MikeL's FreeBSD howto - SpamAssassin

[20240626]
Followup on the max msg size to scan (below), I have been seeing larger spams get through lately, so I had to revisit this. I am now using "50000000" (50Mb). File is at /usr/local/etc/mail/spamassassin/spamc.conf.
Normal email delivery seems to be fine. Note this is an ~8yr old Dell server with 64Gb RAM, 10krpm HDs, 2 x 12 core, 2 thread, total 48 apparent CPUs.

Note that you want to be sure to change both sendmail and spamd to match. I recall in the past a time where sendmail would accept a large file, but then spamd would refuse it as I didn't know about the seperate setting for spamd and the default was lower. Sendmail would tell the sender to retry, so every few minutes, another copy of this huge spam would be left in my mail dir, rapidly filling the HD.


[20230327]
As described by the spamass pkg install, you'll want to add the following to your root's crontab:
15 0 * * * /usr/local/bin/sa-update --nogpg -v & /usr/local/bin/sa-compile
As described in /usr/local/share/doc/spamassassin/INSTALL, install additional modules.
Do an internet search for sa-compile, and you'll find you need to also edit:
/usr/local/etc/mail/spamassassin/v320.pre
and uncomment-out the "Rule2SXBody" line.
[20230325]
Same new install discussed below - I noticed I'm getting the following error when I run service spamass-milter restart:
/var/run/spamd/spamass-milter.sock: No such file or directory
Fixed this by changing rc.conf lines to:
spamass_milter_socket="/var/run/spamd/spamass-milter.sock"
spamass_milter_flags="-r 10 -f -u spamd -p ${spamass_milter_socket}"


[20221227]
I did a new install of spamass on a new machine. It simply wasn't creating spamass-milter.sock - not anywhere in the whole file system ( find / -name spamass-milter.sock -print ). In /var/log/maillog found the line:
    sm-mta[1285]: 2BRMODMC029161: Milter (spamassassin): local socket name /var/run/spamd/spamass-milter.sock unsafe

Problem was simple. I had neglected to install both spamassassin and spamass-milter, I had only done the pkg install on spamass-milter.


20200429

I did pkg update and suddenly spamd refuses to start:
  service sa-spamd restart
  spamd not running? (check /var/run/spamd/spamd.pid).
  child process [21277] exited or timed out without signaling production of a PID file: exit 255 at /usr/local/bin/spamd line 3034.
  /usr/local/etc/rc.d/sa-spamd: WARNING: failed to start spamd
I checked messages log, nothing of use. Ran the program directly from command line:
  root@brix:~mikel/html/howto # /usr/local/bin/spamd 
  Apr 29 10:37:19.847 [21292] error: config: no rules were found! Do you need to run 'sa-update'?
  config: no rules were found!  Do you need to run 'sa-update'?
And there's the answer! Did sa-update and all is now well.

20200313
At a command line, do:
spamassassin --lint --debug |& grep failed
Install any missing optional perl packages using:
cpan install [perl-pkg-name]

spamassassin --lint --debug |& grep missing
Install any missing optional ports/packages using:
pkg install [pkg-name]
Note that installing "Pyzor" also fixed the "DCC" dependency warning.
pkg install py37-pyzor

spamassassin --lint --debug |& grep "not enabled"
Look for pyzor not being turned on.

spamassassin --lint --debug |& more
Step through this watching for anything unusual.

20200229 -- new install of spamass on existing sendmail system

pkg install spamassassin
pkg install spamass-milter
New install instructs you to do the following:
sa-update
sa-compile

Edit /etc/rc.conf, add:
spamass_milter_enable="YES"
spamass_milter_flags="-r 10 -f -u spamd -p /var/run/spamass-milter.sock"
spamd_enable="YES"
spamd_flags="-d -u spamd -H /var/spool/spamd"

service spamass-milter start

ll /var/run/spam* -- check for spamass-milter.sock -- if not present, your problem is with spamass-milter. I had problems when I tried moving the socket to a subdir, so just don't.

Note that any time you make a change to your local.cf file, it's a good idea to do a quick:
spamassassin --lint

Edit /etc/mail/[your-system-name].mc, add:

dnl  Following limits size of file that will be sent to spamd, without this
dnl  spamass will simply skip parsing of large emails and let them through.
define(`SMTP_MAILER_MAX', `15000000')
define(`confMAX_MESSAGE_SIZE', `15000000')

dnl Added spamassassin 19-Apr-2005
dnl 20180422 upped S and R from 4m to 6m, added T val to F switch
INPUT_MAIL_FILTER(`spamassassin', `S=local:/var/run/spamass-milter.sock, F=T, T=C:15m;S:6m;R:6m;E:10m')

define(`confMILTER_MACROS_CONNECT', `b, j, _, {daemon_name}, {if_name}, {if_addr}'})

define(`confMILTER_MACROS_HELO', confMILTER_MACROS_HELO``, {verify}'')

dnl 20140302 - getting msg Could not retrieve sendmail macro "b"!
dnl in logfile.  see:
dnl http://lists.gnu.org/archive/html/spamass-milt-list/2006-05/msg00011.html
define(`confMILTER_MACROS_ENVRCPT', ``b, r, v, Z'')

define(`confINPUT_MAIL_FILTERS', `spamassassin')
make [your-system-name].cf
diff -cw [your-system-name].cf sendmail.cf -- this is FYI
cp [your-system-name].cf sendmail.cf
sendmail-restart -- see my sendmail restart script below

And of course check the logfiles:
tail -n 50 /var/log/maillog
tail -n 50 /var/log/console.log
tail -n 50 /var/log/messages
tail -n 50 /var/log/auth.log

20180905 - Having problem where spamassassin is crashing with
Sep  5 14:13:05 pedicel sm-mta[27634]: w85LCRct027634: milter_sys_read(spamassassin): cmd read returned 0, expecting 5
Sep  5 14:13:05 pedicel sm-mta[27651]: w85LCteO027651: Milter (spamassassin): read returned -1: Connection reset by [89.238.132.202]
Sep  5 14:13:05 pedicel sm-mta[27634]: w85LCRct027634: Milter (spamassassin): to error state
Sep  5 14:13:05 pedicel sm-mta[27651]: w85LCteO027651: Milter (spamassassin): to error state
Sep  5 14:13:05 pedicel sm-mta[27651]: w85LCteO027651: Milter (spamassassin): init failed to open
Sep  5 14:13:05 pedicel sm-mta[27654]: w85LD1LA027654: Milter (spamassassin): read returned -1: Connection reset by ns508073.ip-192-99-7.net
Sep  5 14:13:05 pedicel sm-mta[27651]: w85LCteO027651: Milter (spamassassin): to error state
Sep  5 14:13:05 pedicel sm-mta[27651]: w85LCteO027651: Milter: initialization failed, temp failing commands
Sep  5 14:13:05 pedicel sm-mta[27654]: w85LD1LA027654: Milter (spamassassin): to error state
Sep  5 14:13:05 pedicel sm-mta[27654]: w85LD1LA027654: Milter (spamassassin): init failed to open
Sep  5 14:13:05 pedicel sm-mta[27654]: w85LD1LA027654: Milter (spamassassin): to error state
Sep  5 14:13:05 pedicel sm-mta[27654]: w85LD1LA027654: Milter: initialization failed, temp failing commands
Sep  5 14:13:05 pedicel sm-mta[27634]: w85LCRct027634: Milter: data, reject=451 4.3.2 Please try again later
Sep  5 14:13:05 pedicel spamc[27644]: oops! message_dump of 8192 returned different
Sep  5 14:13:05 pedicel sm-mta[27634]: w85LCRct027634: to=, delay=00:00:38, pri=656529198, stat=Please try again later
Sep  5 14:13:05 pedicel spamc[27644]: oops! message_dump of 8192 returned different
  
This appears to be related to a 25MB file delivery attempt which is causing spamd to crash. Eventually, I find that the SMTP_MAILER_MAX setting in my sendmail.cf file is not doing what I thought it was supposed to do. I assumed it would prevent sendmail from accepting larger email than this - nope. This is the limit that sendmail will "transport" - it will accept this large file and happily hand it off to spamd. You want to use the MAX_MESSAGE_SIZE directive which will tell sendmail to refuse any email larger than this value.

This can be verified by going out to a command line and doing:
telnet localhost smtp
EHLO localhost
Look for the "SIZE" line - it is not followed by a number - it has no value on my system. To fix this, in .mc file add:
define(`confMAX_MESSAGE_SIZE', `10000000')

NOTE! This command requires the "conf" prefix. The related SMTP_MAILER_MAX CAN NOT have the "conf" prefix.
Of course don't forget to make .cf file, copy that to sendmail.cf [see comments on this below], then restart sendmail, and this time you should be able to see it in the telnet/EHLO.

This does seem to have fixed the crashing. I guess spamd has a bug related to large files, but that's not up to me to fix - I'm ok with limiting email size. Currently running 15Mb, I'll try to remember to come back here if that still has problems.


02-Mar-2014
Apologies for this page being nearly useless, but... I've had spamassassin running on my system for years now. Sorry that I never noted the initial configuration challanges. However, the following notes may help you with ongoing issues...

Suddenly I'm seeing the following message in my maillog:

Mar 2 02:07:21 systemname spamc[6286]: skipped message, greater than max message size (512000 bytes)
Mar 2 02:07:21 systemname spamass-milter[93284]: Could not extract score from <>
This is not a spamassassin problem, it is actually a spamc configuration issue. By default, spamc seems to refuse to handle emails larger than 512000 bytes. I'm suddenly seeing a lot of spam just larger than this which makes me believe the spammers have figured this out and are intentionally thwarting it regardless of the fact that larger messages take longer to deliver thus reducing their overall throughput. Anyways, it was hours of reading through old email threads to find how to fix this.

First task is to look through your maillog in an editor and search for "skipped", and check out the sizes of the mail causing the skip. Pick a nice slightly larger number. Most of my obvious spam oversized mails were ~549k, so I'm rounding up to a nice 600k. I'm leery of going up to 1MB as I don't know what the performance hit will be, but I'll keep an eye on it.

If interested spamc config file help, for details on the file format and options, there was no problem finding this. The one I'm concerned with is simply '-s'.

Here's the tricky part... When searching for where the config file should go, all the different locations I found mentioned were bogus, or at least did not work on my FreeBSD 5.4 system. Some claimed the file should be called 'spamassassin', but eventually I found one that said it should be 'spamc.conf'. What finally works on my system is:
/usr/local/etc/mail/spamassassin/spamc.conf

In the config file add the line:
-s 600000
[20200316] Am now using 25000000

03/26/14
Revisited logfile. Am seeing scantimes up to 19 seconds with a setting of 1024000. I have hundreds, possibly thousands of distinct rules to be parsed. The machine is possibly 10 year old dual proc 1.8(?)GHz with 15krpm scsi, probably only 4G ram. A modern machine would do much better, so it's probably safe to go with an even bigger number.


Note! To send yourself a quick-n-dirty little test email for the command line in order to test for connectivity issues (like "rejected"), create a file with To:, Subject: and From:, with a blank line, then some goobledgook text. I'd recommend several different files, one with just a few words, another with a bunch of porno words, another with a bunch of sales/advertising words, etc. You could even do a file save on a spam email. Then, to send it, do:
sendmail -vt dest-email-addr < test-filename
The output should look something like this:
# sendmail -vt zzz@example.com < okemail.txt
zzz@example.com... Connecting to [127.0.0.1] via relay...
220 xyz.example.com ESMTP Sendmail 8.15.2/8.15.2; Sun, 22 Apr 2018 20:31:06 -0700 (PDT)
>>> EHLO xyz.example.com
250-xyz.example.com Hello localhost [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
250-DELIVERBY
250 HELP
>>> MAIL From:zzz@example.com> SIZE=172 AUTH=zzz@zzz.zzz
250 2.1.0 ... Sender ok
>>> RCPT To:
>>> DATA
250 2.1.5 ... Recipient ok
354 Enter mail, end with "." on a line by itself
>>> .
250 2.0.0 w3N3V6Pd075709 Message accepted for delivery
zzz@example.com... Sent (w3N3V6Pd075709 Message accepted for delivery)
Closing connection to [127.0.0.1]
>>> QUIT
221 2.0.0 xyz.example.com closing connection

Copyright © 1995-2024 Mike Lempriere (running on host bayanus)