Brian Kendig

Q: Where do I configure spamassassin in Mountain Lion Server?

Where, in Mountain Lion Server, can I configure SpamAssassin?

 

I've tried modifying /Library/Server/Mail/Config/spamassassin/local.cf, but the changes I made there don't have any effect.

Mac mini, Mac OS X (10.7)

Posted on Aug 5, 2012 8:51 PM

Close

Q: Where do I configure spamassassin in Mountain Lion Server?

  • All replies
  • Helpful answers

first Previous Page 3 of 5 last Next
  • by scottl31,

    scottl31 scottl31 Jun 1, 2014 10:27 AM in response to Buckiejoe
    Level 1 (13 points)
    Servers Enterprise
    Jun 1, 2014 10:27 AM in response to Buckiejoe

    Thanks for your patience and your help as as it seems these two items are related.

     

    1. So I found the two lines, but they aren't looking in "/etc/mail/spamassassin/local.cf" like you said. Here they are, should they be changed? If so, how?:

     

    Jun  1 09:10:13.045 [49258] dbg: config: using "/Library/Server/Mail/Config/spamassassin" for site rules dir

    Jun  1 09:10:13.045 [49258] dbg: config: read file /Library/Server/Mail/Config/spamassassin/local.cf

     

    2. I have already created the junkmail account and was feeding it via POP. After weeks of doing so, there seemed to be no difference in the spam. So I made an IMAP account in apple mail and found it a lot easier to feed messages to. But still no letup in the spam, and never any messages marked ***Junk***. In both cases the messages were gone from the account the next day. This is why I thought I needed to have junkmail inside the quotes in "mail:imap:junk_mail_userid = """

     

    Although it "seems" to be working, my boss still gets about 400 spams a day. I just thought it wasn't working because of your info above that it may be the wrong path we are using.

     

    Thanks again for your help,

    Scott

  • by Matt Domenici,

    Matt Domenici Matt Domenici Jun 1, 2014 10:43 AM in response to scottl31
    Level 1 (119 points)
    Jun 1, 2014 10:43 AM in response to scottl31

    It may be easier to install spamtrainer as it will help you not only with the configuration but provides numerous features not included in Apple's standard scripts.  It also has an optional nightly report from when it runs.

  • by scottl31,

    scottl31 scottl31 Jun 1, 2014 10:56 AM in response to Matt Domenici
    Level 1 (13 points)
    Servers Enterprise
    Jun 1, 2014 10:56 AM in response to Matt Domenici

    I thought I was getting close here.

     

    I have installed spamtrainer, but am embarrassed to say I haven't yet figured out how to use it.

  • by Matt Domenici,

    Matt Domenici Matt Domenici Jun 1, 2014 11:28 AM in response to scottl31
    Level 1 (119 points)
    Jun 1, 2014 11:28 AM in response to scottl31

    Did you try reading the documentation?  Try sudo spamtrainer help

  • by Buckiejoe,

    Buckiejoe Buckiejoe Jun 1, 2014 12:03 PM in response to scottl31
    Level 1 (10 points)
    Jun 1, 2014 12:03 PM in response to scottl31

    If messages are gone from junkmail's inbox folder then filter is being trained. It takes a while before spamassassin's database fills up and actually starts acting on spam. It doesn't work right away because it has too little data. You also need to create "notjunkmail" user and copy non-spam emails to it so that the filter knows what is NOT spam for you. That is equally very important. It works the same way as junkmail.

     

    Check that you have "blacklist filtering" enabled in serveradmin's mail section. It should point to zen.spamhaus.org. Check the "minimum score for junk mail", it may be set too high, but don't change it just yet.

     

    There are two things to try to check if filtering is actually working properly.

    First, check the headers of your incoming email (especiall spam). You must see a line similar to

    X-Spam-Status: No, score=5.226 tagged_above=1 required=5.8 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.513, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, SUBJ_ALL_CAPS=1.506, T_DKIM_INVALID=0.01, URIBL_DBL_SPAM=1.7, URIBL_RED=0.001, URIBL_SBL=1.623]

     

    Look if you have BAYES_xx in there. If you don't have it at all, it may indicate that spamassassin isn't working properly.

    So, second, save one of your spam messages as 'source', put it on the server somewhere and try feeding it to spamassassin:

     

    sudo cat spammessage.eml | spamassassin -D

     

    You will see the usual debug output and in the end the message itself with X-Spam-Status line added somewhere. Check to see what BAYES_ value your mail message has there. If there isn't one, study the output to see if there are any problems with bayes database. Specifically you should see lines very similar to

     

    dbg: bayes: tie-ing to DB file R/O /Library/Server/Mail/Data/scanner/amavis/.spamassassin/bayes_toks

    dbg: bayes: tie-ing to DB file R/O /Library/Server/Mail/Data/scanner/amavis/.spamassassin/bayes_seen

    dbg: bayes: found bayes db version 3

    dbg: bayes: DB journal sync: last sync: 1401648815

     

    If there are errors, you will see those there.

     

    Your /Library/Server/Mail/Config/spamassassin/local.cf file location is perfectly fine. No need to change anything. It means if you ever wish to change spamassassin settings, you would edit that file and not any other local.cf anywhere else on the system.

     

    I wouldn't recommend spamtrainer personally as stock server functionality works just fine.

     

    If you do indeed have X-Spam-Status and BAYES in every email you get, then look carefully at the score. Your message gets a certain spam score that doesn't exceed the threshold marked as "required=xx". You need to understand why that happens.

  • by scottl31,

    scottl31 scottl31 Jun 1, 2014 12:05 PM in response to Matt Domenici
    Level 1 (13 points)
    Servers Enterprise
    Jun 1, 2014 12:05 PM in response to Matt Domenici

    The help just shows a list of things like:

     

    -d to delete read/learned mailboxes

     

    but no info on how to actually use it.

     

    Anyway, when I ran what you said above, I got the following repeated for about a minute:

     

    bayes: cannot open bayes databases /Library/Server/Mail/Data/scanner/amavis/.spamassassin/bayes_* R/O: tie failed: Permission denied

    bayes: cannot open bayes databases /Library/Server/Mail/Data/scanner/amavis/.spamassassin/bayes_* R/O: tie failed: Permission denied

    bayes: cannot open bayes databases /Library/Server/Mail/Data/scanner/amavis/.spamassassin/bayes_* R/W: tie failed: Permission denied

    ERROR: the Bayes learn function returned an error, please re-run with -D for more information at /Applications/Server.app/Contents/ServerRoot/usr/bin/sa-learn line 493.

     

    Then at the end:

    Learned new SPAM (junk mail)

    Learning HAM...

    Learned new HAM (not junk mail)

    Syncing SpamAssassin Database

    bayes: cannot open bayes databases /Library/Server/Mail/Data/scanner/amavis/.spamassassin/bayes_* R/O: tie failed: Permission denied

    bayes: cannot open bayes databases /Library/Server/Mail/Data/scanner/amavis/.spamassassin/bayes_* R/W: tie failed: Permission denied

    Displaying SpamAssassin Database Stats

    bayes: cannot open bayes databases /Library/Server/Mail/Data/scanner/amavis/.spamassassin/bayes_* R/O: tie failed: Permission denied

    bayes: cannot open bayes databases /Library/Server/Mail/Data/scanner/amavis/.spamassassin/bayes_* R/O: tie failed: Permission denied

    ERROR: Bayes dump returned an error, please re-run with -D for more information

    Done!

    Output produced by spamtrainer Version 2.0.0

     

    Then based on that last ine I tried:

     

    sudo spamtrainer -D

     

    Then I got:

    /usr/sbin/spamtrainer: illegal option -- D

    Junk Mail Training Script for OS X 10.9, 10.8

     

    usage: [ -p mailpartition] [ -j junk_mailbox] [ -n notjunk_mailbox] [ -b filename] [ -r filename] [ -s path_to_sa-learn] [ -d ] [ -x number_of_days] [ -l] [ -c]

    -p to specify a mail partition or store other than default

    -d to delete read/learned mailboxes

    -x to specify how old mail must be to be deleted

    -j to specify the name of the mailbox containing junk

    -n to specify the name of the mailbox containing good mail

    -b to backup spamassassin bayes database to file

    -r to restore spamassassin bayes database from file

    -s to specify the path to the sa-learn program

    -c to clean/purge the SpamAssassin database

    -l to log bayes stats into /var/log/spamtrainer.log

    -i to install/check the automatic startup item

    -v to display the version of this script

    -t to to use shared/top level folders instead of a user mailbox

    -h to display this help message

     

     

    So, I know I've got something broken in both the default and the spamtrainer usages.

  • by Buckiejoe,

    Buckiejoe Buckiejoe Jun 1, 2014 12:09 PM in response to scottl31
    Level 1 (10 points)
    Jun 1, 2014 12:09 PM in response to scottl31

    Yep. That's a known problem. Was this an upgrade from an older version of Server?

    Anyhow, to fix this (albeit, temporarily) you need to issue the following commands:

     

    sudo chown -R amavisd:amavisd /Library/Server/Mail/Data/scanner/amavis/.spamassassin/

    sudo chmod u+rw /Library/Server/Mail/Data/scanner/amavis/.spamassassin/*

     

    Then re-run spamassassin -D --lint to see if the problem with permissions is gone.

  • by scottl31,

    scottl31 scottl31 Jun 1, 2014 12:14 PM in response to Buckiejoe
    Level 1 (13 points)
    Servers Enterprise
    Jun 1, 2014 12:14 PM in response to Buckiejoe

    Buckiejoe,

     

    I did make a "notjunkmail" account but have not been feeding it anything becausae I thought it was only to feed messages marked as spam. I have not been getting any messages marked as spam.

     

    So are you saying that I should be feeding the notjunkmail account with good messages and then it might start working?

     

    I'll check the rest of the stuff you mentioned. Thanks!

  • by Buckiejoe,

    Buckiejoe Buckiejoe Jun 1, 2014 12:19 PM in response to scottl31
    Level 1 (10 points)
    Jun 1, 2014 12:19 PM in response to scottl31

    No, that's just good practice. The reason why it's not working is because your ownership rights on spam database are not correct. Perhaps it hasn't even been trained once. Take a look at the size of the database (bayes_seen, bayes_toks)

     

    ls -lh /Library/Server/Mail/Data/scanner/amavis/.spamassassin/

     

    If it's only a few kilobytes in size then it's empty.

  • by Matt Domenici,

    Matt Domenici Matt Domenici Jun 1, 2014 12:30 PM in response to Buckiejoe
    Level 1 (119 points)
    Jun 1, 2014 12:30 PM in response to Buckiejoe

    This can also happen if commands have been run by a user other than amavisd.  When you run ls -al on the command line from your usual admin account's home directory (do cd ~) what so you see as output?

  • by scottl31,

    scottl31 scottl31 Jun 1, 2014 4:52 PM in response to Buckiejoe
    Level 1 (13 points)
    Servers Enterprise
    Jun 1, 2014 4:52 PM in response to Buckiejoe

    Buckiejoe,

     

     

    I ran that and got:

     

    total 15288

    -rw-------  1 _amavisd  _amavisd   2.5M Jun  1 02:27 bayes_seen

    -rw-------  1 root      _amavisd   5.0M Jun  1 02:27 bayes_toks

     

    So I guess not empty, but I just don't see any spam control happening.

  • by scottl31,

    scottl31 scottl31 Jun 1, 2014 4:57 PM in response to Matt Domenici
    Level 1 (13 points)
    Servers Enterprise
    Jun 1, 2014 4:57 PM in response to Matt Domenici

    Matt,

     

    so here is what that gives me:

     

    prepress:~ server2$ cd ~

    prepress:~ server2$ ls -al

    total 11800

    drwxr-xr-x+ 25 server2  staff      850 May 23 14:18 .

    drwxr-xr-x+ 18 root     admin      612 Apr 23 17:30 ..

    -rw-------+  1 server2  staff        3 Jan 24  2013 .CFUserTextEncoding

    -rw-r--r--@  1 server2  staff    24580 Mar  9 18:02 .DS_Store

    drwx------+  2 server2  staff       68 May 23 15:32 .Trash

    -rw-------+  1 server2  staff    56532 Jun  1 12:15 .bash_history

    -rw-r--r--+  1 server2  staff      185 Aug 29  2013 .bash_profile

    drwxr-xr-x+  3 root     staff      102 May 23 14:18 .cpan

    drwx------+  3 server2  staff      102 May 22 17:41 .cups

    drwx------+  7 server2  staff      238 Sep 17  2013 .filezilla

    -rw-r--r--@  1 server2  staff      230 Sep 17  2013 .htaccess

    -rw-------+  1 server2  staff       57 May 23 09:37 .lesshst

    -rw-------+  1 server2  staff     1024 Sep 10  2013 .rnd

    drwx------+  2 server2  staff       68 Jan 21 12:06 .spamassassin

    -rw-------+  1 root     staff     1118 Aug 19  2013 .viminfo

    -rw-r--r--+  1 server2  staff        0 Oct  8  2013 1000K

    drwx------+ 26 server2  staff      884 May 29 07:43 Desktop

    drwx------+  3 server2  staff      102 Jan 24  2013 Documents

    drwx------+  6 server2  staff      204 Feb  4 11:04 Downloads

    drwx------@ 43 server2  staff     1462 Sep 11  2013 Library

    drwx------+  3 server2  staff      102 Jan 24  2013 Movies

    drwx------+  4 server2  staff      136 Sep 10  2013 Music

    drwx------+  5 server2  staff      170 Feb  5 12:36 Pictures

    drwxr-xr-x+  4 server2  staff      136 Jan 24  2013 Public

    -rw-r--r--@  1 server2  staff  1977464 Sep  5  2013 Users

    prepress:~ server2$

     

    So waht is this telling me?

  • by scottl31,

    scottl31 scottl31 Jun 1, 2014 5:33 PM in response to scottl31
    Level 1 (13 points)
    Servers Enterprise
    Jun 1, 2014 5:33 PM in response to scottl31

    OK, so also I was checking the headers of a bunch spam messages and this was a typical one:

     

    X-Spam-Flag: NO
    X-Spam-Score: 2.822
    X-Spam-Level: **
    X-Spam-Status: No, score=2.822 tagged_above=2 required=7 tests=[HTML_MESSAGE=0.001, INVALID_DATE=0.432, MIME_HTML_ONLY=1.105, RDNS_NONE=1.274, SPF_PASS=-0.001, T_REMOTE_IMAGE=0.01, URIBL_BLOCKED=0.001] autolearn=no

     

    Nothing about Bayes in there.

     

    Now before sending this, I went in and turned the filter down to 2. Now some messages are getting tagged with ***JUNK*** and Bayes is in the haeder. Did I just have the filter set too high?

     

    Also, do I continue to feed the messages tagged with ***JUNK*** into the junkmail account?

  • by Matt Domenici,

    Matt Domenici Matt Domenici Jun 1, 2014 6:08 PM in response to scottl31
    Level 1 (119 points)
    Jun 1, 2014 6:08 PM in response to scottl31

    The .spamassassin shouldn't exist in the user folder for your admin account; I suspect the script was invoked by your admin user instead of the amavisd user at some point.  I'd delete .spamassassin from your admin account home folder and then try to run spamtrainer again; it should run with no errors.  If it does, you can set it up to run instead of Apple's scripts, which we can walk you through in terms of setup.

  • by Matt Domenici,

    Matt Domenici Matt Domenici Jun 1, 2014 6:10 PM in response to scottl31
    Level 1 (119 points)
    Jun 1, 2014 6:10 PM in response to scottl31

    With regards to junk mail filtering, and moving those messages into the junk folder, that will require setting up sieve scripts.  First you need to enable sieve on the command line, and then setup an admin UI for the scripts (or manage them from the command line) to do the filtering.

     

    Many people use Roundcube to do this on OS X Server, which has a plugin to manage the filtering scrips and also gives you a webmail interface.

first Previous Page 3 of 5 last Next