I'm not an admin, but I will pass the answers along to my admin.

How do I set up my DirectAdmin server to use spamassassin. I'm just not happy with the rough filtering options and want to use something with a little more robustness and brains.

Thank you for any help you can give,
Kurt

Hello,

cd /usr/local/directadmin/scripts
./spam.sh
Then edit the /etc/exim.conf and remove the # characters from in front of the spamcheck_director to make it look like:

# Spam Assassin
spamcheck_director:
driver = accept
condition = "${if and { {!def:h_X-Spam-Flag:} {!eq {$received_protocol}{spam-scanned}} {!eq {$received_protocol}{local}} } {1}{0}}"
retry_use_local_part
transport = spamcheck
no_verify
Then typeservice exim restartJohn

Thanks a ton! I will pass that info along!

In my old server it was neccessary to provide an individual .procmailrc file for each domain that wanted to use spamassassin, is this the case with directadmins use of spamassassin?

Is there a configuration file for each domain, and if so is the scripting the same as it would be for .procmailrc?

Originally posted by woodmw
In my old server it was neccessary to provide an individual .procmailrc file for each domain that wanted to use spamassassin, is this the case with directadmins use of spamassassin?

Is there a configuration file for each domain, and if so is the scripting the same as it would be for .procmailrc?

I believe this will install everything you need, follow the guide above and continue to use DirectAdmin as normal :)

Chris

Hello,

When I removed the # characters I used:

Then typeservice exim restart

I got this:

Starting exim: 2003-12-16 08:01:59 Exim configuration error in line 384:
missing quote at end of string value for condition
[FAILED]

This line looks like this:

condition = "${if and { {!def:h_X-Spam-Flag:} {!eq {$received_protocol}{spam-scanned}} {!eq {$received_protocol}{local}} } {1}{0}}"

What is wrong?

Thanks!

Hello,

Perhaps paste the whole spamassasin section.. I dont see any problems with that line.. Also, you're using exim 4, right?

John

Originally posted by DirectAdmin Support
Hello,

Perhaps paste the whole spamassasin section.. I dont see any problems with that line.. Also, you're using exim 4, right?

John

I was thinking the same.... have a big feeling something else may have been removed when the commenting removed.

Chris

What's the easiest way to upgrade to Spam Assassin 2.61

I did the following:
altered spam.sh
#############################

#!/bin/sh

#Installs Spam Assassin 2.61

FILE="/usr/local/directadmin/scripts/packages/Mail-SpamAssassin-2.61.tar.gz";

wget http://www.spamassassin.org/released/Mail-SpamAssassin-2.61.tar.gz -O ${FILE}

if [ ! -e ${FILE} ]
then
echo "Cannot find ${FILE} !! Make sure it exists.";
exit -1;
fi

tar xzf ${FILE} -C /usr/local/directadmin/scripts/packages
chown -R root:root /usr/local/directadmin/scripts/packages/Mail-SpamAssassin-2.61

cd /usr/local/directadmin/scripts/packages/Mail-SpamAssassin-2.61

export LANG=C
/usr/bin/perl Makefile.PL
make
make install

exit 0;
#############################

service spamassassin restart
# don't think this is necessary....
service exim restart


Am I missing anything ?

Looks ok..... you may want to remove the previous version firstly though. Go into its source directory and make uninstall it :)

Chris

So
1. How do you know if Spamassassin is active?
2. Does it have learning capabilities?
3. Is there any rules that I can modify?

Thank you.

You can tell Spam Assassin is active by looking at your mail headers.
You should see something like this near the bottom:
X-Spam-Checker-Version: SpamAssassin 2.61 (1.212.2.1-2003-12-09-exp) on
web.yourdomain.com
X-Spam-Level:
X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=no version=2.61

Hope that helps.

-James

Originally posted by Reyner
1. How do you know if Spamassassin is active?

# service spamassassin status

Originally posted by Reyner
2. Does it have learning capabilities?
3. Is there any rules that I can modify?

Basically spamassassin is a simple filter to check for:

- headers
- text analysis
- blacklists
- razor spam tracking database

For information on how to setup your own rules how it checks etc take a look at its website, it has a fair bit of information on what can be put into the configuration and what each feature does.

http://spamassassin.org/index.html

If you are looking for advanced mail scanning and protection i suggest intergrating spamassassin , mailscanner and clam antivirus together.

Chris

Does anyone have experience using dcc with spamassassin.

I have it set up in my local.cf file to use dcc if it's available.

use_dcc 1

But I can't tell if it's actually happening.

I have dccproc installed but I can't tell if spamassassin is actually calling it.

Do I need to install the dccd or just dccproc ?

I've read through some of the doc's at http://www.rhyolite.com/anti-spam/dcc/
but it wasn't that clear to me.

James,

Thank you so much for the hint. I did install spam assassin and I noticed those lines before. However, I just double check one of my clients email and it does not show spam assassin, but:

X-MailScan-MailScanner-Information: Please contact the ISP for more information
X-MailScan-MailScanner: Found to be clean

Do you have any ideas?

Thank you

Did you follow the mailscanner how-to?

Chris

Hello Chris,

Yes, I did. I followed that instruction a while ago and test it. It shows the spamassassin scanned message in the header. But, somehow it's no longer there now. And I don't recall ever uninstalling spamassassin. I did however, upgrade to the latest version of DA using the queue link in the admin panel.

Originally posted by Reyner
Hello Chris,

Yes, I did. I followed that instruction a while ago and test it. It shows the spamassassin scanned message in the header. But, somehow it's no longer there now. And I don't recall ever uninstalling spamassassin. I did however, upgrade to the latest version of DA using the queue link in the admin panel.

Thats normal, mailscanner is basically an 'all in one' package - it can include additional software including spamassassin that works with it. The score mailscanner will show is actually the same as what spamassassin would give it as its usuing the spamassassin system there.

If you install clam anti virus you can also include that and have the ability to virus scan your server as a whole aswell as get both incoming and outgoing emails scanned for viruses with the ability to even get the admin alerted aswell as the users when this happens.

Chris

Moving this to email area also.

Chris

I got this error while doing service MailScanner start:
Starting MailScanner daemons:
incoming sendmail: exim abandoned: unknown, malformed, or incomplete option -OPrivacyOptions=noetrn
[ OK ]
outgoing sendmail: exim abandoned: unknown, malformed, or incomplete option -OPidFile=/var/run/sendmail.out.pid
[ OK ]
MailScanner: [ OK ]


Does anyone know what may cause this?

Thank you.

Originally posted by Reyner
I got this error while doing service MailScanner start:
Starting MailScanner daemons:
incoming sendmail: exim abandoned: unknown, malformed, or incomplete option -OPrivacyOptions=noetrn
[ OK ]
outgoing sendmail: exim abandoned: unknown, malformed, or incomplete option -OPidFile=/var/run/sendmail.out.pid
[ OK ]
MailScanner: [ OK ]


Does anyone know what may cause this?

Thank you.
in /etc/rc.d/init.d/MailScanner you need to replace the lines:

INPID=/var/run/sendmail.in.pid
OUTPID=/var/run/sendmail.out.pid

with the pid files used by exim (check /var/run for the names of them)

Chris

Chris,

Thanks for your help. I finally found out what the problem is.
1. I had to upgrade my exim 4.20 to 4.24
2. Then I reinstalled MailScanner
3. I also ran spam.sh and run spamd -d

Everything works like normal.

Originally posted by ProWebUK
# service spamassassin status


This does not work with a standard install:
spamassassin: unrecognized service

Assuming that Spamassassin has been installed, try:
# spamd -d

The -d option will make spamd run in the background as daemon. Hope this helps.

Yes, but in that case we have to use something like :
#top | grep spamd

to check if it's running no ?

You can use top I guess, but it will use more cpu utilization. I would recommend:

# ps aux | grep spamd

Yep and for other people reading this thread. They need to make sure to keep the spamcheck.pl file. I'm going to ask the devs about the functionality of this file.

So how do we make sure that spamd will start each time the VPS will reboot?

You can put the:

/usr/bin/spamd -d

in the /etc/init.d/rc.local (or somewhere similar).

Hope this helps.

I get the following when trying to restart exim...

Starting exim: 2004-01-09 19:48:44 Exim configuration error in line 530:
transport spamcheck: cannot find transport driver "accept"
[FAILED]


# Spam Assassin
begin transports

spamcheck:
driver = accept
condition = "${if and { {!def:h_X-Spam-Flag:} {!eq {$received_protocol}{spam-scanned}} {!eq {$received_protocol}{local}} } {1}{0}}"
retry_use_local_part
transport = spamcheck
no_verify

----edit----
moved from transports section to directors configuration, exim restarts correctly.
----edit 2----
Now I am unable to recieve mail, help!

Originally posted by Fireye
----edit 2----
Now I am unable to recieve mail, help!

An obvious suggestion - revert the chnages you made to exim temporarily.

With the information you provided I have no idea why mail is not working, is there anything in your maillog?

Chris

Well the spamd is running good at my server.

Can someone send me an email, which is recognize as spam by SpamAssassin to see if this software works.

Please send it to test@dog.ro.

Thanks.

P.S.
I can't find the file /etc/init.d/rc.local on my system.
But I find this file in 2 other locations:
/etc/rc.d/rc.local
/etc/rc.local
Where can I put the line /usr/bin/spamd -d, so I make sure that the SpamAssassin daemon will start as each reboot.

Originally posted by MagnuM
P.S.
I can't find the file /etc/init.d/rc.local on my system.
But I find this file in 2 other locations:
/etc/rc.d/rc.local
/etc/rc.local
Where can I put the line /usr/bin/spamd -d, so I make sure that the SpamAssassin daemon will start as each reboot.

The actual file is /etc/rc.d/rc.local /etc/rc.local is simply a symlink to that file.

Chris

OK, thanks. Something is working now, but I am not sure it works good, until I receive an email which contain spam text, and know for sure that SpamAssassin will stop it.

By the way, I just read the header of an email which I think it was scaned with SpamAssasin:
X-Spam-Status: No, hits=0.6 required=5.0
tests=HTML_70_80,HTML_MESSAGE
version=2.55
X-Spam-Level:
X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp)

Should X-Spam-Level need to have a value there?
If yes how can I set this up?

X-Spam-Status: No, hits=0.6 required=5.0

That lets you know its running ;) it gives mail a rating based on content if its above 5 it does whatever you specify (tag as spam and pass as normal - return and dont send - drop completely dont return or pass through) you can also chnage the 5 if you wish although I advise you to keep with 5.. for a while stick with tagging also. just so you get an idea of what is and isn't going through :)

Chris

OK, so SpamAssassin is working good, I even test it with some spam messages, but I want to know how can this software automaticaly remove the emails which are detected as spam, because now I am still receiving those emails with the specifications in the message that tell me: "This messsage is probaly spam ..."?

Thanks.

So, is there anyone who can tell me how to configure my mail server to delete the mesages detected as spam by SpamAssassin.
Thanks.

Just learned this today ...

In the /etc/MailScanner/MailScanner.conf you can find:

#
# What to do with spam
# --------------------

Here, you can set:

Spam Actions = delete

This should delete spam messages.

Best regards,

Reyner

But I don't have MailScanner installed, only SpamAssassin.

The only thing I'm seeing in the headers is "Received: from mail by name.domain.com with spam-scanned (Exim 4.24)"


how can I make it include the score and the rest of the normal stuff.

Also, wheree is the config file for spamassasin?

Hello,

make sure that the "spamd" program is running.

The spamassasin configfile is in /etc/mail/spamassassin/local.cf

John

Hello,

I want to set the options for spam for every domain because i have some customers they want to remove the spam and another customers they only want to mark the spam mail with {spam?}. How do i set the spam filter for each domain?

Hello,

That has not been implemented, but I believe can be accomplished by changing a few things in the /etc/exim.conf.

Make the spamcheck transport look like this:

spamcheck:
driver = pipe
batch_max = 100
command = /usr/sbin/exim -oMr spam-scanned -bS
current_directory = "/tmp"
group = mail
home_directory = "/tmp"
log_output
message_prefix =
message_suffix =
return_fail_output
no_return_path_add
transport_filter = /usr/bin/spamc -u ${lookup{$domain}lsearch*{/etc/virtual/domainowners}{$value}}
use_bsmtp
user = mail
Note that the above code is untested but in theory should work. It will allow you to setup the ~/.spamassassin file (/home/username/.spamassassin) to filter whatever you want.

That allows control over the spam filtering (to determine if it's spam).. but if you want to have the ability to drop emails on a perdomain basis, you'd need to edit /etc/virtual/domain.com/filter.

Add the following:

if
$h_X-Spam-Status: contains "Yes"
or
"${if def:h_X-Spam-Flag {def}{undef}}" is "def"
then
logwrite " => junk : SPAM"
save $home/spam/
finish
endif
The save path will probably need twekaing as the directories won't exist, but you might need to actually specify a file beacause of the mbox format. (Note that any changes to their filter through DA will overwrite the file, so you might want to set the owner to root/755 so that it can't be touched)

Again, I havn't tested any of this, and is just a general guide to help you get started on the right path. (I just googled this howto in 5 minutes)

John

thanks i will test it next week..:) :)

how can i configure Spamassassin to only edit the subject of the email with "[spam]" and not to send it in an attach mode?

Hello,

Create a custom config file via:
http://www.yrex.com/spam/spamconfig.php

Put the output into: /etc/mail/spamassassin/local.cf

The option you're looking for is:
# Encapsulate spam in an attachment
report_safe 0John

Thankyou!

Hi, is the file /etc/mail/spamassassin/local.cf still the global config? I.e. i want to make a change that every domain uses and these changes are about 2 pages long with xtra filters etc. Adding them to this file or even to the user_pref file doesnt seem to take effect?

Barry

Originally posted by Reyner

2. Does it have learning capabilities?


Why doesn't it have learning capabilities, couldn't we come up with a sa-learn script integrated in the DA interface that learns from the mail that the DA user put in the spam filter dir by hand, or maybe an email address to send spam mail to so that it automatically gets filtered in the corect .spamassassin db?

Let's hope for some SA gurus,

Tristan

In Headers only:

"Received: from mail by aaa.domain.net with spam-scanned (Exim 4.53)

spamd is running

How can I see the score?

I added the following to "optional modifications" under ACL check_recipient in exim.conf:

deny message = Message scored $spam_score spam points.
spam = nobody:true
condition = ${if >{$spam_score_int}{120}{1}{0}}

It should automatically delete email on the whole server automatically, if it spamassassin has given it a higher score than 12. I haven't verified that it works, and I'm not seeing anything in the logs, which is scary, but I'm not receiving emails with more than 12 points from SA. So it looks as if it is working.

Later edit: Don't think this is actually working, as Exim is using transport to Spamd, so it isn't marked as spam at this stage.

Anyone know how to filter out on a system wide basis? I.e. set up the filter file for all accounts?

Originally posted by torp
Anyone know how to filter out on a system wide basis? I.e. set up the filter file for all accounts?

I just added John's filtering to /etc/system_filter.exim and set SA to report spam when > 10. This should get rid of a lot of spam, I think.