[[email:work]]
 
Trace: » outlook_2 » sail » setup » spam » spamd » squirrelmai » system » vm-pop3d » webmail_button » work

SpamAssassin isn't working

We often get this question, and the number of causes can be many, so there are several things to check.

1) The first thing to check is to see if the messages are being scanned at all. The way to do that is to check your message headers. In the headers will be spam scoring which will let you know if it's being scanned or not. This is a sample set of spamassassin headers in a sample spam email. Note that even non-spam will have the same header names, they'll just have different values. 

X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on server.hostname.com
X-Spam-Level: *******
X-Spam-Status: Yes, score=7.4 required=5.0 tests=BAYES_80,FH_HELO_EQ_D_D_D_D,
     HELO_DYNAMIC_IPADDR2,RCVD_IN_PBL,RDNS_NONE autolearn=no version=3.2.5
X-Spam-Report:
     * 4.4 HELO_DYNAMIC_IPADDR2 Relay HELO'd using suspicious hostname (IP addr
     *    2)
     * 0.0 FH_HELO_EQ_D_D_D_D Helo is d-d-d-d
     * 2.0 BAYES_80 BODY: Bayesian spam probability is 80 to 95%
     *    [score: 0.8251]
     * 0.9 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
     *    [1.2.3.4 listed in zen.spamhaus.org]
     * 0.1 RDNS_NONE Delivered to trusted network by a host with no rDNS

2) If you are seeing those headers then SpamAssassin is in fact working, but perhaps just not catching everything you'd like. There are ways to make it catch more. One is to lower your scoring threshold. In the above example, a limit of 5.0 is used, but you can lower it if you're finding spam is being scored lower. Another way is to run the command: 

sa-update

every week or so, to update the SA rules. Another method is to customize the rules in your user_prefs files in order to give some common aspects a higher scoring (see the SpamAssassin docs for this). Lastly, you can create an teaching folder to help SA learn what is and is not spam.

3) If your emails are not being scanned at all, the first things to check:

- Ensure you have /home/username/.spamassassin/user_prefs present or your emails will not be scanned.

- Check your /etc/exim.conf. Ensure your spamcheck_director section is uncommented as per step 3 of this guide.

- Note that emails larger than 100k (by default) will not be scanned, pending on what your spamcheck_director settings are. You can increase this size if needed.

- Ensure that spamd is running: 

ps ax | grep spamd

- Check your /var/log/exim/mainlog, /var/log/exim/paniclog and /var/log/maillog for any spamd related errors.

 
email/work.txt · Last modified: 2010/02/22 08:29 by muscardin
 
Except where otherwise noted, content on this wiki is licensed under the following license:CC Attribution-Noncommercial-Share Alike 3.0 Unported
Please visit Automatic Backlinks to start earning free backlinks Recent changes RSS feed Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki