Spam Assassin seems to no longer be checking emails

[geefin]

I've got an install where Spam Assassin is still running in Plesk control panel, this was working fine up until about a week ago. Nothing to my knowledge has changed, however, looking at the headers only the Plesk Spam Assasin is running.

ps ax | grep spamd

Code: Select all

26779 ?        Ss     0:00 /usr/bin/spamd --username=popuser --daemonize --helper-home-dir=/var/qmail --max-children 5 --create-prefs --nouser-config --virtual-config-dir=/var/qmail/mailnames/%d/%l/.spamassassin --pidfile=/var/run/spamd/spamd_full.pid --socketpath=/tmp/spamd_full.sock
26781 ?        Ss     0:00 /usr/bin/spamd --username=popuser --daemonize --helper-home-dir=/var/qmail --max-children 5 --create-prefs --nouser-config --virtual-config-dir=/var/qmail/mailnames/%d/%l/.spamassassin --pidfile=/var/run/spamd/spamd_light.pid --socketpath=/tmp/spamd_light.sock --siteconfigpath=/dev/null
26782 ?        S      0:00 spamd child
26783 ?        S      0:00 spamd child
26785 ?        S      0:00 spamd child
26786 ?        S      0:00 spamd child

But the ART SA is definetly not running, I'm seeing scores of 48+ not being deleted, and the subject change is different for the ART SA...

Sample header -

Code: Select all

X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on 
	s15228650.onlinehome-server.info
X-Spam-Level: ******
X-Spam-Status: Yes, score=6.1 required=3.0 tests=DIGEST_MULTIPLE,HTML_MESSAGE,
	HTML_MIME_NO_HTML_TAG,MIME_HTML_ONLY,PYZOR_CHECK,
	RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E4_51_100,RAZOR2_CHECK,
	SPF_HELO_PASS autolearn=no version=3.1.7
X-Spam-Report: 
	* -0.0 SPF_HELO_PASS SPF: HELO matches SPF record
	*  0.0 HTML_MESSAGE BODY: HTML included in message
	*  0.0 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
	*  1.5 RAZOR2_CF_RANGE_E4_51_100 Razor2 gives engine 4 confidence level
	*      above 50%
	*      [cf: 100]
	*  0.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
	*  0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
	*      [cf: 100]
	*  2.8 PYZOR_CHECK Listed in Pyzor (http://pyzor.sf.net/)
	*  0.2 DIGEST_MULTIPLE Message hits more than one network digest check
	*  0.5 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag
Received: (qmail 28093 invoked by uid 10017); 26 Apr 2007 22:17:10 +0100
Received: from 212.227.15.36 by s15228650.onlinehome-server.info (envelope-from <motorsport@msc-schefflenz.de>, uid 2020) with qmail-scanner-2.01st 
 (clamdscan: 0.88.7/3162. perlscan: 2.01st.  
 Clear:RC:0(212.227.15.36):. 
 Processed in 0.039926 secs); 26 Apr 2007 21:17:10 -0000
Received: from mout-xforward.kundenserver.de (212.227.15.36)
  by s15228650.onlinehome-server.info with SMTP; 26 Apr 2007 22:17:10 +0100
Received-SPF: pass (s15228650.onlinehome-server.info: local policy designates 212.227.15.36 as permitted sender)
Received-SPF: none (mxeu10: 76.81.79.115 is neither permitted nor denied by domain of msc-schefflenz.de) client-ip=76.81.79.115; envelope-from=motorsport@msc-schefflenz.de; helo=cpe-76-81-79-115.socal.res.rr.com;
Received: from [76.81.79.115] (helo=cpe-76-81-79-115.socal.res.rr.com)
	by mx.kundenserver.de (node=mxeu10) with ESMTP (Nemesis),
	id 0MKu60-1HhB0F2tUF-000823 for name@domain.com; Thu, 26 Apr 2007 22:55:48 +0200
X-Originating-IP: [85.71.39.4] 
X-Originating-Email: [name@domain.com] 
X-Sender: name@domain.com
Return-Path: name@domain.com
Received: (qmail 15498 by uid 758); Thu, 26 Apr 2007 01:55:24 -0800
Message-Id: <20070426-75524.15500.qmail@cpe-76-81-79-115.socal.res.rr.com>
To: <name@domain.com>
Subject: *****SPAM***** Daily News 537412357
From: Investor Jeri <name@domain.com>
MIME-Version: 1.0
Importance: High
Content-Type: text/html
Date: Thu, 26 Apr 2007 22:55:47 +0200
X-Spam-Prev-Subject: Daily News 537412357

And a sample sectin of the maillog -

Code: Select all

Apr 26 22:25:02 s15228650 qmail: 1177622702.229481 delivery 42: failure: Sorry._Although_I'm_listed_as_a_best-preference_MX_or_A_for_that_host,/it_isn't_in_my_control/locals_file,_so_I_don't_treat_it_as_local._(#5.4.6)/
Apr 26 22:25:02 s15228650 qmail: 1177622702.229573 status: local 0/10 remote 0/20
Apr 26 22:25:02 s15228650 qmail-scanner[28655]: Clear:RC:1(127.0.0.1): 0.024962 3717 <> anonymous@s15228650.onlinehome-server.info failure_notice <117762270299328655@s15228650.onlinehome-server.info> 1177622702.28657-0.s15228650.onlinehome-server.info:3477
Apr 26 22:25:02 s15228650 qmail: 1177622702.266246 bounce msg 84234492 qp 28655
Apr 26 22:25:02 s15228650 qmail: 1177622702.266349 end msg 84234492
Apr 26 22:25:02 s15228650 qmail: 1177622702.267113 new msg 84234508
Apr 26 22:25:02 s15228650 qmail: 1177622702.267168 info msg 84234508: bytes 4036 from <> qp 28662 uid 10017
Apr 26 22:25:02 s15228650 qmail: 1177622702.282936 starting delivery 43: msg 84234508 to remote anonymous@s15228650.onlinehome-server.info
Apr 26 22:25:02 s15228650 qmail: 1177622702.283025 status: local 0/10 remote 1/20
Apr 26 22:25:02 s15228650 qmail: 1177622702.388793 delivery 43: failure: Sorry._Although_I'm_listed_as_a_best-preference_MX_or_A_for_that_host,/it_isn't_in_my_control/locals_file,_so_I_don't_treat_it_as_local._(#5.4.6)/
Apr 26 22:25:02 s15228650 qmail: 1177622702.388895 status: local 0/10 remote 0/20
Apr 26 22:25:02 s15228650 qmail-scanner[28665]: Clear:RC:1(127.0.0.1): 0.031132 4672 #@[] #@s15228650.onlinehome-server.info failure_notice <117762270299328665@s15228650.onlinehome-server.info> 1177622702.28667-0.s15228650.onlinehome-server.info:4440
Apr 26 22:25:02 s15228650 qmail: 1177622702.450250 bounce msg 84234508 qp 28665
Apr 26 22:25:02 s15228650 qmail: 1177622702.450353 end msg 84234508
Apr 26 22:25:02 s15228650 qmail: 1177622702.450833 new msg 84234492
Apr 26 22:25:02 s15228650 qmail: 1177622702.450885 info msg 84234492: bytes 4995 from <#@[]> qp 28672 uid 10017
Apr 26 22:25:02 s15228650 qmail: 1177622702.467194 starting delivery 44: msg 84234492 to remote #@s15228650.onlinehome-server.info
Apr 26 22:25:02 s15228650 qmail: 1177622702.467280 status: local 0/10 remote 1/20
Apr 26 22:25:02 s15228650 qmail: 1177622702.469933 delivery 44: failure: Sorry._Although_I'm_listed_as_a_best-preference_MX_or_A_for_that_host,/it_isn't_in_my_control/locals_file,_so_I_don't_treat_it_as_local._(#5.4.6)/
Apr 26 22:25:02 s15228650 qmail: 1177622702.470011 status: local 0/10 remote 0/20
Apr 26 22:25:02 s15228650 qmail: 1177622702.470056 triple bounce: discarding bounce/84234492
Apr 26 22:25:02 s15228650 qmail: 1177622702.470105 end msg 84234492
Apr 26 22:25:06 s15228650 relaylock: /var/qmail/bin/relaylock: mail from 212.227.126.187:60451 (moutng.kundenserver.de)
Apr 26 22:25:06 s15228650 qmail: 1177622706.909532 new msg 84234492
Apr 26 22:25:06 s15228650 qmail: 1177622706.909624 info msg 84234492: bytes 4408 from <ktkuhn@earthcam.net> qp 28685 uid 10017
Apr 26 22:25:06 s15228650 qmail-scanner[28677]: Clear:RC:0(212.227.126.187): 0.052934 4058 ktkuhn@earthcam.net name@domain.com Human_Growth_Hormone <e4bf01c1927e$4dbeb8e2$5038c9a8@earthcam.net> 1177622706.28679-0.s15228650.onlinehome-server.info:881 1177622706.28679-1.s15228650.onlinehome-server.info:1619
Apr 26 22:25:06 s15228650 qmail: 1177622706.927377 starting delivery 45: msg 84234492 to local name@domain.com
Apr 26 22:25:06 s15228650 qmail: 1177622706.927467 status: local 1/10 remote 0/20
Apr 26 22:25:06 s15228650 spamd[26786]: spamd: got connection over /tmp/spamd_full.sock
Apr 26 22:25:06 s15228650 spamd[26786]: spamd: using default config for name@domain.com: /var/qmail/mailnames/domain.com/graeme.finlayson/.spamassassin/user_prefs
Apr 26 22:25:06 s15228650 spamd[26786]: spamd: processing message <e4bf01c1927e$4dbeb8e2$5038c9a8@earthcam.net> for name@domain.com:110
Apr 26 22:25:17 s15228650 spamd[26786]: bayes: cannot open bayes databases /var/qmail/mailnames/domain/name/.spamassassin/bayes_* R/W: lock failed: File exists
Apr 26 22:25:17 s15228650 spamd[26786]: spamd: identified spam (36.6/3.0) for name@domain.com:110 in 10.5 seconds, 4408 bytes.
Apr 26 22:25:17 s15228650 spamd[26786]: spamd: result: Y 36 - BAYES_99,DATE_IN_PAST_96_XX,DIGEST_MULTIPLE,HG_HORMONE,HTML_40_50,HTML_MESSAGE,PYZOR_CHECK,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E4_51_100,RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK,SPF_HELO_PASS,URIBL_AB_SURBL,URIBL_BLACK,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_SBL,URIBL_SC_SURBL scantime=10.5,size=4408,user=name@domain.com,uid=110,required_score=3.0,rhost=localhost,raddr=127.0.0.1,rport=/tmp/spamd_full.sock,mid=<e4bf01c1927e$4dbeb8e2$5038c9a8@earthcam.net>,bayes=1,autolearn=unavailable
Apr 26 22:25:17 s15228650 spamd[26779]: prefork: child states: II
Apr 26 22:25:17 s15228650 qmail: 1177622717.540563 delivery 45: success: did_1+0+2/did_0+0+1/
Apr 26 22:25:17 s15228650 qmail: 1177622717.540666 status: local 0/10 remote 0/20
Apr 26 22:25:17 s15228650 qmail: 1177622717.540711 end msg 84234492

Can anyone point me in the right direction. Gone from 2-3 spams per day to about 60

[Galactic Zero]

I think it is the other way round.. ART's spamassassin is running but your psa-spamassassin isn't.

spamd is spamassasin and not psa-spamassassin. psa-spamassassin won't really show up under a ps -aux |grep spamd look up as it is not running spamassassin only an interface for spamassassin in the cp.

This shows you that spamassassin is indeed running:
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on
s15228650.onlinehome-server.info
X-Spam-Level: ******

Have you made any changes to the system lately? Added or updated spamassassin, rulesdujour, clamd, etc?

[geefin]

Apart from auto-update nothing specific to my knowledge, I'm pretty certani it's the Plesk SA that's running as that marks messages with "*****SPAM*****" whereas ART's is setup in the config to mark them with "qs*****SPAM*****qs". I haven't had any messages come through marked with the 'qs' bit for a week or so, and I've had a lot come through

Is there a way to check that qmail reconfigure has brought in the ART Spam Assassin?

[Galactic Zero]

grep for spamd to make sure it is running, then do a qmail-scanner-reconfigure .. the do a tail -f on the maillog and watch to see what is happening.

[geefin]

Hi, Cheers for the help,

grepping gives the below -

Code: Select all

26779 ?        Ss     0:00 /usr/bin/spamd --username=popuser --daemonize --helper-home-dir=/var/qmail --max-children 5 --create-prefs --nouser-config --virtual-config-dir=/var/qmail/mailnames/%d/%l/.spamassassin --pidfile=/var/run/spamd/spamd_full.pid --socketpath=/tmp/spamd_full.sock
26781 ?        Ss     0:00 /usr/bin/spamd --username=popuser --daemonize --helper-home-dir=/var/qmail --max-children 5 --create-prefs --nouser-config --virtual-config-dir=/var/qmail/mailnames/%d/%l/.spamassassin --pidfile=/var/run/spamd/spamd_light.pid --socketpath=/tmp/spamd_light.sock --siteconfigpath=/dev/null
26782 ?        S      0:00 spamd child
26783 ?        S      0:00 spamd child
26785 ?        S      0:00 spamd child
26786 ?        S      0:00 spamd child 

Doing a scanner-reconfigure results in the current date for the new file. However, the ART is still not scanning/deleting

Sample from the Maillog, I can see it enters qmail-scanner, and clamav etc. are running. It's purely the fact that Spam Assassin/checking/deleting appears to have stopped

Code: Select all

Apr 28 12:05:01 s15228650 qmail: 1177758301.572424 new msg 84235690
Apr 28 12:05:01 s15228650 qmail: 1177758301.572513 info msg 84235690: bytes 2953 from <anonymous@s15228650.onlinehome-server.info> qp 9144 uid 10017
Apr 28 12:05:01 s15228650 qmail-scanner[9131]: Clear:RC:1(127.0.0.1): 0.020913 2592 anonymous@s15228650.onlinehome-server.info racedandrallied@s15228650.onlinehome-server.info Cron_<racedandrallied@s15228650>_/usr/bin/php_/var/www/vhosts/racedandrallied.co <20070428110501.9130.qmail@s15228650.onlinehome-server.info> 1177758301.9138-0.s15228650.onlinehome-server.info:2074
Apr 28 12:05:01 s15228650 qmail: 1177758301.582473 starting delivery 3618: msg 84235690 to remote racedandrallied@s15228650.onlinehome-server.info
Apr 28 12:05:01 s15228650 qmail: 1177758301.582562 status: local 0/10 remote 1/20
Apr 28 12:05:01 s15228650 qmail: 1177758301.699061 delivery 3618: failure: Sorry._Although_I'm_listed_as_a_best-preference_MX_or_A_for_that_host,/it_isn't_in_my_control/locals_file,_so_I_don't_treat_it_as_local._(#5.4.6)/
Apr 28 12:05:01 s15228650 qmail: 1177758301.699200 status: local 0/10 remote 0/20
Apr 28 12:05:01 s15228650 qmail-scanner[9175]: Clear:RC:1(127.0.0.1): 0.071846 3714 <> anonymous@s15228650.onlinehome-server.info failure_notice <11777583019939175@s15228650.onlinehome-server.info> 1177758301.9181-0.s15228650.onlinehome-server.info:3475
Apr 28 12:05:01 s15228650 qmail: 1177758301.797111 bounce msg 84235690 qp 9175
Apr 28 12:05:01 s15228650 qmail: 1177758301.797214 end msg 84235690
Apr 28 12:05:01 s15228650 qmail: 1177758301.797774 new msg 84235692
Apr 28 12:05:01 s15228650 qmail: 1177758301.797829 info msg 84235692: bytes 4032 from <> qp 9209 uid 10017
Apr 28 12:05:01 s15228650 qmail: 1177758301.806008 starting delivery 3619: msg 84235692 to remote anonymous@s15228650.onlinehome-server.info
Apr 28 12:05:01 s15228650 qmail: 1177758301.806095 status: local 0/10 remote 1/20
Apr 28 12:05:01 s15228650 qmail: 1177758301.809092 delivery 3619: failure: Sorry._Although_I'm_listed_as_a_best-preference_MX_or_A_for_that_host,/it_isn't_in_my_control/locals_file,_so_I_don't_treat_it_as_local._(#5.4.6)/
Apr 28 12:05:01 s15228650 qmail: 1177758301.809169 status: local 0/10 remote 0/20
Apr 28 12:05:01 s15228650 qmail-scanner[9212]: Clear:RC:1(127.0.0.1): 0.044426 4667 #@[] #@s15228650.onlinehome-server.info failure_notice <11777583019939212@s15228650.onlinehome-server.info> 1177758301.9214-0.s15228650.onlinehome-server.info:4436
Apr 28 12:05:01 s15228650 qmail: 1177758301.985012 bounce msg 84235692 qp 9212
Apr 28 12:05:01 s15228650 qmail: 1177758301.985115 end msg 84235692
Apr 28 12:05:01 s15228650 qmail: 1177758301.985618 new msg 84235690
Apr 28 12:05:01 s15228650 qmail: 1177758301.985672 info msg 84235690: bytes 4989 from <#@[]> qp 9219 uid 10017
Apr 28 12:05:01 s15228650 qmail: 1177758301.994019 starting delivery 3620: msg 84235690 to remote #@s15228650.onlinehome-server.info
Apr 28 12:05:01 s15228650 qmail: 1177758301.994108 status: local 0/10 remote 1/20
Apr 28 12:05:01 s15228650 qmail: 1177758301.996977 delivery 3620: failure: Sorry._Although_I'm_listed_as_a_best-preference_MX_or_A_for_that_host,/it_isn't_in_my_control/locals_file,_so_I_don't_treat_it_as_local._(#5.4.6)/
Apr 28 12:05:01 s15228650 qmail: 1177758301.997056 status: local 0/10 remote 0/20
Apr 28 12:05:01 s15228650 qmail: 1177758301.997101 triple bounce: discarding bounce/84235690
Apr 28 12:05:01 s15228650 qmail: 1177758301.997145 end msg 84235690

Gutted as the spam protection was fantastic before, only a few a day, now it's back up to pre-ART levels

Graeme.

[Galactic Zero]

Disable psa-spamassassin, then monitor your mail log. psa-spamassassin is not really scanning your email, it is the PSA interface to configure spamassassin with score, white list etc.

Make sure you only have spamd (which is spamassassin and not psa-spamassassin) running and clamd, do a qmail-scanner-reconfigure and then watch your maillog.

Also, what version of qmail-scanner and ART's spamassassin are you running? Should be 2.01.11 for qmail-s and 3.1.7 for spam.

[breun]

Also, what version of qmail-scanner and ART's spamassassin are you running? Should be 2.01.11 for qmail-s and 3.1.7 for spam.

ART has newer versions of qmail-scanner and spamassassin available for supported platforms. I'm running qmail-scanner-2.01-14.6.el4.art and spamassassin-3.1.8-1.el4.art.