MikeL's FreeBSD howto - SpamAssassin
[20240626]
Followup on the max msg size to scan (below), I have been seeing
larger spams get through lately, so I had to revisit this. I am now
using "50000000" (50Mb). File is
at /usr/local/etc/mail/spamassassin/spamc.conf.
Normal email delivery seems to be fine. Note this is an ~8yr old Dell
server with 64Gb RAM, 10krpm HDs, 2 x 12 core, 2 thread, total 48
apparent CPUs.
Note that you want to be sure to change both sendmail and
spamd to match. I recall in the past a time where sendmail would
accept a large file, but then spamd would refuse it as I didn't know
about the seperate setting for spamd and the default was lower.
Sendmail would tell the sender to retry, so every few minutes, another
copy of this huge spam would be left in my mail dir, rapidly filling
the HD.
[20230327]
As described by the spamass pkg install, you'll want to add the
following to your root's crontab:
15 0 * * * /usr/local/bin/sa-update --nogpg -v & /usr/local/bin/sa-compile
As described
in /usr/local/share/doc/spamassassin/INSTALL, install
additional modules.
Do an internet search for sa-compile, and you'll find you need to also edit:
/usr/local/etc/mail/spamassassin/v320.pre
and uncomment-out the "Rule2SXBody" line.
[20230325]
Same new install discussed below - I noticed I'm getting the following error when I run service spamass-milter restart:
/var/run/spamd/spamass-milter.sock: No such file or directory
Fixed this by changing rc.conf lines to:
spamass_milter_socket="/var/run/spamd/spamass-milter.sock"
spamass_milter_flags="-r 10 -f -u spamd -p ${spamass_milter_socket}"
[20221227]
I did a new install of spamass on a new machine. It simply wasn't
creating spamass-milter.sock - not anywhere in the whole
file system ( find / -name spamass-milter.sock -print ). In /var/log/maillog found the line:
sm-mta[1285]: 2BRMODMC029161: Milter
(spamassassin): local socket name /var/run/spamd/spamass-milter.sock
unsafe
Problem was simple. I had neglected to install
both spamassassin and spamass-milter,
I had only done the pkg install on spamass-milter.
20200429
I did pkg update and suddenly spamd refuses to start:
service sa-spamd restart
spamd not running? (check /var/run/spamd/spamd.pid).
child process [21277] exited or timed out without signaling production of a PID file: exit 255 at /usr/local/bin/spamd line 3034.
/usr/local/etc/rc.d/sa-spamd: WARNING: failed to start spamd
I checked messages log, nothing of use. Ran the program directly from command line:
root@brix:~mikel/html/howto # /usr/local/bin/spamd
Apr 29 10:37:19.847 [21292] error: config: no rules were found! Do you need to run 'sa-update'?
config: no rules were found! Do you need to run 'sa-update'?
And there's the answer! Did sa-update and all is now well.
20200313
At a command line, do:
spamassassin --lint --debug |& grep failed
Install any missing optional perl packages using:
cpan install [perl-pkg-name]
spamassassin --lint --debug |& grep missing
Install any missing optional ports/packages using:
pkg install [pkg-name]
Note that installing "Pyzor" also fixed the "DCC" dependency warning.
pkg install py37-pyzor
spamassassin --lint --debug |& grep "not enabled"
Look for pyzor not being turned on.
spamassassin --lint --debug |& more
Step through this watching for anything unusual.
20200229 -- new install of spamass on existing sendmail system
pkg install spamassassin
pkg install spamass-milter
New install instructs you to do the following:
sa-update
sa-compile
Edit /etc/rc.conf, add:
spamass_milter_enable="YES"
spamass_milter_flags="-r 10 -f -u spamd -p /var/run/spamass-milter.sock"
spamd_enable="YES"
spamd_flags="-d -u spamd -H /var/spool/spamd"
service spamass-milter start
ll /var/run/spam* -- check
for spamass-milter.sock -- if not present, your problem
is with spamass-milter. I had problems when I tried moving the socket
to a subdir, so just don't.
Note that any time you make a change to your local.cf file, it's a good idea to do a quick:
spamassassin --lint
Edit /etc/mail/[your-system-name].mc, add:
dnl Following limits size of file that will be sent to spamd, without this
dnl spamass will simply skip parsing of large emails and let them through.
define(`SMTP_MAILER_MAX', `15000000')
define(`confMAX_MESSAGE_SIZE', `15000000')
dnl Added spamassassin 19-Apr-2005
dnl 20180422 upped S and R from 4m to 6m, added T val to F switch
INPUT_MAIL_FILTER(`spamassassin', `S=local:/var/run/spamass-milter.sock, F=T, T=C:15m;S:6m;R:6m;E:10m')
define(`confMILTER_MACROS_CONNECT', `b, j, _, {daemon_name}, {if_name}, {if_addr}'})
define(`confMILTER_MACROS_HELO', confMILTER_MACROS_HELO``, {verify}'')
dnl 20140302 - getting msg Could not retrieve sendmail macro "b"!
dnl in logfile. see:
dnl http://lists.gnu.org/archive/html/spamass-milt-list/2006-05/msg00011.html
define(`confMILTER_MACROS_ENVRCPT', ``b, r, v, Z'')
define(`confINPUT_MAIL_FILTERS', `spamassassin')
make [your-system-name].cf
diff -cw [your-system-name].cf sendmail.cf -- this is FYI
cp [your-system-name].cf sendmail.cf
sendmail-restart -- see my sendmail restart script below
And of course check the logfiles:
tail -n 50 /var/log/maillog
tail -n 50 /var/log/console.log
tail -n 50 /var/log/messages
tail -n 50 /var/log/auth.log
20180905 - Having problem where spamassassin is crashing with
Sep 5 14:13:05 pedicel sm-mta[27634]: w85LCRct027634: milter_sys_read(spamassassin): cmd read returned 0, expecting 5
Sep 5 14:13:05 pedicel sm-mta[27651]: w85LCteO027651: Milter (spamassassin): read returned -1: Connection reset by [89.238.132.202]
Sep 5 14:13:05 pedicel sm-mta[27634]: w85LCRct027634: Milter (spamassassin): to error state
Sep 5 14:13:05 pedicel sm-mta[27651]: w85LCteO027651: Milter (spamassassin): to error state
Sep 5 14:13:05 pedicel sm-mta[27651]: w85LCteO027651: Milter (spamassassin): init failed to open
Sep 5 14:13:05 pedicel sm-mta[27654]: w85LD1LA027654: Milter (spamassassin): read returned -1: Connection reset by ns508073.ip-192-99-7.net
Sep 5 14:13:05 pedicel sm-mta[27651]: w85LCteO027651: Milter (spamassassin): to error state
Sep 5 14:13:05 pedicel sm-mta[27651]: w85LCteO027651: Milter: initialization failed, temp failing commands
Sep 5 14:13:05 pedicel sm-mta[27654]: w85LD1LA027654: Milter (spamassassin): to error state
Sep 5 14:13:05 pedicel sm-mta[27654]: w85LD1LA027654: Milter (spamassassin): init failed to open
Sep 5 14:13:05 pedicel sm-mta[27654]: w85LD1LA027654: Milter (spamassassin): to error state
Sep 5 14:13:05 pedicel sm-mta[27654]: w85LD1LA027654: Milter: initialization failed, temp failing commands
Sep 5 14:13:05 pedicel sm-mta[27634]: w85LCRct027634: Milter: data, reject=451 4.3.2 Please try again later
Sep 5 14:13:05 pedicel spamc[27644]: oops! message_dump of 8192 returned different
Sep 5 14:13:05 pedicel sm-mta[27634]: w85LCRct027634: to=, delay=00:00:38, pri=656529198, stat=Please try again later
Sep 5 14:13:05 pedicel spamc[27644]: oops! message_dump of 8192 returned different
This appears to be related to a 25MB file delivery attempt which is
causing spamd to crash. Eventually, I find that
the SMTP_MAILER_MAX setting in my
sendmail.cf file is not doing what I thought it was
supposed to do. I assumed it would prevent sendmail from accepting
larger email than this - nope. This is the limit that sendmail will
"transport" - it will accept this large file and happily hand it off
to spamd. You want to use the MAX_MESSAGE_SIZE directive
which will tell sendmail to refuse any email larger than this
value.
This can be verified by going out to a command line
and doing:
telnet localhost smtp
EHLO localhost
Look for the "SIZE" line - it is not followed by a number - it has no
value on my system. To fix this, in .mc file add:
define(`confMAX_MESSAGE_SIZE', `10000000')
NOTE! This command requires the "conf" prefix. The
related SMTP_MAILER_MAX CAN NOT have the "conf"
prefix.
Of course don't forget to make .cf file, copy that to
sendmail.cf [see comments on this below], then restart sendmail, and
this time you should be able to see it in the telnet/EHLO.
This does seem to have fixed the crashing. I guess spamd
has a bug related to large files, but that's not up to me to fix - I'm
ok with limiting email size. Currently running 15Mb, I'll try to
remember to come back here if that still has problems.
02-Mar-2014
Apologies for this page being nearly useless, but... I've had
spamassassin running on my system for years now. Sorry that I never
noted the initial configuration challanges. However, the following
notes may help you with ongoing issues...
Suddenly I'm seeing the following message in my maillog:
Mar 2 02:07:21 systemname spamc[6286]: skipped message, greater than max message size (512000 bytes)
Mar 2 02:07:21 systemname spamass-milter[93284]: Could not extract score from <>
This is not a spamassassin problem, it is actually a spamc
configuration issue. By default, spamc seems to refuse to handle
emails larger than 512000 bytes. I'm suddenly seeing a lot of spam
just larger than this which makes me believe the spammers have figured
this out and are intentionally thwarting it regardless of the fact
that larger messages take longer to deliver thus reducing their
overall throughput. Anyways, it was hours of reading through old
email threads to find how to fix this.
First task is to look through your maillog in an editor and search for
"skipped", and check out the sizes of the mail causing the skip. Pick
a nice slightly larger number. Most of my obvious spam oversized
mails were ~549k, so I'm rounding up to a nice 600k. I'm leery of
going up to 1MB as I don't know what the performance hit will be, but
I'll keep an eye on it.
If interested spamc config file help, for details on the file format and options,
there was no problem finding this. The one I'm concerned with is
simply '-s'.
Here's the tricky part... When searching for where the config
file should go, all the different locations I found mentioned were
bogus, or at least did not work on my FreeBSD 5.4 system. Some
claimed the file should be called 'spamassassin', but eventually I
found one that said it should be 'spamc.conf'. What finally works on
my system is:
/usr/local/etc/mail/spamassassin/spamc.conf
In the config file add the line:
-s 600000
[20200316] Am now using 25000000
03/26/14
Revisited logfile. Am seeing scantimes up to 19 seconds
with a setting of 1024000. I have hundreds, possibly thousands of
distinct rules to be parsed. The machine is possibly 10 year old dual
proc 1.8(?)GHz with 15krpm scsi, probably only 4G ram. A modern
machine would do much better, so it's probably safe to go with an even
bigger number.
Note! To send yourself a quick-n-dirty little test email for the
command line in order to test for connectivity issues (like
"rejected"), create a file with To:, Subject: and From:, with a blank
line, then some goobledgook text. I'd recommend several different
files, one with just a few words, another with a bunch of porno words,
another with a bunch of sales/advertising words, etc. You could even
do a file save on a spam email. Then, to send it, do:
sendmail -vt dest-email-addr < test-filename
The output should look something like this:
# sendmail -vt zzz@example.com < okemail.txt
zzz@example.com... Connecting to [127.0.0.1] via relay...
220 xyz.example.com ESMTP Sendmail 8.15.2/8.15.2; Sun, 22 Apr 2018 20:31:06 -0700 (PDT)
>>> EHLO xyz.example.com
250-xyz.example.com Hello localhost [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
250-DELIVERBY
250 HELP
>>> MAIL From:zzz@example.com> SIZE=172 AUTH=zzz@zzz.zzz
250 2.1.0 ... Sender ok
>>> RCPT To:
>>> DATA
250 2.1.5 ... Recipient ok
354 Enter mail, end with "." on a line by itself
>>> .
250 2.0.0 w3N3V6Pd075709 Message accepted for delivery
zzz@example.com... Sent (w3N3V6Pd075709 Message accepted for delivery)
Closing connection to [127.0.0.1]
>>> QUIT
221 2.0.0 xyz.example.com closing connection
Copyright © 1995-2024
Mike Lempriere
(running on host bayanus)