I am trying to setup SpamAssassin on my mail server (Rocky Linux 9.5). Just a basic setup! This is the options variable at `/etc/sysconfig/spamassassin`:

SPAMDOPTIONS="-d -c -m5 -H --create-prefs --max-children 2 -u spamd -g spamd --socketpath=/var/lib/spamassassin/spamd.sock --socketowner=spamd --socketgroup=spamd --socketmode=0666 -s /var/log/spamd.log --debug"

> `--debug` was added temporarity When I start SpamAssassin using `systemctl`, it exits with random errors and systemd restarts it again, I put the truncated log below:

.
.
Fri Feb 14 19:59:03 2025  info: spamd: server successfully spawned child process, pid 2135
Fri Feb 14 19:59:03 2025  dbg: prefork: child 2135: entering state 0
Fri Feb 14 19:59:03 2025  dbg: prefork: new lowest idle kid: none
Fri Feb 14 19:59:03 2025  dbg: spamd: Privilege de-escalation from user 0 and groups 0
Fri Feb 14 19:59:03 2025  dbg: spamd: setgid ERRNO is 
Fri Feb 14 19:59:03 2025  dbg: util: get_user_groups: uid is 98
Fri Feb 14 19:59:03 2025  info: spamd: server successfully spawned child process, pid 2136
Fri Feb 14 19:59:03 2025  dbg: prefork: child 2136: entering state 0
Fri Feb 14 19:59:03 2025  dbg: prefork: new lowest idle kid: none
Fri Feb 14 19:59:03 2025  dbg: spamd: Privilege de-escalation from user 0 and groups 0
Fri Feb 14 19:59:03 2025  dbg: spamd: setgid ERRNO is 
Fri Feb 14 19:59:03 2025  dbg: util: get_user_groups: uid is 98
Fri Feb 14 19:59:03 2025  info: spamd: server killed by SIGTERM, shutting down
Fri Feb 14 19:59:04 2025  dbg: logger: successfully added file method
.
.

I decided to use the following command and run `spamd from cli` both foreground and daemonized, it worked flawlessly!

sudo -u spamd -- spamd -c -m5 -H --create-prefs --max-children 2 -u spamd -g spamd --socketpath=/var/lib/spamassassin/spamd.sock --socketowner=spamd --socketgroup=spamd --socketmode=0666 -s /var/log/spamd.log --debug

It also works correctly without `sudo`! Has anyone ran into similar issue with SpamAssassin or any other services?

As part of my nerdy home system, I have a Fedora Linux server, which is my file server, my web server and my mail server. For almost 20 years, my incoming mail was scrubbed by a spam filtering service operated by my friend in Switzerland, but he is now retiring, so I need to do this for myself now. I figure the tool of choice is spamassassin, but where do I find a reasonably simple how-to guide? I assume I cannot just

dnf install spamassassin
    systemctl enable spamassassin.service
    systemctl start spamassassin.service

But what more do I need to do?

I was running Ubuntu 23.04, with postfix, with spamassassin installed as a service with systemctl. At the weekend I upgraded the distro to 24.04 and have now discovered that postfix is no longer able to call spamassassin. Originally I followed this installation guide: https://www.linuxbabe.com/mail-server/block-email-spam-check-header-body-with-postfix-spamassassin It configures /etc/postfix/main.cf with this milter: smtpd_milters = local:spamass/spamass.sock I now get these errors at various times:

mail:/w/serverless# cat /var/log/mail.log.1 | grep spam

Jul  6 15:33:49 mail spamass-milter: spamass-milter 0.4.0 starting
Jul  6 15:34:40 mail spamass-milter: Could not retrieve sendmail macro "b"!.  Please add it to confMILTER_MACROS_ENVRCPT for better spamassassin results
2024-07-06T16:10:54.054537+02:00 mail spamass-milter: spamass-milter 0.4.0 starting
2024-07-06T20:45:21.391844+02:00 mail spamass-milter: Could not retrieve sendmail macro "b"!.  Please add it to confMILTER_MACROS_ENVRCPT for better spamassassin results
2024-07-06T20:45:23.465636+02:00 mail spamass-milter: Could not extract score from 

2024-07-06T23:20:55.566449+02:00 mail spamc: connect to spamd on ::1 failed, retrying (#1 of 3): Connection refused
2024-07-06T23:20:55.566535+02:00 mail spamc: connect to spamd on 127.0.0.1 failed, retrying (#1 of 3): Connection refused
2024-07-06T23:20:56.566720+02:00 mail spamc: connect to spamd on ::1 failed, retrying (#2 of 3): Connection refused
2024-07-06T23:20:56.566814+02:00 mail spamc: connect to spamd on 127.0.0.1 failed, retrying (#2 of 3): Connection refused
2024-07-06T23:20:57.567154+02:00 mail spamc: connect to spamd on ::1 failed, retrying (#3 of 3): Connection refused
2024-07-06T23:20:57.567279+02:00 mail spamc: connect to spamd on 127.0.0.1 failed, retrying (#3 of 3): Connection refused
2024-07-06T23:20:57.567368+02:00 mail spamc: connection attempt to spamd aborted after 3 retries

How can I fix this, and make postfix connect to spamassassin, when it is not running as a service?

**update**: screenshot added showing the original message Forwarded in a new email. Replying to this message only copies the spam report into the reply. I don't know how I would reply to a false-positive (this is using Thunderbird so maybe that's part of the problem). I have spamassassin running on a mail host. Sometimes it dumps messages into my spam folder which aren't really intended to be spam. So, Spamassassin creates a report and forwards the original message in a new email. If the email isn't spam, there's really no way to get the original message back (pic added below). Does SA delete the original email or is it filed in some location unknown to me? Is there a tool or option in SA to remove the report or somehow turn the message back into "not spam"? Maybe there is a config option for this I don't know about because it seems like a super common problem.

For the longest time it seemed like what I had in place lately worked fine to block many of these new TLD's like .shop, .online, .tech, etc. All of a sudden it seems like some are getting through and I am wondering if I have something wrong with how I am set up or if there is something else going on letting these sneak in. Right now I have in my main.cf file smtpd_sender_restrictions = check_sender_access pcre:/etc/postfix/reject_domains reject_unknown_sender_domain reject_unknown_reverse_client_hostname reject_unknown_client_hostname In reject_domains I have many of the persistent TLD's listed: /\.online$/ REJECT However I also notice somewhere along the line I also added: /^.*@google.com$/ REJECT the culprit shows as this in the email headers eta.sureoak.online Am I daft and missing something blatant? Edit: I have followed some instructions from a different site and with little change it is blocking the required domains again but I am more confused now as I haven't really changed any of the original stuff. I did add smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/sender_access along with a domain google.com REJECT Thing is I am getting the reject message from the original settings. It's working now but still really confused what the original problem was and why it's working again now.

I have a mail system from Postfix, Dovecot, Amavis, Spamassin on a Debian Jessie 8.5. Imap and pop3 work fine. Smtp port 465 over ssl sends fine, delivery is okay, but port 25 and 587 got the error "undelivery user unknown for all local recipient and internet mailboxes". My master.cf is: dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -d ${recipient} # # Postfix master process configuration file. For details on the format # of the file, see the master(5) manual page (command: "man 5 master"). # # Do not forget to execute "postfix reload" after editing this file. # # ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # ========================================================================== smtp inet n - - - - smtpd -o content_filter=spamassassin # -o smtpd_tls_security_level=none -o smtpd_tls_security_level=may -o smtpd_sasl_auth_enable=yes # -o smtpd_sasl_auth_enable=no #spamassassin unix - n n - - pipe # user=spamd argv=/usr/bin/spamc -f -e # /usr/sbin/sendmail -oi -f ${sender} ${recipient} spamassassin unix - n n - - pipe flags=DROhu user=vmail:vmail argv=/usr/bin/spamc -f -e /usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop} #smtp inet n - - - 1 postscreen #smtpd pass - - - - - smtpd #dnsblog unix - - - - 0 dnsblog #tlsproxy unix - - - - 0 tlsproxy submission inet n - - - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,permit_mynetworks,reject -o milter_macro_daemon_name=ORIGINATING smtps inet n - - - - smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,permit_mynetworks,reject -o smtpd_helo_restrictions=permit_mynetworks,reject_invalid_hostname,permit -o milter_macro_daemon_name=ORIGINATING #628 inet n - - - - qmqpd pickup fifo n - - 60 1 pickup #-o content_filter= #-o receive_override_options=no_header_body_checks #-o content_filter= #-o receive_override_options=no_header_body_checks cleanup unix n - - - 0 cleanup qmgr fifo n - n 300 1 qmgr #qmgr fifo n - n 300 1 oqmgr tlsmgr unix - - - 1000? 1 tlsmgr rewrite unix - - - - - trivial-rewrite bounce unix - - - - 0 bounce defer unix - - - - 0 bounce trace unix - - - - 0 bounce verify unix - - - - 1 verify flush unix n - - 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - n - - smtp relay unix - - n - - smtp # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 showq unix n - - - - showq error unix - - - - - error retry unix - - - - - error discard unix - - - - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - - - - lmtp anvil unix - - - - 1 anvil scache unix - - - - 1 scache # # ==================================================================== # Interfaces to non-Postfix software. Be sure to examine the manual # pages of the non-Postfix software to find out what options it wants. # # Many of the following services use the Postfix pipe(8) delivery # agent. See the pipe(8) man page for information about ${recipient} # and other message envelope options. # ==================================================================== # # maildrop. See the Postfix MAILDROP_README file for details. # Also specify in main.cf: maildrop_destination_recipient_limit=1 # maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} #dovecot unix - n n - - pipe #flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -d ${recipient} -e #dovecot unix - n n - - pipe #flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -d ${recipient} -e # # ==================================================================== # # Recent Cyrus versions can use the existing "lmtp" master.cf entry. # # Specify in cyrus.conf: # lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4 # # Specify in main.cf one or more of the following: # mailbox_transport = lmtp:inet:localhost # virtual_transport = lmtp:inet:localhost #virtual_transport = lmtp:unix:private/dovecot-lmtp # ==================================================================== # # Cyrus 2.1.5 (Amos Gouaux) # Also specify in main.cf: cyrus_destination_recipient_limit=1 # #cyrus unix - n n - - pipe # user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user} # # ==================================================================== # Old example of delivery via Cyrus. # #old-cyrus unix - n n - - pipe # flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user} # # ==================================================================== # # See the Postfix UUCP_README file for configuration details. # uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) # # Other external delivery methods. # ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient scalemail-backend unix - n n - 2 pipe flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} mailman unix - n n - - pipe flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user} #smtp-amavis unix - - - - 2 smtp #-o smtp_data_done_timeout=1200 #-o smtp_send_xforward_command=yes #-o disable_dns_lookups=yes #-o max_use=20 #amavis unix - - - - 2 smtp # -o smtp_data_done_timeout=1200 # -o smtp_send_xforward_command=yes #127.0.0.1:10025 inet n - - - - smtpd #-o content_filter= #-o local_recipient_maps= #-o relay_recipient_maps= #-o smtpd_restriction_classes= #-o smtpd_client_restrictions= #-o smtpd_helo_restrictions= #-o smtpd_sender_restrictions= #-o smtpd_recipient_restrictions=permit_mynetworks,reject #-o mynetworks=127.0.0.0/8 #-o strict_rfc821_envelopes=yes #-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks #-o smtpd_bind_address=127.0.0.1 #-o content_filter= #-o local_recipient_maps= #-o relay_recipient_maps= #-o smtpd_restriction_classes= #-o smtpd_delay_reject=no #-o smtpd_client_restrictions=permit_mynetworks,reject #-o smtpd_helo_restrictions= #-o smtpd_sender_restrictions= #-o smtpd_recipient_restrictions=permit_mynetworks,reject #-o smtpd_data_restrictions=reject_unauth_pipelining #-o smtpd_end_of_data_restrictions= #-o mynetworks=127.0.0.0/8 #-o smtpd_error_sleep_time=0 #-o smtpd_soft_error_limit=1001 #-o smtpd_hard_error_limit=1000 #-o smtpd_client_connection_count_limit=0 #-o smtpd_client_connection_rate_limit=0 #-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks smtp-amavis unix - - - - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20 127.0.0.1:10025 inet n - - - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject -o smtpd_helo_restrictions=permit_mynetworks,reject_invalid_hostname,permit -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o mynetworks=127.0.0.0/8 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks policy-spf unix - n n - - spawn user=nobody argv=/usr/sbin/postfix-policyd-spf-perl vacation unix - n n - - pipe flags=Rq user=vacation argv=/var/spool/vacation/vacation.pl -f ${sender} ${recipient} main.cf #/usr/share/postfix/main.cf.dist for a commented, more complete version # Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default # is /etc/mailname. #myorigin = /etc/mailname smtpd_banner = $myhostname ESMTP $mail_name (Debian) biff = no #nn appending .domain is the MUA's job. append_dot_mydomain = no milter_protocol = 2 milter_default_action = accept smtpd_milters = inet:localhost:12301 non_smtpd_milters = inet:localhost:12301 # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client. myhostname = mail.exapmle.net alias_maps = hash:/etc/postfix/aliases alias_database = hash:/etc/postfix/aliases virtual_mailbox_base = /mail/ mailbox_command = /usr/libexec/dovecot/deliver mydestination = localhost, localhost.localdomain relayhost = mynetworks = 127.0.0.0/8 mailbox_size_limit = 600000000000 message_size_limit = 51200000 recipient_delimiter = + inet_interfaces = all inet_protocols = ipv4 #net_protocols = all virtual_minimum_uid = 7030 virtual_uid_maps = static:7030 virtual_gid_maps = static:7030 #relay_recipient_maps = # mysql:/etc/postfix/mysql_virtual_alias_maps.cf, # mysql:/etc/postfix/mysql_virtual_alias_domain_maps.cf, # mysql:/etc/postfix/mysql_virtual_alias_domain_catchall_maps.cf virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf, mysql:/etc/postfix/mysql_virtual_alias_domain_maps.cf, # mysql:/etc/postfix/mysql_virtual_alias_domain_catchall_maps.cf virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf, mysql:/etc/postfix/mysql_virtual_alias_domain_mailbox_maps.cf #irtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf #irtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf #irtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf #irtual_alias_domains = mysql:/etc/postfix/mysql_virtual_alias_domains_maps.cf #virtual_transport = virtual #local_recipient_maps = $virtual_mailbox_maps local_transport = virtual virtual_transport = dovecot transport_maps = hash:/etc/postfix/transport smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = #$myhostname #smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination #smtpd_sasl_security_options = noplaintext #smtpd_sasl_path = /var/spool/postfix/private/auth # check_policy_service unix:private/policy is for spf filter smtpd_recipient_restrictions = permit_mynetworks, check_client_access hash:/etc/postfix/client_checks, check_sender_access hash:/etc/postfix/sender_checks, permit_sasl_authenticated, reject_unauth_pipelining, reject_unauth_destination, check_policy_service unix:private/policy-spf, reject_invalid_hostname, reject_unknown_recipient_domain, reject_unauth_pipelining, # reject_non_fqdn_hostname, # reject_non_fqdn_sender, # reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_rbl_client sbl.spamhaus.org, reject_rbl_client blackholes.easynet.nl, reject_rbl_client dnsbl.njabl.org, # reject_rbl_client bl.spamcop.net, # reject_rbl_client sbl-xbl.spamhaus.org, # reject_rbl_client multi.uribl.com, # reject_rbl_client dsn.rfc-ignorant.org, # reject_rbl_client dul.dnsbl.sorbs.net, # reject_rbl_client list.dsbl.org, # reject_rbl_client dnsbl.sorbs.net, # reject_rbl_client cbl.abuseat.org, # reject_rbl_client ix.dnsbl.manitu.net, # reject_rbl_client combined.rbl.msrbl.net, # reject_rbl_client rabl.nuclearelephant.com, # reject_rbl_client dnsbl.sorbs.net, # reject_rbl_client bad.psky.me, # reject_rbl_client b.barracudacentral.org, # reject_rbl_client truncate.gbudb.net, # reject_rbl_client dnsbl-1.uceprotect.net, # reject_rbl_client sbl.spamhaus.org, # reject_rbl_client zen.spamhaus.org, permit #smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination,reject_invalid_hostname,reject_unknown_recipient_domain,reject_unauth_pipelining,reject_rbl_client sbl-xbl.spamhaus.org content_filter = smtp-amavis:[127.0.0.1]:10024 #receive_override_options = no_address_mappings smtpd_tls_cert_file=/etc/ssl/certs/mail.pem smtpd_tls_key_file=/etc/ssl/private/mail.key smtpd_use_tls=yes smtpd_tls_auth_only = no smtpd_tls_mandatory_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA,3DES, MD5, DES+MD5 smtp_tls_mandatory_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA,3DES, MD5, DES+MD5 smtpd_tls_dh1024_param_file = /etc/ssl/private/dhparams.pem smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache #smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache #smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_scache smtpd_sasl_security_options = noanonymous #smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated broken_sasl_auth_clients = yes smtp_use_tls = yes default_process_limit = 500 smtp_destination_recipient_limit = 1024 #policy_time_limit = 3600myorigin = /etc/mailname #local_transport = local #local_transport = virtual #dovecot_destination_concurrency_limit = 2 #dovecot_destination_recipient_limit = 1 #content_filter = smtp-amavis:[127.0.0.1]:10024 policy-spf_time_limit = 3600 strict_rfc821_envelopes = yes disable_vrfy_command = yes smtpd_helo_required = yes smtpd_client_restrictions = smtpd_helo_restrictions = check_client_access hash:/etc/postfix/rbl_override, permit_mynetworks, # reject_non_fqdn_hostname, # reject_invalid_hostname, permit smtpd_sender_restrictions = check_client_access hash:/etc/postfix/rbl_override, reject_unknown_sender_domain, reject_non_fqdn_sender, smtpd_tls_security_level = may smtp_tls_security_level = may #smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination #smtpd_sasl_security_options = noplaintext #smtpd_tls_auth_only = no spamassassin_destination_recipient_limit = 1 vacation_destination_recipient_limit = 1 dovecot_destination_recipient_limit = 1 #smtpd_tls_loglevel = 3 #debug_peer_level = 5 #debug_peer_list = 127.0.0.1 #ebug_peer_level = 5 Error mesege: is is the mail system at host mail.domain I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below. For further assistance, please send mail to postmaster. If you do so, please include this problem report. You can delete your own text from the attached returned message. The mail system : user unknown Reporting-MTA: dns; mail.bookaa.net X-Postfix-Queue-ID: B6D5FA0599 X-Postfix-Sender: rfc822; me@domain.com Arrival-Date: Thu, 24 Nov 2016 14:40:43 +0100 (CET) Final-Recipient: rfc822; user@domain Original-Recipient: rfc822;user@domain Action: failed Status: 5.1.1 Diagnostic-Code: x-unix; user unknown The log file: > Nov 24 14:40:44 mail postfix/qmgr: B6D5FA0599: > from=, size=1137, nrcpt=1 (queue active) Nov 24 14:40:44 > mail postfix/smtpd: disconnect from mail.domail[IP SERVER] Nov > 24 14:40:44 mail postfix/pipe: B6D5FA0599: to=, > relay=spamassassin, delay=0.54, delays=0.37/0/0/0.17, dsn=5.1.1, > status=bounced (user unknown) Nov 24 14:40:44 mail > postfix/cleanup: 2C4A1A05DE: > message-id= Nov 24 14:40:44 > mail postfix/bounce: B6D5FA0599: sender non-delivery > notification: 2C4A1A05DE Nov 24 14:40:44 mail postfix/qmgr: > 2C4A1A05DE: from=, size=3257, nrcpt=1 (queue active) Nov 24 14:40:44 > mail postfix/qmgr: B6D5FA0599: removed Nov 24 14:40:44 mail > postfix/pipe: 2C4A1A05DE: to=, relay=dovecot, > delay=0.23, delays=0/0/0/0.22, dsn=2.0.0, status=sent (delivered via > dovecot service) Nov 24 14:40:44 mail postfix/qmgr: 2C4A1A05DE: > removed

Recently one of our company's accounts gets a target of spam mails. This account is already locked, but spam emails never end. Thus, I edit */etc/postfix/header_check* file as follows: /^To:.targetuser@ourcompanyshostname\.org/ REJECT I have tested whether I cannot send to a mail to this user and I confirmed that postfix successfully rejects it:) But, it cannot reject the spammer's mail since the header looks like: To: targetuser@ourcompanyshostname\.org There is an any name in addition to the actual email address that the spammer changes every time. How can I reject this rule?

Spamass-milter man says the following about -i network flag: "Ignores messages if the originating IP is in the network(s) listed. The message will be passed through without calling SpamAssassin at all. Networks is a comma-separated list, where each element can be either an IP address (nnn.nnn.nnn.nnn), a CIDR network (nnn.nnn.nnn.nnn/nn), or a network/netmask pair (nnn.nnn.nnn.nnn/nnn.nnn.nnn.nnn)." Now when I set it like this in /etc/default/spamass-milter, OPTIONS="-u spamass-milter -i 127.0.0.1,123.456.78.990" OPTIONS="-r 7.0" It only applies my second option to reject emails that have their spam score higher than 7. However, when I send an email from my IP address 123.456.78.990 that has a score of 8 the email is not whitelisted in accordance with my -i flag set earlier, but rejected instead. How do I whitelist my IP address in spamass-milter? Would be really thankful for any pointers / suggestions. It's all whitelisted in /etc/spamassassin/local.cf by domain names and by trusted network IP addresses as well.

I use multiple devices ( desktop / laptop / iphone / ipad ). I use POP because my desktop has extensive folders that I do not want to upload/share with a server, or take up space on my mobile devices. I use spambayes on my desktop, which is the most amazing thing ever. Unfortunately, The built in spam filter for Apple products is beyond bad, so my mobile devices are a trashfire of incoming spam. My thought was to implement spamassassin, with baysian options, and then train it off my desktop spam folder. I think this is pretty straight forward. What would be ideal though is if each device could flag spam, and have the spamassassin on the server continue to learn based on that. I am thinking of setting each device with a POP account that downloads everything. Then a second IMAP account on each device that only syncs the Junk Folder. Am I going about this ass backwards? Is there an easier, obvious, solution I'm not aware of? Any input appreciated.

I'm trying to send mails from my domain **tickety.be**. I'm using **sendmail** to do this. My sender is info@tickety.be. My receiver is also info@tickety.be. My application is hosted on my Scaleway server. I've also setup cloudflare. In my cloudflare settings I have: But why is it going into spam?

for years I've been using Exim as MTA. I had three strategies to prevent Spam. First of all blacklists. The second was to delay the mail delivery and the third was SpamAssassin. But this year, more and more Spam got through the filter, IMHO the spam is sent by hacked servers / accounts. On the other hand, I hear from customers with a firewall subscription like Sophos and WatchGuard, that they have almost no Spam any more. I also tried to adapt the config and switch from SpamAssassin to RSpamd, but instead I got more and more false positives. I also tried the methods, described on the Github Site of exim: https://github.com/Exim/exim/wiki/SpamFiltering But most of the information is outdated. Can some one tell me, what's the 2018 method to get rid of Spam with Exim?

I have set up postfix with spamassassin, and then added mailman for mailing list management, everything on Debian 9 Stretch: postfix: 3.1.8 mailman: 2.1.13 spamassassin: 3.4.1 The problem is that the mail that is reinjected by MailMan is re-checked by SpamAssassin for each single recipient of mailing lists, which puts quite some burden on the system. Since the mail is already checked when originally accepted, I would like to circumvent the second spam check. The configuration is as follows: Mailman has MTA='Postfix' in the mm_cfg.py file. Postfix ======== main.cf ------- virtual_alias_maps = hash:/etc/postfix/virtual, hash:/var/lib/mailman/data/virtual-mailman master.cf ---------- smtp inet n - y - - smtpd .... -o content_filter=spamassassin smtps inet n - y - - smtpd .... -o content_filter=spamassassin submission inet n - y - - smtpd ... -o content_filter=spamassassin -o receive_override_options=no_milters ... spamassassin unix - n n - - pipe user=debian-spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient} What would be a possible way to make SpamAssassin skip the check on email delivered from MailMan?

I have problem with amavis-new. amavis-new removes an e-mails tagged as SPAM are removed instead of leave them tagged by SpamAssassin. Here's /var/log/mail.log: Jul 20 20:04:09 cloud-vps opendmarc: D6A8940030: mail.com none Jul 20 20:04:09 cloud-vps postfix/qmgr: D6A8940030: from=, size=6018, nrcpt=1 (queue active) Jul 20 20:04:09 cloud-vps postfix/smtpd: disconnect from mout.gmx.com[74.208.4.201] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7 Jul 20 20:04:19 cloud-vps amavis: (27212-02) Blocked SPAM {NoBounceOpenRelay,Quarantined}, [74.208.4.201]:56671 [80.82.28.18] -> , quarantine: B/spam-Btuzpnjs5cte.gz, Queue-ID: D6A8940030, Message-ID: , mail_id: Btuzpnjs5cte, Hits: 1000, size: 6082, 9557 ms Jul 20 20:04:19 cloud-vps postfix/smtp: D6A8940030: to=, relay=127.0.0.1[127.0.0.1]:10024, delay=11, delays=1.2/0.03/0.54/9.3, dsn=2.5.0, status=sent (250 2.5.0 Ok, id=27212-02, DISCARD(bounce.suppressed)) Jul 20 20:04:19 cloud-vps postfix/qmgr: D6A8940030: removed Have anyone ideas how to prevent removing them by amavis-new? I want to automatically move these mails to SPAM or JUNK folder instead of removing them.

I have recently added spamassassin to my mailserver, as the blacklists weren't effective enough. To clarify: I use Postfix as SMTP + Dovecot as LDA, postgrey for greylisting and postfwd for rate-limiting. To add Spamassassin, I use guide: https://www.digitalocean.com/community/tutorials/how-to-configure-a-mail-server-using-postfix-dovecot-mysql-and-spamassassin Even though it works, I don't see why it does. What troubles me is the master.cf: smtp inet n - y - - smtpd -o content_filter=spamassassin dovecot unix - n n - - pipe flags=DRhu user=virtual:virtual argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop} -m ${extension} spamassassin unix - n n - - pipe user=debian-spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient} I don't understand why there is suddenly sendmail involved. Is there a way to set this up more properly? Here is also my postconf -n in case it is needed. append_at_myorigin = yes biff = no broken_sasl_auth_clients = yes default_destination_concurrency_limit = 1 delay_warning_time = 8h disable_vrfy_command = yes dovecot_destination_concurrency_limit = 1 dovecot_destination_recipient_limit = 1 enable_original_recipient = yes local_destination_concurrency_limit = 1 mailbox_size_limit = 100000000 maximal_queue_lifetime = 6d message_size_limit = 52428800 myhostname = REDACTED myorigin = /etc/mailname smtp_helo_name = REDACTED smtp_use_tls = yes smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated smtpd_delay_reject = no smtpd_hard_error_limit = 10 smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname smtpd_recipient_restrictions = check_policy_service inet:127.0.0.1:10040 permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unlisted_recipient, reject_unauth_destination, reject_unauth_pipelining, reject_rbl_client zen.spamhaus.org=127.0.0.[2..11], reject_rbl_client bl.spamcop.net, reject_rbl_client cbl.abuseat.org, check_policy_service inet:127.0.0.1:10023 smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unlisted_recipient, reject_unauth_destination, reject_unauth_pipelining smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_local_domain = REDACTED smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_tls_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_sender_restrictions = permit_mynetworks, reject_unknown_sender_domain smtpd_soft_error_limit = 5 smtpd_tls_cert_file = REDACTED smtpd_tls_dh1024_param_file = /etc/ssl/dhparams.pem smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA smtpd_tls_key_file = REDACTED smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_security_level = may smtpd_tls_session_cache_timeout = 3600s smtpd_use_tls = yes strict_rfc821_envelopes = yes tls_random_source = dev:/dev/urandom virtual_alias_maps = proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_maps.cf, proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_maps.cf, proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf virtual_mailbox_domains = proxy:mysql:/etc/postfix/sql/mysql_virtual_domains_maps.cf virtual_mailbox_maps = proxy:mysql:/etc/postfix/sql/mysql_virtual_mailbox_maps.cf, proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf virtual_transport = dovecot

We have a configuration where we have multiple shared IMAP folders (using dovecot) for a given group of people (e.g one for ressort A, one for ressort B). These groups have a mailaddress e.g. a@example.com and b@example.com. The people of this group can decide that they want the mail to be forwarded to an external account. (e.g. johndoe@another-example.com) I implemented this using virtual_alias_maps (e.g. a@example.com -> a@example.com, johndoe@another-example.com) now we have implemented spamassassin (postfix -> spamassassin -> postfix) where the first iteration does no alias resolution but just accepts the mail if the rcpt to address exists and the second iteration through postfix then resolves the aliases. my problem is, that I do not want our server to actually send spam to those external accounts, but place the spam in a Spam/Junk folder on the local dovecot. so, I do not want the alias lookups to happen (or that they work differently) when the X-Spam: yes header is set.

One of our spamassassin servers is getting smashed by tons of Russian spam and causing a failure when we're trying to process the emails we care about. I'm trying to reject all email that isn't on 2 specific domains, but not sure why it isn't working properly. I went through the config and added the following, but it doesn't see to make any changes after service restart. In: local.cf i've tried 2 changes: blacklist_to *@* un_blacklist_to *@domain1.com un_blacklist_to *@domain2.com And this one... whitelist_to *@domain1.com whitelist_to *@domain2.com blacklist_to *@* I thought I would have seen some of these changes go through rather quickly but it doesn't seem to change anything. The spam email is coming in with pretty low sizes and the email I care about needs to be over 50k. Even if I could figure out how to reject all email over 50k, that would work. Thanks for any help on this. Going to keep looking at solutions while in this bind...

I updated my /etc/spamassassin/local.cf spamassassin file to update some score rules. However, even after restarting spamassassin (via service), the new score are not shown in spam emails. In fact, nothing in that file seem to influence how spamassassin work. I use exim as my MTA but that should not matter. All packages were installed via apt-get and are at the latest version for 14.04. For example, I have this: score HTML_MESSAGE 2.0 define in /etc/spamassassin/local.cf. I restarted both exim and spamassassin. spamassassing --lint shows that there are no errors int hat file. Then got yet another spam with this: 0.0 HTML_MESSAGE BODY: HTML included in message In the X-Spam-Report field. I ran spamassassin -D < spam and the order of loading of cfg files seems to be wrong: Jun 8 13:34:07.300 dbg: config: read file /etc/spamassassin/local.cf ... Jun 8 13:34:07.600 dbg: config: read file /var/lib/spamassassin/3.004000/updates_spamassassin_org/50_scores.cf ... Jun 8 13:34:07.787 dbg: config: read file /var/lib/spamassassin/3.004000/updates_spamassassin_org/73_sandbox_manual_scores.cf Jun 8 13:34:07.788 dbg: config: fixed relative path: /var/lib/spamassas sin/3.004000/updates_spamassassin_org/local.cf ... ***What is going on?*** Based on a comment from [Centimane](https://unix.stackexchange.com/users/67807/centimane) : I tried strace -f -e trace=file spamassassin -D < spam with the same result: Spamassassin is reading system files after the local.cf file. Thus, trashing any score changes. From comments, here is the local.cf file, which is more or less the vanilla one. # This is the right place to customize your installation of SpamAssassin. # # See 'perldoc Mail::SpamAssassin::Conf' for details of what can be # tweaked. # # Only a small subset of options are listed below # ########################################################################### # Add *****SPAM***** to the Subject header of spam e-mails # rewrite_header Subject *****SPAM***** add_header spam Flag _YESNOCAPS_ add_header all Checker-Version SpamAssassin _VERSION_ (_SUBVERSION_) on _HOSTNAME_ add_header all Status _YESNO_, score=_SCORE_ required=_REQD_ tests=_TESTS_ autolearn=_AUTOLEARN_ bayes=_BAYES_ add_header all Report _SUMMARY_ # Save spam messages as a message/rfc822 MIME attachment instead of # modifying the original message (0: off, 2: use text/plain instead) # # report_safe 1 # Set which networks or hosts are considered 'trusted' by your mail # server (i.e. not spammers) # # trusted_networks 212.17.35. # Set file-locking method (flock is not safe over NFS, but is faster) # # lock_method flock # Set the threshold at which a message is considered spam (default: 5.0) # required_score 5.0 # Use Bayesian classifier (default: 1) # use_bayes 1 bayes_path /var/lib/spamassassin/bayes/bayes bayes_file_mode 0777 # Bayesian classifier auto-learning (default: 1) # bayes_auto_learn 1 # Set headers which may provide inappropriate cues to the Bayesian # classifier # bayes_ignore_header X-Bogosity bayes_ignore_header X-Spam-Flag bayes_ignore_header X-Spam-Status # Some shortcircuiting, if the plugin is enabled # ifplugin Mail::SpamAssassin::Plugin::Shortcircuit # # default: strongly-whitelisted mails are *really* whitelisted now, if the # shortcircuiting plugin is active, causing early exit to save CPU load. # Uncomment to turn this on # shortcircuit USER_IN_WHITELIST on shortcircuit USER_IN_DEF_WHITELIST on shortcircuit USER_IN_ALL_SPAM_TO on shortcircuit SUBJECT_IN_WHITELIST on # the opposite; blacklisted mails can also save CPU # shortcircuit USER_IN_BLACKLIST on shortcircuit USER_IN_BLACKLIST_TO on shortcircuit SUBJECT_IN_BLACKLIST on # if you have taken the time to correctly specify your "trusted_networks", # this is another good way to save CPU # # shortcircuit ALL_TRUSTED on # and a well-trained bayes DB can save running rules, too # shortcircuit BAYES_99 spam shortcircuit BAYES_00 ham blacklist_from wokfrance.com blacklist_from brother-mailer.com blacklist_from *.sd-soft.net blacklist_from woifrance.com blacklist_from adimacocl.net blacklist_from bletspuranawyat.net blacklist_from sd-soft.net blacklist_from m1web-track.com blacklist_from winntoniecline.net blacklist_from kafod.org blacklist_from *.kafod.org blacklist_from bhlivetickets@bhlive.co.uk blacklist_from *.bhlive.co.uk blacklist_from *.regionasm.net blacklist_from regionasm.net ## Tweaks. score AC_BR_BONANZA 1.0 score ADMITS_SPAM 10.0 score A_HREF_TO_REMOVE 2.0 score DEAR_FRIEND 4.0 score FREEMAIL_FORGED_FROMDOMAIN 4.0 score FREEMAIL_FROM 1.0 score FROM_LOCAL_HEX 9.0 score HTML_MESSAGE 2.0 score RCVD_IN_MSPIKE_BL 2.0 score RCVD_IN_SORBS_WEB 2.0 score RCVD_IN_XBL 3.0 score RDNS_NONE 2.0 score SCVD_IN_DNSWL_BLOCKED 3.0 score T_DKIM_INVALID 1.0 score T_FREEMAIL_DOC_PDF 3.0 score T_REMOTE_IMAGE 3.0 score URIBL_BLOCKED 3.0 score URIBL_DBL_SPAM 3.0 score URIBL_JP_SURBL 3.0 score URIBL_WS_SURBL 3.0 endif # Mail::SpamAssassin::Plugin::Shortcircuit And the whole output of spamassassin -D is too big for this. However, the relevant lines are above. If you want more information, tell me what to look for and I will add it.

I'm wondering if anyone can help me out with following the directions I found here https://wiki.apache.org/spamassassin/CachingNameserver to set up a working configuration for Spamassassin. I think I have a problem which is, as it has been explained to me, that my ISP name servers are being blocked by the various DNSBL servers. So Spamassassin is not able to make DNSBL queries under my current system configuration, as DHCP has configured my /etc/resolv.conf to tell the DNS libraries to forward requests through my ISP's servers. The above document describes a workaround, basically to have named route Spamassassin DNSBL queries directly to the DNSBL servers so that they come from my own IP, which presumably isn't blocked. At the same time, all other queries should go to the name servers configured by my local DHCP server, or something to that effect, for speed. However, I found the documentation to be somewhat complex, for example it tells me to put something in /etc/resolv.conf but doesn't explain how I should make sure that my DHCP client doesn't overwrite that file. Also, it asks me to hard-code my ISP name servers in /etc/named.conf - but I'd rather have these configured by DHCP so that I don't have to worry about manually changing the configuration when I travel. Can someone help me configure this? I would like to know what I should put in /etc/named.conf, and and any other configuration files, Systemd unit files, etc. Also, the Spamassassin documentation doesn't explain what commands I can use to test that a query to one of the DNSBLs is failing in my current configuration, or how to verify that it succeeds in an improved configuration. It would be useful to know these things so that I can test that my setup is working. If it matters, I run Arch Linux. I apologize for being so inadequate at figuring these things out for myself. Thank you in advance.

My previous question, https://unix.stackexchange.com/questions/335842/cleaning-out-mail-folders-with-cron-task didn't result in a good enough answer to help me. I have narrowed down the task as follows: I wish to move mail out of each user's .spam/cur and .spam/new folders into the spam-teaching folder (by nightly cron job). There they will be processed and deleted. mv ~/mail/*/*/.spam/{cur,new}/* ~/mail/.sa-learn The above line generates an error if the folder doesn't exist. e.g., +-- mail +-- sitename.com +-- username1 | +-- .spam | +-- cur | +-- new +-- username2 <-- no ".spam" folder. +-- username3 | +-- .spam | +-- cur | +-- new Since it would be useful to create the folders for the users if they don't exist I am considering using touch to create them if they don't exist. Q1: Is the following approach robust enough? for dir in ~/mail/*/*/; do touch "$dir/.spam"; done for dir in ~/mail/*/*/.spam/; do touch "$dir/cur"; done for dir in ~/mail/*/*/.spam/; do touch "$dir/new"; done Q2: Will the move command now work without error even if the folders are empty? mv ~/mail/*/*/.spam/{cur,new}/* ~/mail/.sa-learn Q3: Is there a smarter way to do this? ---------- **Update 4** #!/bin/bash # SpamAssassin Learn script. # With help from Kusalananda's answer # to https://unix.stackexchange.com/questions/336412/creating-spam-folders-in-each-mail-users-account # # Any mail the user drops into their spam folder will be moved to a temp folder, # fed to SpamAssassin's sa-learn and then deleted. # The script also creates the .spam folders for each account if they don't already exist. # Run daily as a cron task. myDomain=sitename.com # Create .spam/, .spam/cur/ and .spam/new/ folders for each user. #mkdir -p "$HOME"/mail/"$myDomain"/*/.spam/{cur,new} for userdir in "$HOME"/mail/"$myDomain"/*; do test -d "$userdir" && mkdir -p "$userdir"/.spam/cur; done for userdir in "$HOME"/mail/"$myDomain"/*; do test -d "$userdir" && mkdir -p "$userdir"/.spam/new; done # Create a temp folder. mkdir -p "$HOME"/mail/.sa-learn/ # Find all the .spam emails and move them to the temp folder. # IMAP users should see their spam folder empty. find "$HOME"/mail/"$myDomain" -type f -path "*/.spam/cur/*" -print0 | xargs -0 -I XX mv "XX" "$HOME"/mail/.sa-learn/ find "$HOME"/mail/"$myDomain" -type f -path "*/.spam/new/*" -print0 | xargs -0 -I XX mv "XX" "$HOME"/mail/.sa-learn/ # Feed the emails into the SpamAssassin spam learner. sa-learn -p ~/.spamassassin/user_prefs --spam "$HOME"/mail/.sa-learn # Remove the temporary folder and its contents. rm -rf "$HOME"/mail/.sa-learn This works. I seemed to be having trouble with the {cur,new} syntax. User now drops spam into .spam folder. Cron job moves them to .sa-learn folder, feeds them to sa-learn and then deletes the folder.

I am sure this is a common occurrence: a user (who has an IP that is in a blacklist or two ) is sending mail using his email provides server (with SMTP authentication), then that server is forwarding the message to the recipient. Here's a sanitized header of such message.

Received: from email-com-hosting.com ([1.2.3.4])
	by mail.email2.com with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.84_2)
	(envelope-from )
	id 1aaaaa-000000-aa
	for recipient@email2.com; Fri, 30 Sep 2016 00:01:00 +0300
DKIM-Signature: some-valid-signature-added-by-1.2.3.4;
Received: from [5.6.7.8] (helo=[10.0.0.1])
	by email-com-hosting.com with esmtpa (Exim 4.76)
	(envelope-from )
	id 1aaaaa-000000-ab
	for recipient@email2.com; Fri, 30 Sep 2016 00:00:00 +0300

Server 1.2.3.4 is the actual server for email.com, the mx record points to it ant everything. IP 5.6.7.8 is in a couple of blacklists. Spamassassin marks this email as spam because 5.6.7.8 is in a blacklist. How do I make it ignore all received headers that have "esmtpa" - autenticated SMTP and all headers below it? The idea is this: 1. If the header is genuine and the user is actually authenticated, do not check if the IP is in a blacklist. 2. If the header is spoofed, then it is useless anyway. 3. If the user is not authenticated, then check his IP too. For now I can add -lastexternal or -notfirsthop to all checks, but maybe there is a way to do this incorporating the presence/absence of "a" in the received header.