1 Topic by aarango

  • aarango
  • Member
  • Offline
  • Registered: 2016-12-02
  • Posts: 52

Topic: Log Postfix and Spamassassin

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.4
- Linux/BSD distribution name and version:  ubuntu
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):  LDAP
- Web server (Apache or Nginx): nginx
====

Hi,

I am trying that postfix drop its logs on /var/log/mail.log but it is empty. By default postfix's log is going to syslog, are there way to change it?

By other hand I will like to have more info from Spamassassin because I have only some lines on syslog like this:
Apr 12 08:02:47 mail spamd[25521]: spamd: server started on IO::Socket::INET6 [127.0.0.1]:783 (running version 3.4.0)
Apr 12 08:02:47 mail spamd[25521]: spamd: server pid: 25521
Apr 12 08:02:47 mail spamd[25521]: spamd: server successfully spawned child process, pid 25524
Apr 12 08:02:47 mail spamd[25521]: spamd: server successfully spawned child process, pid 25525

I would like have more control with spam's log and if any email going spam or not, Is it possible?

I'm  using rsyslog (not syslog), should I install it?

Thanks!

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,792

Re: Log Postfix and Spamassassin

I'm not sure what you want to do. But if you just want to filter log lines based on some text, try the 'regex' directive. FYI:
http://www.rsyslog.com/doc/v8-stable/co … ight=regex

3 Reply by aarango (edited by aarango 2017-04-17 13:56:59)

  • aarango
  • Member
  • Offline
  • Registered: 2016-12-02
  • Posts: 52

Re: Log Postfix and Spamassassin

Hi,

I re-open this post with some doubts.

I enabled SQL in bayes, connection is fine and I see a lot of entry, but I dont't know if really spamassassin its filtering emails because some users are receiving emails without mark "SPAM" and they clearly are spam. Score is 2 (for example) and limit are 4.31. All email are same value ~ and none is marked as SPAM.

How could I check if Spamassassin its working?

I was checking some files:

local.cf (spamassassin)
required_score      5.0
rewrite_header      subject [ SPAM ]
use_bayes          1
bayes_auto_learn   1
bayes_auto_expire  1

Here one header with score -9999

X-Virus-Scanned: Debian amavisd-new at mail.xxxx.com
X-Spam-Flag: NO
X-Spam-Score: -0.998
X-Spam-Level:
X-Spam-Status: No, score=-0.998 tagged_above=-999 required=4.31
    tests=[ALL_TRUSTED=-1, HTML_MESSAGE=0.001, URIBL_BLOCKED=0.001]
    autolearn=ham autolearn_force=no

Here another code

Apr 17 07:50:50 mail amavis[18647]: (18647-01) SA dbg: rules: running head tests; score so far=-0.997
Apr 17 07:50:50 mail amavis[18647]: (18647-01) SA dbg: rules: running body tests; score so far=-0.997
Apr 17 07:50:50 mail amavis[18647]: (18647-01) SA dbg: rules: running uri tests; score so far=-0.997
Apr 17 07:50:50 mail amavis[18647]: (18647-01) SA dbg: rules: running body_eval tests; score so far=-0.997
Apr 17 07:50:50 mail amavis[18647]: (18647-01) SA dbg: rules: running rawbody tests; score so far=-0.997
Apr 17 07:50:50 mail amavis[18647]: (18647-01) SA dbg: rules: running full tests; score so far=-0.997
Apr 17 07:50:50 mail amavis[18647]: (18647-01) SA dbg: rules: running meta tests; score so far=-0.997
Apr 17 07:50:50 mail amavis[18647]: (18647-01) SA dbg: plugin: Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x5ea9ac8) implements 'autolearn_discriminator', priority 0
Apr 17 07:50:50 mail amavis[18647]: (18647-01) SA dbg: learn: auto-learn: currently using scoreset 1
Apr 17 07:50:50 mail amavis[18647]: (18647-01) SA dbg: learn: auto-learn: adding head_only points 0.001
Apr 17 07:50:50 mail amavis[18647]: (18647-01) SA dbg: learn: auto-learn: adding head_only points 0.001
Apr 17 07:50:50 mail amavis[18647]: (18647-01) SA dbg: learn: auto-learn: adding head_only points -0.001
Apr 17 07:50:50 mail amavis[18647]: (18647-01) SA dbg: learn: auto-learn: adding body_only points 0.001
Apr 17 07:50:50 mail amavis[18647]: (18647-01) SA dbg: learn: auto-learn: message score: -0.997, computed score for autolearn: 0.002
Apr 17 07:50:50 mail amavis[18647]: (18647-01) SA dbg: learn: auto-learn? ham=0.1, spam=12, body-points=0.001, head-points=0.001, learned-points=0
Apr 17 07:50:50 mail amavis[18647]: (18647-01) SA dbg: learn: auto-learn? yes, ham (0.002 < 0.1) autolearn_force=no
Apr 17 07:50:50 mail amavis[18647]: (18647-01) SA dbg: learn: initializing learner
Apr 17 07:50:50 mail amavis[18647]: (18647-01) SA dbg: learn: learning ham
Apr 17 07:50:50 mail amavis[18647]: (18647-01) SA dbg: check: pms new, time limit in 297.213 s
Apr 17 07:50:50 mail amavis[18647]: (18647-01) SA dbg: plugin: Mail::SpamAssassin::Plugin::WLBLEval=HASH(0x5eba470) implements 'check_wb_list', priority 0
Apr 17 07:50:50 mail amavis[18647]: (18647-01) SA dbg: eval: all '*From' addrs: from@domain.com
Apr 17 07:50:50 mail amavis[18647]: (18647-01) SA dbg: eval: all '*To' addrs: to@domain.com
Apr 17 07:50:50 mail amavis[18647]: (18647-01) SA dbg: plugin: Mail::SpamAssassin::Plugin::Bayes=HASH(0x5eaf838) implements 'learn_message', priority 0
Apr 17 07:50:50 mail amavis[18647]: (18647-01) SA dbg: check: pms new, time limit in 297.212 s
Apr 17 07:50:50 mail amavis[18647]: (18647-01) SA dbg: bayes: database connection established
Apr 17 07:50:50 mail amavis[18647]: (18647-01) SA dbg: bayes: found bayes db version 3
Apr 17 07:50:50 mail amavis[18647]: (18647-01) SA dbg: bayes: Using userid: 1
Apr 17 07:50:50 mail amavis[18647]: (18647-01) SA dbg: bayes: seen (3b4d15f9851e6f349b70c0e83b787a82fe898c04@sa_generated) put
Apr 17 07:50:50 mail amavis[18647]: (18647-01) SA dbg: bayes: learned '3b4d15f9851e6f349b70c0e83b787a82fe898c04@sa_generated', atime: 1492408240
Apr 17 07:50:50 mail amavis[18647]: (18647-01) SA dbg: learn: initializing learner
Apr 17 07:50:50 mail amavis[18647]: (18647-01) SA dbg: check: is spam? score=-0.997 required=5

Note: I enabled SQL 3 days ago, maybe should I wait to autolearn more time?

thanks.