I'm with you 100% on lack of docs and examples. When you compare this stuff to, say, spamdyke, which has docs, docs and more docs, please the most helpful mailing list known to man, it gets depressing.
So experimentation, and googling, and asking on forums like this is the name of the game here.
I'm afraid I have not looked into settings per domain. I did look into the addheader stuff years ago, and found it did not work with qmail-scanner as-is. There's a post about this from me either here or on the Parallels forums. But I think it is here. I remember that someone, probably scott, mentioned something about it being possible but you need to change this that or the other.
I would not worry about that right now.
What you want to do is look at /usr/local/psa/var/log/maillog and /var/spool/qscan/qmail-queue.log
Send some messages and see what happens. Use the gtube test string in some. Use the eicar virus test string on others.
dcc, pyzor and razor almost work all by themselves. There may be a firewall issue with dcc but that's about it.
I recommend that you do a google search for "spamassassin pyror dcc razor howto" (don't worry about qmail-scanner -- that's just icing on the cake and adding it to the equation will just complicate things) and have a read (that's what I did). You will then get a flavour of how they work a lot better, and some of the howtos give examples of how to test individual components (dcc in particular). Some of them have man pages too. I'm not saying you should follow the howtos - but they really help explain what does what and how. There's one in particular that talks about server-wite and individual account settings.
Using "spamassassin -D < testmesssage.eml" is very useful, where testmessage.eml is an actual real email including headers. Ideally have one that's spam, and another one that's non-spam.
One thing to keep in mind -- when you do the spamassassin test as root, you are running spamassassin as root, and therefore spamassassin will have access to almost anything. If, in reality, spamassassin does not run as root (e.g. it runs as popuser), then you might want to repeat the test with sa running as popuser in case there are permission problems.
Now popuser (or whatever user it might be) may not (should not!) have shell permissions so su - popuser will not work.
I think it was Breun who gave me the magic formula for getting around this:
su -s /bin/bash - userthatnormallydoesnothaveashell
But all this is probably not needed - I'm sorry but I don't recall which user sa runs as in an ART/qmail-scanner setup and quite frankly it probably doesn't matter and on this occasion just run it as root.
Now......
You need to carefully look for errors regarding dcc, pyror and razor in the debug output generated by spamassassin -D < testmessage.eml (or spamassassin --lint as you suggest, which is also a good idea)
Another thing to look out for in to see if DCC, pyzor or razor are listed in the maillog for incoming messages, where you WILL see the rule names for each rule that triggers on a particular message.
You won't see dcc pyzor or razor all that often necessarily, unless you have a handy domain that receives millions of spams that you can test with (we do -- it is wonderful. You can create one with a throw-away domain if want - register the domain, sign up for lots of crappy mailing lists and pr0n sites, post the address in various discussion groups and forums and what have you and then watch the spam flow in. Oh, you can also redirect email to non-existant accounts on other domains to your "spamtrap" domain too.
Anyway...I'm brain dumping here. I'm sorry if this is all a bit disjointed and rambling and not even necessarily relevent or even factually accurate, but I hope a few snippets help in some way.
Here's a random example from maillog
Code: Select all
spamd: result: Y 9 - BAYES_60,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK,RCVD_IN_BRBL,SPF_HELO_PASS,URIBL_BLACK,URIBL_JP_SURBL scantime=4.4,size=1456,user=popuser,uid=110,requ|
Su|ired_score=4.0,rhost=localhost,raddr=127.0.0.1,rport=/tmp/spamd_full.sock,mid=<20100221094255@[redacted]>,bayes=0.689698,autolearn=spam
Do not panic, incidentally, if you see autolearn=unavailable or =no. This is normal behaviour. Have a serach on this forum for autolearn and you'll find a post by me about this (I think).
Faris.