

 

send an email, subject "SPAM"

turn on debugging, this mail should be detected as spam

----------

## bunder

```
X-Spam-Flag: YES

X-Spam-Score: 25.63

X-Spam-Level: *************************

X-Spam-Status: Yes, score=25.63 tag=-999 tag2=5 kill=5 tests=[AWL=-25.000,

     HTML_MESSAGE=0.001, HTML_SHORT_LENGTH=0.629, TEST=50]

X-Spam-Report:

     * 50 TEST TEST

     * 0.6 HTML_SHORT_LENGTH BODY: HTML is extremely short

     * 0.0 HTML_MESSAGE BODY: HTML included in message

     * -25 AWL AWL: From: address is in the auto white-list
```

that doesn't seem right...   :Confused: 

----------

## elgato319

well at least the points giving are correct

 *Quote:*   

> 
> 
> score=25.63 tag=-999 tag2=5 kill=5
> 
> 

 

you scored 25.63

the mails will be tagged with at least -999 (maybe negative values don´t work?)

tag2 at score level >5 (detailed information about the points given)

and killed at >5 (should be at least >10 imho)

----------

## bunder

 *elgato319 wrote:*   

> well at least the points giving are correct
> 
>  *Quote:*   
> 
> score=25.63 tag=-999 tag2=5 kill=5
> ...

 

yes, but why is it marked with AWL -25?

----------

## elgato319

AWL = Auto-Whitelist

if some address gets checks often and recieves no/low spam score it will go into the auto whitelist

you can disable this in amavid.conf

----------

## bunder

yep.  i actually had to turn it off in /etc/spamassassin/v310.pre.  

thanks for that one, but the darn thing doesn't want to tag mail.  i have it set to -999, what else could it want?   :Laughing: 

i even tried adding the add_header stuff to /etc/spamassassin/local.cf   :Confused: 

----------

## elgato319

what happens if you set it to 1.0?

maybe negative numbers won´t work

----------

## bunder

 *elgato319 wrote:*   

> what happens if you set it to 1.0?
> 
> maybe negative numbers won´t work

 

nope.   :Crying or Very sad: 

i even tried undef.

----------

## bunder

i hate to be a pest, but bump.   :Razz: 

----------

## magic919

Setting

```

$sa_tag_level_deflt = -999

```

will make it insert headers for all mail amavisd considers local.  If you are getting no headers then it could be amavisd has the wrong idea about your local domain and the emails don't end up matching it.

----------

## bunder

 *magic919 wrote:*   

> Setting
> 
> ```
> 
> $sa_tag_level_deflt = -999
> ...

 

i already did that.

 *magic919 wrote:*   

> If you are getting no headers then it could be amavisd has the wrong idea about your local domain and the emails don't end up matching it.

 

i'll look into that when i get a chance, probably tomorrow or late tonight.

cheers

----------

## bunder

 *bunder wrote:*   

> 
> 
>  *magic919 wrote:*   If you are getting no headers then it could be amavisd has the wrong idea about your local domain and the emails don't end up matching it. 
> 
> i'll look into that when i get a chance, probably tomorrow or late tonight.
> ...

 

woooooooooooooooooooooooooooooooooooohooooooooooooooooooooooooooooooooooooooooooooooo!  sweetness.   :Laughing: 

----------

