1

My SpamAssassin daemon is not flagging as much spam as I would like (but it is flagging some), so I took a sample message which had not been flagged, and ran it thru SpamAssassin at the command line. The results are entirely different for the same message (see below).

  • What should I look for in the configuration which might cause this?

  • How can I temporarily enable debug for spamd (Ubuntu 16.4, not using amavis)

Results via spamd:

X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on myhost
X-Spam-Level:
X-Spam-Status: No, score=-1.1 required=2.0 tests=BAYES_00,RDNS_NONE,
    SPF_HELO_PASS,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0

Results via command line:

X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on myhost
X-Spam-Flag: YES
X-Spam-Level: ****
X-Spam-Status: Yes, score=4.5 required=2.0 tests=RCVD_IN_BL_SPAMCOP_NET,
    RDNS_NONE,SPF_HELO_PASS,SPF_PASS,URIBL_ABUSE_SURBL,URIBL_BLOCKED autolearn=no
    autolearn_force=no version=3.4.0
X-Spam-Report: 
  *  0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
  *       See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
  *      for more information.
  *      [URIs: sarasotasailingsquadron.org]
  *  1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL
  *      blocklist
  *      [URIs: afxled.trade]
*  1.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
*      [Blocked - see <http://www.spamcop.net/bl.shtml?107.173.40.66>]
* -0.0 SPF_PASS SPF: sender matches SPF record
* -0.0 SPF_HELO_PASS SPF: HELO matches SPF record
*  1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
flymike
  • 221
  • 1
  • 2
  • 6

2 Answers2

1

Without the actual configuration it's hard to say what could be wrong. This might be some permission issue, for example if the spamd is running as a user that doesn't have permissions to read ~/.spamassassin/user_prefs and, therefore, only runs the tests and scores configured in /etc/spamassassin/local.cf.

How can I temporarily enable debug for spamd?

Run it with spamd -D (i.e. --debug for printing debugging messages). You can compare the output to the output of spamassassin -D to see what's the difference.

Esa Jokinen
  • 46,944
  • 3
  • 83
  • 129
0

On Ubuntu, first check spamd status with

sudo systemctl status spamassassin

It might give you a clue. For example file permission issue:

spamd[2392]: bayes: cannot open bayes databases /var/lib/spamassassin/.spamassassin/bayes_* R/O: tie failed: Permission denied

The file should be owned by spamd user. In my case debian-spamd, but can be owned by root if you ran sa-learn with sudo.

ruuter
  • 141
  • 4