Update 3/16/05 - With the release of the Ensim hotfix for Ensim 4.0.3 to support spamassassin 3.0, I will no longer be updating this thread unless needed for spamassassin 3.0.x releases.

http://onlinesupport.ensim.com/TWKB/ViewCa...nowledgeID=1953

===============================================

Spamassasin 2.64 is now avaliable, here are the steps to upgrade.


Note: This procedure assumes you have a working copy of spamassasin 2.40 or later and all the prerequired perl modules (you would have had to to get spamassasin installed in the first place). These steps is just an inplace replacement of the code


We have verified these proceedures work on Ensim 4.0.1 Pro RHEL.

wget http://old.spamassassin.org/released/Mail-...sin-2.64.tar.gz

tar xvfz Mail-SpamAssassin-2.64.tar.gz

cd Mail-SpamAssassin-2.64

export LANG=C

perl Makefile.PL
(You will be prompted for an admin contact email)

make

make test
(Make sure there are no errors)

now as root:

make install


===============Ensim Pro 3.7 or later only================
If you are on Ensim Pro 3.7 or later you need to do the following to update your virtual sites: This will put your server in maintenance mode.

#You need to do this to get ensim to trigger the refresh of the FILESYSTEMTEMPLATE for the virtual domain spamassasin settings. If Redhat would ever update spamassassin's rpm Ensim would automatically do this.

mv /etc/virtualhosting/filelists/spam_filter.packages.list /etc/virtualhosting/filelists/spam_filter.packages.list.bak

/usr/local/sbin/set_pre_maintenance
/usr/local/sbin/set_maintenance
/usr/local/sbin/set_post_maintenance
/sbin/service webppliance restart
============================================


That should be it. The new spamassasin should be immediatly avaliable, you shouldn't have to restart sendmail or MailScanner.

Also, for those advanced administrators, we recommend you install razor as well to enable that feature of spamassassin. I will try to post a detailed howto for this soon. Also, there is a good custom spamassassin rules list called BigEvil.. it will add 3 points to the score for any spams that include url to domains used by spammers or found in the worst spams. It helped me catch some of the most prevalent spams that seem to get a low score because if is formatted to get a low Bayesian result (which spamassassin scores as -4.9.) I will post a howto on how to install it and have it autoupdated soon as well.

it seems after this upgrade, i'm getting more spam than before

Ok, after running perl makefile.pl I got this error so I did a search for pod2man and located its path:

[root@gz Mail-SpamAssassin-2.60]# perl Makefile.PL
What email address or URL should be used in the suspected-spam report
text for users who want more information on your filter installation?
(In particular, ISPs should change this to a local Postmaster contact)
default text: [the administrator of that system] abuse@galacticzero.net

Checking if your kit is complete...
Looks good

Warning: I could not locate your pod2man program. Please make sure,
your pod2man program is in your PATH before you execute 'make'

Writing Makefile for Mail::SpamAssassin
Makefile written by ExtUtils::MakeMaker 6.03
[root@gz Mail-SpamAssassin-2.60]# locate pod2man
/usr/bin/pod2man
/usr/share/man/man1/pod2man.1.gz
[root@gz Mail-SpamAssassin-2.60]#

How do I correct it?

Thanks

shoot. I did the upgrade and now

> rpm -q spamassassin

returns:

> spamassassin-2.55-1.72.ct

any ideas?

That means the old one is still there, it should return "not found"
the new one, built from souce, shouldn't show up in rpm at all(presuming you followed the howto above)

oh duh. sorry, my brain-fart.

I can not restart or view the status of the MailScanner. I get the following error:

Cannot open config file -h, No such file or directory at /usr/lib/MailScanner/MailScanner/Config.pm line 294

Can someone please help me?

I have successfully installed Spamassassin 2.6 following the directions in this thread, but like GXX it is now catching much less spam than the previous GPAN version I had installed.

In fact it appears to only match Header tests (FORGED_UMA_OUTLOOK only one it has matched so far) and not Body text tests.

For example, I had a Viagra spam get through with a score of 0 with no tests run:
X-MailScanner-SpamCheck: not spam, SpamAssassin (score=0, required 3)

But when I tried it via the command line "spamassassin -t < spam.txt > spam.out" it matched 20 tests or so and gave it a score of 23.6!

I am using the Mailscanner that GPAN last included in his last Mailscanner/SpamAssassin/Clamav post.

I suspect I need to update a MailScanner.conf but don't know what to change yet. I do know it is using my MailScanner.conf by the fact the required spam score is 3 instead of the default 5 and I can turn domains on and off.

Anyone else besides GXX and I having this problem? My clients and I are now drowning in spam, any ideas welcomed!

If you can, post the headers from an email that is spam that got past the filter, and if possible, a sampling of lines from your /var/log/maillog so that we can see what MailScanner is actually trying to do.

We are actually getting a 99% detection rate with this mailscanner, and we can list the spam score in the headers now, which is nice as we can quickly see by sorting the subject lines which are the lowest scoring spams and quickly look for false positives (if any).

Hi ArtieMcD,

*update, see post after this for more info - I am missing the /etc/init.d/spamassassin ! *

Thanks so much for your help, and for providing the mailscanner and spamassassin update howtos!

I went ahead and updated MailScanner to 4.24 following your instructions. I also followed your Spamassassin 2.6 instructions again after installing the new mailscanner just to be safe. But I'm still having the same issue with only header tests being run on my spam.

Here is the info you requested (i've used eoflubios.com as my fake domain name for this post):

maillog:
Nov 6 16:34:33 server sendmail[11353]: hA6LYXU11353: from=, size=4428, class=0, nrcpts=1, msgid=<200311061114.DAA35950@15.bluerocketonline.com>, proto=ESMTP, daemon=MTA, relay=15.bluerocketonline.com [69.6.16.115]
Nov 6 16:34:33 server sendmail[11353]: hA6LYXU11353: to=, delay=00:00:00, mailer=virthostmail, pri=34428, stat=queued
Nov 6 16:34:36 server MailScanner[10430]: New Batch: Found 2 messages waiting
Nov 6 16:34:37 server MailScanner[10430]: New Batch: Scanning 1 messages, 4982 bytes
Nov 6 16:34:37 server MailScanner[10430]: Virus and Content Scanning: Starting
Nov 6 16:34:38 server MailScanner[10430]: Uninfected: Delivered 1 messages
Nov 6 16:34:38 server virthostmail[11364]: Chrooting to /home/virtual/site19/fst
Nov 6 16:34:39 server sendmail[11362]: hA6LYXU11353: to=, delay=00:00:06, xdelay=00:00:01, mailer=virthostmail, pri=124428, relay=eoflubios.com, dsn=2.0.0, stat=Sent (hA6LYcf11366 Message accepted for delivery)

If I do a command line spamassassin I get this:
X-Spam-Status: Yes, hits=10.5 required=5.0 tests=BAYES_60,CLICK_BELOW,
DATE_IN_PAST_03_06,HTML_60_70,HTML_IMAGE_ONLY_06,HTML_IMAGE_RATIO_04,
HTML_MESSAGE,HTML_TAG_BALANCE_A,MAILTO_SUBJ_REMOVE,MIME_HTML_ONLY,
OFFERS_ETC,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_NJABL,RCVD_IN_NJABL_SPAM,
RCVD_IN_SBL,RCVD_IN_SORBS autolearn=no version=2.60

But this email made it past my Mailscanner Spamassassin, here is the complete spam:

From b.TailWaggingOffer.0-264637f-5683.eoflubios.com.-john@15.bluerocketonline.com Thu Nov 6 16:34:39 2003
Return-Path:
Received: from server.eoflubios.net (root@localhost)
by eoflubios.com (8.11.6/8.11.6) with ESMTP id hA6LYcf11366
for ; Thu, 6 Nov 2003 16:34:38 -0500
X-ClientAddr: 69.6.16.115
Received: from 15.bluerocketonline.com (15.bluerocketonline.com [69.6.16.115])
by server.eoflubios.net (8.11.6/8.11.6) with ESMTP id hA6LYXU11353
for ; Thu, 6 Nov 2003 16:34:33 -0500
Received: (from daemon@localhost)
by 15.bluerocketonline.com (8.8.8/8.8. id DAA35950;
Thu, 6 Nov 2003 03:14:51 -0800 (PST)
Date: Thu, 6 Nov 2003 08:34:04 -0800 (PST)
Message-Id: <200311061114.DAA35950@15.bluerocketonline.com>
From: Sandy Walker
To: john@eoflubios.com
Subject: Re: Free $20 Toys 'R' Us Gift Card
MIME-Version: 1.0
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-eoflubios.com-MailScanner-Information: Please contact the ISP for more information
X-eoflubios.com-MailScanner: Found to be clean
X-eoflubios.com-MailScanner-SpamCheck: not spam, SpamAssassin (score=0,
required 3)
Status: RO
X-Status:
X-Keywords:
X-UID: 19292

Hmm, do my SpamAssassin headers from Mailscanner look correct?

Thanks for looking over this,
John

I think I see the problem!

I do not have a /etc/init.d/spamassassin file that others have posted about. Before I installed the latest Mailscanner I removed the previous spamassassin rpm during my troubleshooting. I have since installed spamassassin 2.6 per your instructions, but now don't have the /etc/init.d/spamassassin file I need.

Can I just add this file (when someone posts it), or will I need to install a spamassassin rpm again to get more of these essential files? I do have in my /usr/bin a spamc, spamd, and spamassassin.

Thanks,
John

I don't have a /etc/init.d/spamassasin file either... I don't think that's the problem at all. files in /etc/init.d are files generally used to start services on your machine at boot time and also are the scripts used to restart services.

spamassassin is not run as a service, it runs on demand from MailScanner in this case. Your maillog output dosn't show any erros but for some reason MailScanners calls to spamassasin are either failing or not being made at all. My next recommeneded action is to look in your /etc/MailScanner/MailScanner.conf file.

Ah, ok.

I manually merged my settings from MailScanner.conf into the MailScanner.conf.rpmnew and then renamed MailScanner.conf.rpmnew to MailScanner.conf and did a /sbin/service MailScanner stop then start then status (everything ok).

I will look over it again line by line, but SpamAssassin is definitely turned on in this file, and in fact SpamAssassin will run some tests as demonstrated on the spam I just recieved (it only seems to run header checking tests, never a content test):

Microsoft Mail Internet Headers Version 2.0
Received: from exchange.eoflubios.com ([127.0.0.1]) by exchange.eoflubios.com with Microsoft SMTPSVC(5.0.2195.6713);
Thu, 6 Nov 2003 17:54:49 -0500
Return-Path: <8fynjtvc@earthlink.com>
Received: from server.eoflubios.net (root@localhost)
by eoflubios.com (8.11.6/8.11.6) with ESMTP id hA6MrvA15158
for ; Thu, 6 Nov 2003 17:53:57 -0500
X-ClientAddr: 200.78.98.58
Received: from dsl-200-78-98-58.prodigy.net.mx (dsl-200-78-98-58.prodigy.net.mx [200.78.98.58])
by server.eoflubios.net (8.11.6/8.11.6) with SMTP id hA6MroU15145
for ; Thu, 6 Nov 2003 17:53:50 -0500
Received: from zoh39.t1o6.com [107.53.200.81] by dsl-200-78-98-58.prodigy.net.mx id P3Je0lz0UoMq; Fri, 07 Nov 2003 12:51:59 -0100
Message-ID:
From: "Luke Mora" <8fynjtvc@earthlink.com>
Reply-To: "Luke Mora" <8fynjtvc@earthlink.com>
To: john@eoflubios.com
Subject: Buy Xanax Online at Unbelievable Prices r
Date: Fri, 07 Nov 03 12:51:59 GMT
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="4BC9F8.A9F_.7C_14BFE6__A"
X-Priority: 3
X-MSMail-Priority: Normal
X-eoflubios.com-MailScanner-Information: Please contact the ISP for more information
X-eoflubios.com-MailScanner: Found to be clean
X-eoflubios.com-MailScanner-SpamCheck: not spam, SpamAssassin (score=2.4,
required 3, FORGED_MUA_OIMO 2.40)
X-eoflubios.com-MailScanner-SpamScore: ss
Status:
X-OriginalArrivalTime: 06 Nov 2003 22:54:49.0974 (UTC) FILETIME=[FBAB2160:01C3A4B8]

--4BC9F8.A9F_.7C_14BFE6__A
Content-Type: text/plain;
Content-Transfer-Encoding: quoted-printable


--4BC9F8.A9F_.7C_14BFE6__A--




I think I'll remove my custom rules (per domain on / off, forward to spam pop, custom score levels) to see if that fixes it, though I'm not doing anything crazy and it worked in the old spamassassin.

Thanks again for your help, I'll post results of my .conf edits,
John

Another file to check would be the /etc/MailScanner/spam..assassin.prefs.conf

When you test spamassasin manually from the command line on your email try it using the -p /etc/MailScanner/spam..assassin.prefs.conf so that the preferences that will be in effect when MailScanner calls it will be the ones used.

Compare that results with the result of the run without the -p option.


Also, if you run spamassasin in debug mode it will report the config files its using.. compare that to a manual run of spamassasin -D --lint.

My Spamassassin finally works correctly!

I uninstalled Mailscanner / Spamassassin, deleted all config files, reinstalled using GPAN's Mailscanner/SpamAssassin/Clamav, then upgraded SpamAssassin using this howto.

Works perfectly now, should have tried this earlier..

Thanks for all your help ArtieMcD, and for the upgrade howtos!
John

Today, SA 2.61 was released.. I updated the first post to reflect this new version...

Stupid question:
Does anyone know how to find out the version of SpamAssassin you are currently running? I installed it a while ago and forgot... looked all around but can't find any docs or ver numbers.

Thanks

spamassassin -V

I updated the instructions in first post to reflect the latest release of spamassasin (2.63).

I have upgraded the instructions above to report that this procedure works under Ensim Pro 3.7 RHEL.

ArtieMcD thanks for the good how-to.

I upgraded to SA 2.63, and it appears to be working properly. But I noticed I still have spamassassin 2.53 rpms, should those be deleted? What would happen if I just left them?

[root@srv01 /]# spamassassin -V
SpamAssassin version 2.63

[root@srv01 /]# rpm -qa | grep spam
spamassassin-tools-2.53-1.73.ct
spamassassin-2.53-1.73.ct

Please advise

The spamassasin rpms is the latest deplaoyed by redhat. I would not delete them even though we essetially overwrote them by installing from source. The reason we should leave it is if RedHat should ever decide to publish an update via up2date we would like to see that it has an update avaliable.

I have updated the instructions below for Ensim 3.7 on RHEL.

Since we are installing from source, Ensim does not detect the update and essentiall does nothing when we put it in maintenance mode. If you follow the new proceedures I have above, ensim will refresh all the sites with the latest spamassasin rules.

One issue though. spamassasin has 3 new .cf files. Since Ensim determines the files to place in the virutal domain based on the rpm distribution list (which is still old on our box), we will not get those three new files until RedHat releases a new rpm.

Enjoy

Went great on Ensim 3.7 RHEL

Thanks for the how-to !

run sa-learn --rebuild
sa-learn --spam and
sa-learn --ham
on a couple hundred ham and spam messages to rebuild your bayesian databases

when you upgrade to 2.63 your bayes_seen and bayes_tokens database files are probably still in the older format and need to be updated by running sa-learn --rebuild

Rebuilding might reduce the number of learnt emails in the database, and spamassassin will not use them unless they have at least 200 samples of spam and 200 samples of non-spam (ham) already in the database. you can turn on the -D debugging and keep an eye on the spamassassin log to see how many actual emails there are in the bayesian databases

Updated fine, but now spamassassin marks outgoing messages too (which didn't happen with gpan's package). Any idea how to turn this off ?

i run sa-learn --rebuild
and then i stuck on sa-learn --spam after stuck i'm fire ctrl+c i got this

[root@xxxx mail]# sa-learn --spam
Learned from 0 message(s) (0 message(s) examined).
interrupted at /usr/lib/perl5/site_perl/5.6.1/Mail/SpamAssassin/CmdLearn.pm line 250.
You have new mail in /var/spool/mail/root
[root@xxxx mail]#

the syntax is sa-learn --spam /path/to/spam/folder

where you put some un-altered emails that you are sure they're spam.

how would i know where is my spam folder?

you are supposed to create it yourself.

gather a bunch of emails, the more the better, try to get more than 250, that you have examined personally and you KNOW that they are spam, copy them into a folder such as /tmp/spam

and run that command on this folder
e.g.

sa-learn --spam /tmp/spam

do the same for regular emails or ham (non-spam)
(again, try to gather more than 250 emails)
sa-learn --ham /tmp/ham

after that may delete /tmp/spam?

would you tell me how it's learn by this command. it's keep Email who send spam? or the text that are in the body of Email?

if i make a mistake by copy some good email to /tmp/spam and i run command sa-learn --spam /tmp/spam. how can i remove it(only good email)?

thank you

sa-learn --forget

Anyone try using the spamassasin RPMs at old.spamassassin.org? I installed them, did the maint. mode and now the user settings for spam assasin stopped working. Any idea on how I can fix this? This is with Ensim v4.0.1 under RHE. Thanks.

Hal

Hi,

I tried to upgrade with the spamassassin RPMs and it blew away my spam_filter folder in the FILESYSTEMTEMPLATE folder. The link below fixed the problem.

http://forum.ev1servers.net/showthread.php...ight=spamfilter

Hal

spamassasin 2.64 was released recently, so I have upgraded the procedure above to reflect the new versions.

Thanks Artie - process works fine on Ensim 4.01 RHEL

thanks again!

Upgrade to MailScanner and then SpamAssassin went smoothly on Ensim 3.7 RHEL. However, the scanned headers still reflect 2.55. Also, I'm seeing this in the header:

Not scanned: please contact your Internet E-Mail Service Provider for details

spamassassin -V reflects 2.64.

** Update: I unchecked contact external servers in Webappliance and the Spam headers began to show 2.64.


-----------

MailScanner/Clam is still broken.

Update:


Now MailScanner headers aren't showing up at all. Plus, Clam seems to have been broken.

Previously, I had the preinstalled Ensim 3.7 versions of SpamAssassin, MailScanner, and ClamAV.

Help!

[Delete Post]

The disable tests that connect to remote servers did the trick.

well after much deliberation and trial and error I got 3.0 to work on ensim.. its not to hard. but a pain non the less

let me try to make a how-to.. Ill post it on the how-to section in a few.. let me write it up.........

Do your magic Artie

http://forum.ev1servers.net/showthread.php...&threadid=49078


here it is

If you used my HOWTO to upgrade spamassassin and you performed the latest RHEL update on your Ensim 4.0x server on RHEL using update (and you should perform the update), you will need to redo this install to reset your spamassasin rules. The latest RHEL upgrades the spamassasin 2.55 rpm deployed by RedHat. Unfortunately this will rollback the default spamassassin rules files to the 2.55 version. Simply rerun these steps to get your spamassassin rules updated to the 2.64 version and refresh your virtual sites.

BTW, unless you deleted the compilation directory from the procedure before, you may only need to do the make install followed by the server maintenance mode steps.

With the release of the Ensim hotfix for Ensim 4.0.3 to support spamassassin 3.0, I will no longer be updating this thread unless needed for spamassassin 3.0.x releases.

http://onlinesupport.ensim.com/TWKB/ViewCa...nowledgeID=1953

Any known issues with the SA3.0 hotfix?