Raspberry Pi Email Server Part 4: Spam Detection with Spamassassin

Spamassassin Logo

This is the fourth part of a five part tutorial that will show you how to install a full featured email server on your Raspberry Pi. This tutorial covers how to mark emails as spam with Spamassassin.

The parts are:
The Introduction & Contents Page (read first)
Raspberry Pi Email Server Part 1: Postfix
Raspberry Pi Email Server Part 2: Dovecot
Raspberry Pi Email Server Part 3: Squirrelmail
Raspberry Pi Email Server Part 4: Spam Detection with Spamassassin
Raspberry Pi Email Server Part 5: Spam Sorting with LMTP & Sieve

Intro

I don’t actually get very many spam emails (famous last words, right?) but the occasional email gets past my helo access restrictions list (discussed in Raspberry Pi Email Server Part 1: Postfix).

So, I decided to set up Spamassassin, a program that will check incoming emails and mark them as spam if they look suspicious. Spamassassin is pretty clever, it uses bayesian filtering to decide what’s spam and what’s not, and it will learn based on previous results, so it gets more accurate over time if you correct it when it gets things wrong.

Spamassassin will only mark emails as spam, it will not sort them into folders for you as well. We’ll be doing the sorting with Dovecot’s Local Mail Transfer Protocol (LMTP) and the Sieve plugin, in the next tutorial: Raspberry Pi Email Server Part 5: Spam Sorting with LMTP & Sieve.

Let’s get started:

Installing & Configuring Spamassassin

First, install Spamassassin:

sudo apt-get update
sudo apt-get install spamassassin

Now we need to edit values in the file /etc/spamassassin/local.cf. Some of these may already be set, in which case you can leave them as they are; add or amend the others as necessary:

This one will add the spam score to the subject line of emails that Spamassassin considers to be spam:

rewrite_header Subject [***** SPAM _SCORE_ *****]

Spamassassin will also flag spam emails with “X-Spam-Flag: YES” in the headers. This flag is what we will eventually use to sort emails with; the rewritten subject line is purely to make the score easier to see.

This next setting will tell Spamassassin to modify headers only, without making any changes to the body of the email:

report_safe 0

This one lowers the threshold for mail to be considered spam from 5 to 2. You can change this later if you get lots of false positives, but it’s nice to have some emails set off the rules to begin with, just so you know it’s working:

required_score 2.0

This tells Spamassassin to use Bayesian filtering:

use_bayes 1

This turns on automatic learning:

bayes_auto_learn 1

Now edit /etc/default/spamassassin and set:

ENABLED=1

You can now start the spamassassin daemon:

sudo service spamassassin start

If you are using a modern Debian derivative (Jessie or later), the init system has changed to systemd. You need to run this additional command to enable spamassassin, which will cause it to automatically start when you boot:

sudo systemctl enable spamassassin

Instructing Postfix to use Spamassassin

At this stage, the Spamassassin daemon is running but none of your incoming emails are being passed through it. We need to edit this line in /etc/postfix/master.cf (just under the headers):

smtp      inet  n       -       -       -       -       smtpd
        -o content_filter=spamassassin

And append this to the bottom of that same file, which will pipe the output back to Postfix using the Postfix’s Sendmail compatibility interface:

spamassassin    unix  -       n       n       -       -       pipe user=debian-spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}

Note: this is all one line, even if it appears wrapped in your browser.

Now restart postfix:

sudo service postfix restart

If you get an error like this:

[....] Stopping Postfix Mail Transport Agent: postfix/usr/sbin/postconf: fatal: file /etc/postfix/master.cf: line 22: bad field count
postfix/postfix-script: fatal: cannot execute /usr/sbin/postconf!
 failed!

…then check the whitespace before the -o in content_filter=spamassassin. I can’t quite remember what I did but I think I changed tabs to spaces or the other way round, and then restarted postfix.

Now watch the mail log with this command:

tail -f /var/log/mail.log

…and send a test email. You should see testing something like this:

Jan  8 22:21:18 samhobbs postfix/smtpd[952]: connect from blu0-omc2-s3.blu0.hotmail.com[65.55.111.78]
Jan  8 22:21:19 samhobbs postfix/smtpd[952]: 542E83F519: client=blu0-omc2-s3.blu0.hotmail.com[65.55.111.78]
Jan  8 22:21:19 samhobbs postfix/cleanup[957]: 542E83F519: message-id=
Jan  8 22:21:19 samhobbs postfix/qmgr[941]: 542E83F519: from=, size=1579, nrcpt=1 (queue active)
Jan  8 22:21:19 samhobbs spamd[445]: spamd: connection from localhost [127.0.0.1] at port 35680
Jan  8 22:21:19 samhobbs postfix/smtpd[952]: disconnect from blu0-omc2-s3.blu0.hotmail.com[65.55.111.78]
Jan  8 22:21:19 samhobbs spamd[445]: spamd: setuid to debian-spamd succeeded
Jan  8 22:21:19 samhobbs spamd[445]: spamd: creating default_prefs: /var/lib/spamassassin/.spamassassin/user_prefs
Jan  8 22:21:19 samhobbs spamd[445]: config: created user preferences file: /var/lib/spamassassin/.spamassassin/user_prefs
Jan  8 22:21:19 samhobbs spamd[445]: spamd: processing message  for debian-spamd:111
Jan  8 22:21:24 samhobbs spamd[445]: spamd: clean message (0.0/2.0) for debian-spamd:111 in 5.0 seconds, 1541 bytes.
Jan  8 22:21:24 samhobbs spamd[445]: spamd: result: . 0 - HTML_MESSAGE,MSGID_FROM_MTA_HEADER scantime=5.0,size=1541,user=debian-spamd,uid=111,required_score=2.0,rhost=localhost,raddr=127.0.0.1,rport=35680,mid=,autolearn=ham
Jan  8 22:21:24 samhobbs postfix/pickup[940]: D83DE3F521: uid=111 from=
Jan  8 22:21:24 samhobbs postfix/pipe[958]: 542E83F519: to=, relay=spamassassin, delay=5.7, delays=0.44/0.05/0/5.2, dsn=2.0.0, status=sent (delivered via spamassassin service)
Jan  8 22:21:24 samhobbs postfix/qmgr[941]: 542E83F519: removed
Jan  8 22:21:24 samhobbs postfix/cleanup[957]: D83DE3F521: message-id=
Jan  8 22:21:24 samhobbs postfix/qmgr[941]: D83DE3F521: from=, size=1890, nrcpt=1 (queue active)
Jan  8 22:21:25 samhobbs postfix/local[964]: D83DE3F521: to=, relay=local, delay=0.2, delays=0.06/0.1/0/0.03, dsn=2.0.0, status=sent (delivered to maildir)
Jan  8 22:21:25 samhobbs postfix/qmgr[941]: D83DE3F521: removed
Jan  8 22:21:25 samhobbs spamd[439]: prefork: child states: II

So the steps you can see here are:

  1. Outlook server connects to RasPi/Postfix on port 25
  2. Postfix accepts the message and hands it to Spamassassin to process
  3. Spamassassin decides the message is clean and marks it as HAM
  4. The email is passed back from Spamassassin to Postfix and delivered to the inbox

Training Spamassassin

We’ve deliberately set the score limit for spam to a low value. This inevitably means we’ll get some false positives, but we can use these to train Spamassassin and make it better.

First, some things to understand about the Maildir format we’re using. Here’s what my structure looks like:

admin@samhobbs ~ $ sudo ls -al /home/sam/Maildir/
total 604
drwx------ 12 sam sam   4096 Mar  6 14:55 .
drwxr-xr-x  3 sam sam   4096 Mar  5 23:07 ..
drwx------  2 sam sam  36864 Mar  6 12:59 cur
-rw-------  1 sam sam  11920 Mar  6 04:14 dovecot.index
-rw-------  1 sam sam 415744 Mar  6 14:50 dovecot.index.cache
-rw-------  1 sam sam  10332 Mar  6 13:08 dovecot.index.log
-rw-------  1 sam sam  32784 Mar  5 16:22 dovecot.index.log.2
-rw-------  1 sam sam     30 Jan 13 22:30 dovecot-keywords
-rw-------  1 sam sam    144 Mar  3 17:49 dovecot.mailbox.log
-rw-------  1 sam sam  27138 Mar  6 09:27 dovecot-uidlist
-rw-------  1 sam sam      8 Mar  5 23:07 dovecot-uidvalidity
-r--r--r--  1 sam sam      0 Nov 23 22:55 dovecot-uidvalidity.52913278
drwx------  5 sam sam   4096 Mar  5 22:36 .Drafts
drwx------  5 sam sam   4096 Mar  4 21:53 .foo
drwx------  5 sam sam   4096 Mar  3 17:49 .INBOX.foo
drwx------  2 sam sam   4096 Mar  6 09:37 new
drwx------  5 sam sam   4096 Mar  5 22:36 .Sent
drwx------  5 sam sam   4096 Mar  6 14:37 .Spam
-rw-------  1 sam sam     37 Mar  3 17:49 subscriptions
drwx------  5 sam sam   4096 Nov 27 19:00 .Templates
drwx------  2 sam sam   4096 Mar  6 09:27 tmp
drwx------  5 sam sam   4096 Mar  6 04:08 .Trash

You can see I’ve created a couple of test folders here: one top level folder called “foo” and another subfolder in the inbox also called “foo” (.INBOX.foo). Each folder has three subdirectories: new for new (unread) emails, cur for emails that have been read, and tmp for temporary storage during delivery.

You can read more about this on the Dovecot Wiki if you’d like to know more.

So, the important thing to take away from this is that HAM emails are stored here:
/home/username/Maildir/cur

…and SPAM emails will be stored here (after sieve has been configured):
/home/username/Maildir/.Spam/cur

Spamassassin has a commandline training tool that is invoked like this:

sa-learn --no-sync [--spam or --ham] [folder/{cur,new}]

Each user has its own spamassassin database, which is located in the user's home directory in a hidden folder (.spamassassin). By default, the sa-learn command trains the database in the home directory of the user running the command, and since the spamassassin pipe we set up processes email as the user debian-spamd, we need to make sure we train the database in debian-spamd's home directory (which is /var/lib/spamassassin - you can check by looking in /etc/passwd). Unfortunately, if you run the command as debian-spamd using sudo -u debian-spamd command, you won't have read permissions for your emails.

Here’s the plan: move any false positives back into the inbox with your email client, and move any missed spam into the spam folder. Then run these three commands using sudo, so you have permission to read your emails and write to the spamassassin database, and use the --dbpath option to specify which database to write to:

# Scan HAM
sudo sa-learn --dbpath /var/lib/spamassassin/.spamassassin/ --no-sync --ham /home/username/Maildir/{cur,new}
# Scan SPAM
sudo sa-learn --dbpath /var/lib/spamassassin/.spamassassin/ --no-sync --spam /home/username/Maildir/.Spam/{cur,new}
# sync the journal and databases
sudo sa-learn --dbpath /var/lib/spamassassin/.spamassassin/ --sync

On my Pi, running the HAM command took about 5mins to process ~500 messages, with WordPress running at the same time. If you’re sure you will always move emails into the correct folders, you could add these two commands to a cron job so that they run regularly and keep everything up to date.

Alternatively, you can just run the commands when you notice a few false positives or missed spam emails. Over time, your spam filter will get better and better.

Automated learning using a script

If you don't want to run the commands manually all the time, you can use this simple cron job I wrote. The cron job runs as root, so you don't need the sudo part we used earlier. Create the script like this:

sudo nano /etc/cron.daily/spamassassin-learn

Now copy and paste this into the file (ctrl + shift + v to paste in nano):

#!/bin/bash

# Script by Sam Hobbs, see the following URL for updates:
# https://samhobbs.co.uk/2014/03/raspberry-pi-email-server-part-4-spam-detection-with-spamassassin

# redirect errors and output to logfile
exec 2>&1 >> /var/log/spamassassin.log

NOW=$(date +"%Y-%m-%d")

# Headers for log
echo ""
echo "#================================ $NOW ================================#"
echo ""

# learn HAM
echo "Learning HAM from Inbox"
sa-learn --dbpath /var/lib/spamassassin/.spamassassin/ --no-sync --ham /home/sam/Maildir/{cur,new}

# learn SPAM
echo "Learning SPAM from Spam folder"
sa-learn --dbpath /var/lib/spamassassin/.spamassassin/ --no-sync --spam /home/sam/Maildir/.Spam/{cur,new}

# Synchronize the journal and databases.
echo "Syncing"
sa-learn --dbpath /var/lib/spamassassin/.spamassassin/ --sync

Important: edit the paths so that they match your username! If you want to scan ham and spam for all users (this only works if you trust all users to be sensible and move ham/spam to the right folder) then replace the username "sam" with a glob ("*"), i.e:

sa-learn --dbpath /var/lib/spamassassin/.spamassassin/ --no-sync --ham /home/*/Maildir/{cur,new}

Now make the script executable:

sudo chmod +x /etc/cron.daily/spamassassin-learn

The script will learn from ham/spam daily, and write a log file at /var/log/spamassassin.log. Make sure you move any spam you find into your spam folder, and any false positives back into your inbox. Don't worry if ham is accidentally marked as spam one day and gets "learned", if you move the messages to their correct locations then the next time the script runs spamassassin will correct itself.

What’s next?

We’re now done with Spamassassin. The only thing left to do is find a way to sort spam emails directly into the spam folder, which is covered in the next tutorial: Raspberry Pi Email Server Part 5: Spam Sorting with LMTP & Sieve.

Feel free to leave a comment to let me know how you get on!

Type: 

Comments

Solved my issue spam is now being marked
I had Content-filter instead of the proper parm.. Content_filter..

Great tutorial

It is best to change sa-learn --no-sync --ham /home/sam/Maildir/{cur,new} to use `whoami` like this in all parts of your script:
sa-learn --no-sync --ham /home/`whoami`/Maildir/{cur,new}
Then it would be best for each user to set-up their own cronjob or use a template for each user.

Thanks! I didn't know that trick :)

The cronjob template suggestion is clever too, I'll have a look when I get the chance and see what I can come up with.

Sam

# service postfix restart
[ ok ] Stopping Postfix Mail Transport Agent: postfix.
[ ok ] Starting Postfix Mail Transport Agent: postfix.

l# tail -f /var/log/mail.log
Aug 11 01:14:20 gw spamd[1860]: spamd: creating INET socket:
Aug 11 01:14:20 gw spamd[1860]: spamd: [...] Listen: 128
Aug 11 01:14:20 gw spamd[1860]: spamd: [...] LocalAddr: 127.0.0.1
Aug 11 01:14:20 gw spamd[1860]: spamd: [...] LocalPort: 783
Aug 11 01:14:20 gw spamd[1860]: spamd: [...] Proto: 6
Aug 11 01:14:20 gw spamd[1860]: spamd: [...] ReuseAddr: 1
Aug 11 01:14:20 gw spamd[1860]: spamd: [...] Type: 1
Aug 11 01:14:20 gw spamd[1860]: server socket setup failed, retry 2: spamd: could not create INET socket on 127.0.0.1:783: Cannot assign requested address

# service spamassassin restart
Restarting SpamAssassin Mail Filter Daemon: No /usr/bin/perl found running; none killed.
Aug 11 01:36:10.359 [17046] warn: server socket setup failed, retry 1: spamd: could not create INET socket on 127.0.0.1:783: Cannot assign requested address

# ps aux | grep spamd
root 19315 0.0 0.1 4144 1632 pts/0 S+ 01:39 0:00 grep spamd

Do you have any idea?
I'd rather not reinstall.

Hi Sam,

Another great tutorial!

Managed to install and configure first time round - had to get my head around some concepts, but otherwise splendid!

Regards,

Jo

Hi Sam

can I use those commands for cron job

sa-learn --no-sync --ham /home/*/Maildir/{cur,new}
sa-learn --no-sync --spam /home/*/Maildir/.Spam/{cur,new}

I mean use * for every user I have.

Try it and see! The user running the cron job will need permission to access the Maildir (which is normally private) but if the root user runs the job it should work.

Sam

Hi Sam

I've created cronjob for root user and works fine :)

Hi Sam, another week, another continuation of the setup of the email server!

I'm stuck on getting the postfix to pass emails through to spam assassin, ending up with the error

Nov 29 09:44:05 raspberrypi postfix/postfix-script[23998]: fatal: cannot execute /usr/sbin/postconf!

although i can still send and receive emails fine. It also doesn't tell me that the error exists on line 22 (or 13 in my case) so i'm not sure where exactly the error is.

I definitely have
smtp inet n - - - - smtpd
-o content_filter=spamassassin

copied and pasted into the master.cf file, and I've tried a combination of spaces and tabs to precede the -o part the file. Do you know how many spaces there are?

Stuck on this all morning >.<

When do you get that error? When you restart postfix?

Do you also have the spamassassin content filter defined at the bottom of the file (this one):

spamassassin unix - n n - - pipe user=debian-spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}

Sam

hi Sam,

yes I did have that at the bottom all one line. Well after leaving it for four days, i reset everything and it's worked first time. Strange but it happens! no more errors and the emails are being passed through spam assassin.

Thanks for your help!

Hi Sam. Always use your excellent guides when tinkering with my Raspberry Pi. Use it as my mail server. Recently my usb stick gave up the ghost so I moved from Wheezy to Jessie. Under Wheezy the spamassassin tutorial worked perfectly but it seems things have changed under Jessie. It now uses systemd instead of init. Whereas it used to recognise changes made to /etc/spamassassin/local.cf, it now seems to ignore them. I've basically followed the tutorial verbatim as usual but not enabled spamd for systems using sysinit. Any ideas how these changes have impacted the tutorial?

Hello again :)

Maybe we need to enable spamassassin so it runs at boot? What is the output of:

sudo systemctl status spamassassin

?

Sam

It appears to be enabled. "sudo systemctl status spamassassin" reports the following:-

"● spamassassin.service - Perl-based spam filter using text analysis
Loaded: loaded (/lib/systemd/system/spamassassin.service; enabled)
Active: active (running) since Wed 2016-02-17 09:34:31 GMT; 6h ago
Process: 15211 ExecStart=/usr/sbin/spamd -d --pidfile=/var/run/spamassassin.pid $OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 15213 (/usr/sbin/spamd)
CGroup: /system.slice/spamassassin.service
15213 /usr/sbin/spamd -d --pidfile=/var/run/spamassassin.pid --create-prefs --max-children 5 --he...
15214 spamd child
15215 spamd child

Feb 17 09:34:31 gray spamd[15213]: spamd: server pid: 15213
Feb 17 09:34:31 gray spamd[15213]: spamd: server successfully spawned child process, pid 15214
Feb 17 09:34:31 gray spamd[15213]: spamd: server successfully spawned child process, pid 15215
Feb 17 09:34:31 gray systemd[1]: Started Perl-based spam filter using text analysis.
Feb 17 09:34:31 gray spamd[15213]: prefork: child states: II
Feb 17 14:32:49 gray spamd[15214]: spamd: connection from localhost [::1]:41293 to port 783, fd 6
Feb 17 14:32:49 gray spamd[15214]: spamd: setuid to debian-spamd succeeded
Feb 17 14:32:50 gray spamd[15214]: spamd: processing message <20160217135331.EDED614070C@samhobbs.co.uk> ...d:112
Feb 17 14:32:53 gray spamd[15214]: spamd: clean message (0.0/2.0) for debian-spamd:112 in 3.3 seconds, 23...ytes.
Feb 17 14:32:53 gray spamd[15214]: spamd: result: . 0 - scantime=3.3,size=2307,user=debian-spamd,uid=112,...ce=no
Feb 17 14:32:54 gray spamd[15213]: prefork: child states: II
Hint: Some lines were ellipsized, use -l to show in full."

It's seems to be setting the options. I used the tutorial as usual but it doesn't appear that spamassassin is taking any notice of what I set in my /etc/spamassassin/local.cf file?

Hmm...

Can you list the files in /etc/spamassassin/ for me please? There might be another file in there that is read after local.cf, which is overriding your changes.

Sam

Simply put - a GREAT tutorial. I followed all the steps and everything is working 100% - just perfect.

One note about creating the cron.daily file:

sudo nano /etc/cron.daily/spamassassin-learn

I believe it is necessary to make it executable with:

sudo chmod +x /etc/cron.daily/spamassassin-learn

Thank you again for the effort put into creating this awesome guide!

One final thing to make it complete would be to add instructions for setting-up DKIM to postfix.

After completing your tutorial I continued with this one:

https://www.digitalocean.com/community/tutorials/how-to-install-and-conf...

I'm using RPi2 with ubuntu 14 distribution and your guide + the DKIM work just out of the box.

My current setup (16GB card / RPi2):
Linux **** 3.18.0-25-rpi2 #26-Ubuntu SMP PREEMPT Sun Jul 5 06:46:34 UTC 2015 armv7l armv7l armv7l GNU/Linux

Hi Sam great tutorial thanks heaps, my mail server is running great on my Pi. Just one question, can I add 2 accounts to your cron script to check the spam and ham directories for SpamAssassin to learn from.

Good question! Yes you could use a glob (*) to match any username like /home/*/Maildir/{cur,new}, or match specific usernames like /home/{user1,user2}/Maildir/{cur,new}.

To be honest, I'm a little unsure if this is the best way to learn spam - I'm not certain how and where spamassassin stores its learned tokens, or which set of tokens get used (presumably it depends on the user the spamassassin client process is running as, but it could be set based on the recipient or something like that).

Since that cron script runs as root, I think it should affect the scores for every user by updating the system-wide spamassassin tokens, but I need to check to be sure. I think at the moment, all messages are processed as the same user due to the way spamassassin is called, but again it's something I need to investigate. Ideally, we could have per-user settings that are automatically selected.

More research required, it's an itch I've been meaning to scratch for a while now.

Sam

Thanks for you quick response, I did setup the cron with 2 lines one for each account eg./home/USER1/Maildir/{cur,new} and another line/home/USER2/Maildir/{cur,new} I just checked the logs and it seemed to have worked. I just changed the code to/home/*/Maildir/{cur,new} I will see if that works tomorrow. Thanks for your help.

Hello,

If I want to add the automatic command for multiple users, the code would be like this right:

#!/bin/bash

# redirect errors and output to logfile
exec 2>&1 1>> /var/log/spamassassin.log

NOW=$(date +"%Y-%m-%d")

# Headers for log
echo ""
echo "#================================ $NOW ================================#"
echo ""

# learn HAM
echo "Learning HAM from Inbox"
sa-learn --no-sync --ham /home/miguel/Maildir/{cur,new}

# learn SPAM
echo "Learning SPAM from Spam folder"
sa-learn --no-sync --spam /home/miguel/Maildir/.Spam/{cur,new}

# Synchronize the journal and databases.
echo "Syncing"
sa-learn --sync

# learn HAM
echo "Learning HAM from Inbox"
sa-learn --no-sync --ham /home/ines/Maildir/{cur,new}

# learn SPAM
echo "Learning SPAM from Spam folder"
sa-learn --no-sync --spam /home/ines/Maildir/.Spam/{cur,new}

# Synchronize the journal and databases.
echo "Syncing"
sa-learn --sync

# learn HAM
echo "Learning HAM from Inbox"
sa-learn --no-sync --ham /home/micaela/Maildir/{cur,new}

# learn SPAM
echo "Learning SPAM from Spam folder"
sa-learn --no-sync --spam /home/micaela/Maildir/.Spam/{cur,new}

# Synchronize the journal and databases.
echo "Syncing"
sa-learn --sync
# learn HAM
echo "Learning HAM from Inbox"
sa-learn --no-sync --ham /home/info/Maildir/{cur,new}

# learn SPAM
echo "Learning SPAM from Spam folder"
sa-learn --no-sync --spam /home/info/Maildir/.Spam/{cur,new}

# Synchronize the journal and databases.
echo "Syncing"
sa-learn --sync

Hi Sam,

Yesterday I rebooted my mail-server Pi and checked (ps -ef) that postfix and dovecot appeared to be active. Later today I found that an expected email did not arrive. A few tests (sending from other email accounts to my Pi mail server) confirmed that mail was not arriving.

service postfix restart and service dovecot restart caused previous emails to arrive.

I notice that there are postfix and dovecot scripts to be found in /etc/init.d and assumed that these would be sufficient. But this seems not to be the case. apache2 restarted without any intervention.

What is the best way to ensure that postfix/dovecot start correctly after a reboot?

John

John,

Check for errors in the mail log, that isn't normal behaviour. You shouldn't have to manually start or restart either service after booting.

Sam

Sam

Hi Sam,

I have followed everything, upto and including Part 5, of your guide. Have gone through the changes three times, even had my son look at it, but am unable to find the reason for this.

Test emails were sent from Thunderbird on Linux using a BTMail (btinternet.com) account as a relay. Have checked, via the BTMail web based browser, that the emails were relayed and not trapped there.

1) A non-spam email arrives in the SquirrelMail Inbox as expected (see /var/log/mail.log listing below).

2) An email containing the GTUBE string in the body text does not arrive in SquirrelMail. Nothing shows in /var/log/mail.log.

3) An email containing the GTUBE string in the body text, after commenting out mailbox_transport in main.cf the email, arrives with the SquirrelMail Inbox with the subject containing the string SPAM and the spam score.

Any suggestions on how to find the cause will be welcome.

regards,
Robert

/var/log/mail.log:

Note: Sender and recipient addresses have been edited in the log entries below.
sender = user@btinternet.com, recipient = me@mydomain.uk

Apr 20 18:15:59 mail postfix/smtpd[25337]: connect from rgout0506.bt.lon5.cpcloud.co.uk[65.20.0.227]
Apr 20 18:15:59 mail postfix/smtpd[25337]: AF61B3880AC0: client=rgout0506.bt.lon5.cpcloud.co.uk[65.20.0.227]
Apr 20 18:15:59 mail postfix/cleanup[25342]: AF61B3880AC0: message-id=<5717B95C.4050801@btinternet.com>
Apr 20 18:15:59 mail postfix/qmgr[24856]: AF61B3880AC0: from=<user@btinternet.com>, size=2217, nrcpt=1 (queue active)
Apr 20 18:15:59 mail spamd[20762]: spamd: connection from localhost [::1]:47867 to port 783, fd 6
Apr 20 18:15:59 mail spamd[20762]: spamd: setuid to debian-spamd succeeded
Apr 20 18:15:59 mail spamd[20762]: spamd: processing message <5717B95C.4050801@btinternet.com> for debian-spamd:112
Apr 20 18:16:00 mail spamd[20762]: spamd: clean message (-0.7/2.0) for debian-spamd:112 in 1.0 seconds, 2179 bytes.
Apr 20 18:16:00 mail spamd[20762]: spamd: result: . 0 - RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,T_DKIM_INVALID scantime=1.0,size=2179,user=debian-spamd,uid=112,required_score=2.0,rhost=localhost,raddr=::1,rport=47867,mid=<5717B95C.4050801@btinternet.com>,autolearn=ham autolearn_force=no
Apr 20 18:16:00 mail postfix/pickup[24857]: EEFEB3880AC6: uid=112 from=<user@btinternet.com>
Apr 20 18:16:00 mail postfix/pipe[25343]: AF61B3880AC0: to=<me@mydomain.uk>, relay=spamassassin, delay=1.3, delays=0.13/0.02/0/1.1, dsn=2.0.0, status=sent (delivered via spamassassin service)
Apr 20 18:16:00 mail postfix/qmgr[24856]: AF61B3880AC0: removed
Apr 20 18:16:00 mail postfix/cleanup[25342]: EEFEB3880AC6: message-id=<5717B95C.4050801@btinternet.com>
Apr 20 18:16:01 mail postfix/qmgr[24856]: EEFEB3880AC6: from=<user@btinternet.com>, size=2576, nrcpt=1 (queue active)
Apr 20 18:16:01 mail spamd[20761]: prefork: child states: II
Apr 20 18:16:01 mail dovecot: lmtp(25349): Connect from local
Apr 20 18:16:01 mail dovecot: lmtp(25349, me): wz5DClG5F1cFYwAANHhPHg: sieve: msgid=<5717B95C.4050801@btinternet.com>: stored mail into mailbox 'INBOX'
Apr 20 18:16:01 mail postfix/lmtp[25348]: EEFEB3880AC6: to=<me@mydomain.uk>, relay=mail[private/dovecot-lmtp], delay=0.57, delays=0.16/0.03/0.08/0.3, dsn=2.0.0, status=sent (250 2.0.0 <me@mydomain.uk> wz5DClG5F1cFYwAANHhPHg Saved)
Apr 20 18:16:01 mail postfix/qmgr[24856]: EEFEB3880AC6: removed
Apr 20 18:16:01 mail dovecot: lmtp(25349): Disconnect from local: Successful quit
Apr 20 18:16:03 mail postfix/smtpd[25337]: disconnect from rgout0506.bt.lon5.cpcloud.co.uk[65.20.0.227]

That's a strange problem. Can you look in your home directory for a hidden file called sieve log or something similar? It could be a syntax error in the sieve script, in which case you'd probably see something in the file.

Sam

Did not find a hidden 'sieve log' file. Did find a binary file named .dovecot.svbin that has a modification time of 18:16 (matches the time in the mail.log entries I posted) and looks to be a 'compiled' copy of the .dovecot.sieve file.

The only reason I installed Dovecot LMTP (aka Sieve) is because SquirrelMail does not have a rules capability. You have to either manually create them, with a text editor, or use something like Managesieve.

I have since found that none of my family were going to use SquirrelMail. They plan on continuing to use Thunderbird on their PC's & Laptops and the built-in Mail app on their iPhones & iPads.

Note to self: Ask the family first the next time I plan on doing something like this.

Therefore, the solution to 'my problem' is to simply remove Dovecot LMTP and SquirrelMail.

Sam, sorry for wasting your time.

Hi Sam,

Been checking my inboxes for spam of which I seem to get a lot anyway, but it also looks like my spam, although marked as spam doesn't go to the spam folder. Having read the posts above, I think I need to setup

/etc/cron.daily/spamassassin-learn

to learn ALL my users...Mine only checks the 'admin' user (which is the only one that is moving the spam to the spam folder). looking at the posts there are varied suggestions to do for multiple users, e.g.

sa-learn --no-sync --spam /home/*/Maildir/.Spam/{cur,new}

or

sa-learn --no-sync --ham /home/`whoami`/Maildir/{cur,new}

or

sa-learn --no-sync --ham /home/{user1,user2}/Maildir/{cur,new}

or adding an extra line for each user...

Which if any would you suggest? I have 6 users..

I also see you've updated this line:

sudo chmod +x /etc/cron.daily/spamassassin-learn

Do I need to run it as well?

Please advise,

Thanks,

Jo

Pages

Add new comment