2

I've used Amavisd with Spamassassin for years... my configuration used to 'work' (though it may never have been "right") now, it appears as if /etc/spamassassin/local.cf configuration is ignored when spamassassin functionality is invoked by amavisd-new

I'm using a fairly vanilla configuration:

  • Ubuntu (14.04.4 LTS)
  • Postfix (2.11.0-1ubuntu1) - smtpd (and friends) as postfix
  • Spamassassin (3.4.0) - spamd as root
  • amavisd-new (2.7.1) - as amavis

Postfix, spamassassin and amavisd are all running as services, and mail is delivered with spamassassin scores. The bayes database is in ~amavis/.spamassassin/bayes_*.

I am perplexed because it appears that the configuration I've placed in /etc/spamassassin/local.cf (a new score for a specific rule, for example) is ignored for messages processed by amavisd, but are not ignored when I run spamc, or "spamassassin -D -t" from the amavis account. When I place equivalent configuration in ~amavis/.spamassassin/user_prefs - it also seems to have no effect on the results of amavisd-new processing.

I originally configured with reference to (something like) this: https://help.ubuntu.com/community/PostfixAmavisNew

I've also considered these ideas (to no avail): https://www.ijs.si/software/amavisd/#faq-spam

What I'd like to know is:

  • Why are my custom "score" values, in /etc/spamassassin/local.cf, being ignored only when spamassassin is used via amavisd-new?
  • Is there a neat way to get amavisd to use spamc (and, hence, ensure consistency)?
aSteve
  • 141

3 Answers3

3

1st question:

First, and to be clear: The Spamassassin configuration files ARE used - they are not 'skipped'. I have seen others report that they are not used at all.

I know you saw this faq link, but the answer seems to be here. The FAQ may not spell out the exact "$sa_" (or other type) variables/etc you might need in /etc/amavis/conf.d/50-user, but it does go into great detail about how things are started and read. It would seem that you are probably simply being 'ignored' by amavis-new as far as SA's local.cf configuration. This is configuration-option dependent - some local.cf options may work - some may not.

But, you also have not mentioned what exact options (custom rules I assume?) you have under local.cf that are not being used (or ignored/undef'd by amavis-new).

https://www.ijs.si/software/amavisd/#faq-spam :

SA does observe all settings in its configuration file, but not all of them have effect on the mail being checked, as amavisd-new does its own decisions based on spam score (hits) (so for example required_hits has no effect - use tag/tag2/kill amavisd-new settings instead), and does its own header editing, and body is not modified. Read on for related information.

Without more to go on as far as what specific SA local.cf options are ignored, this is your answer. You would need to post more specific info.

2nd question:

Yes, you could hypothetically use SA as a separate content filter via Postfix/MTA/etc. You are much better off staying with amavis-new as the MTAs SA controller, though. You should be able to replicate what you need done under SA via Amavis-new configuration and/or $sa_ variables/etc.

Note:

If running under Ubuntu (and probably Debian), there is also a global amavis-new Spamassassin user_pref/config file under: /var/lib/amavis/.spamassassin/user_prefs.
I have added custom SA rules to this file - and they work fine.

You can also kill main amavis process and try: sudo amavisd-new debug-sa to get output of what SA is doing/reading/compiling/etc. (Debian/Ubuntu name/location)

Example LOG shows amavis-new config reading some SA config files:

mail.example.net /usr/sbin/amavisd-new[30358]: SA dbg: config: using "/etc/spamassassin" for site rules pre files
mail.example.net /usr/sbin/amavisd-new[30358]: SA dbg: config: read file /etc/spamassassin/init.pre
mail.example.net /usr/sbin/amavisd-new[30358]: SA dbg: config: read file /etc/spamassassin/sa-compile.pre
mail.example.net /usr/sbin/amavisd-new[30358]: SA dbg: config: read file /etc/spamassassin/v310.pre
mail.example.net /usr/sbin/amavisd-new[30358]: SA dbg: config: read file /etc/spamassassin/v312.pre
mail.example.net /usr/sbin/amavisd-new[30358]: SA dbg: config: read file /etc/spamassassin/v320.pre
mail.example.net /usr/sbin/amavisd-new[30358]: SA dbg: config: read file /etc/spamassassin/v330.pre
mail.example.net /usr/sbin/amavisd-new[30358]: SA dbg: config: read file /etc/spamassassin/v340.pre
mail.example.net /usr/sbin/amavisd-new[30358]: SA dbg: config: read file /etc/spamassassin/v341.pre
mail.example.net /usr/sbin/amavisd-new[30358]: SA dbg: config: using "/usr/share/spamassassin" for sys rules pre files

...

mail.example.net /usr/sbin/amavisd-new[30358]: SA dbg: config: using "/etc/spamassassin" for site rules dir
mail.example.net /usr/sbin/amavisd-new[30358]: SA dbg: config: read file /etc/spamassassin/65_debian.cf
mail.example.net /usr/sbin/amavisd-new[30358]: SA dbg: config: read file /etc/spamassassin/local.cf
mail.example.net /usr/sbin/amavisd-new[30358]: SA dbg: config: using "/var/lib/amavis/.spamassassin/user_prefs" for user prefs file
B. Shea
  • 1,388
2

amavisd-new uses its own config. These config files are located in /etc/amavis/conf.d/. In particular, in 20-debian_defaults, $sa_kill_level_deflt is the "equivalent" to SpamAssassin's required_score (located in /etc/spamassassin/local.cf).

In my experience, the score returned using amavis vs. using spamsassassin directly is never the same and I haven't figured out why yet, so when you are setting $sa_kill_level_deflt you'll need to figure out an appropriate value that may not be the same as required_score.

Ryan H.
  • 121
0

After adding custom rules to local.cf, don't forget to run spamassassin --lint and to restart spamassassin and amavis daemon

chandon
  • 1