All mails going Dest: dev null Mode:Spam

I have had a functional centos 7 webmin/virtualmin with spamassasin/clamav enabled
Preformatted textDest:/dev/null Mode:SpamPreformatted text
all mails are going to User: Dest:/dev/null Mode:Spam
when i disabled spam service from virtualmin mail is going ok.
but obviously spamassasin service is all stopped.

In virtualmin > domain> Spam and Virus Delivery
I have spam >> deliver normally
virus: Write to standard virus Maildir ~/Maildir/.Virus/

Kindly help me fix this issue as i had no problem with this server. No big changes only updates. I had recently changed spamassasin spam tolerance from 10 to 7 and added a few rules to stop phishing. Pl check my procmail settings and tell me what can i do to fix this issue please? I had disabled spam service and then enabled but after enable all incoming mails were going again to > dev/null Mode:Spam
so i am forced to disable spam and in spam i had spamc (Client for SpamAssassin filter server spamd) checked.

The procmail config i have is

Blockquote

LOGFILE=/var/log/procmail.log
TRAP=/etc/webmin/virtual-server/procmail-logger.pl
:0wi
VIRTUALMIN=|/etc/webmin/virtual-server/lookup-domain.pl --exitcode 73 $LOGNAME
EXITCODE=$?
:0

  • ?/bin/test “$EXITCODE” = “73”
    /dev/null
    EXITCODE=0
    :0
  • ?/bin/test “$VIRTUALMIN” != “”
    {
    INCLUDERC=/etc/webmin/virtual-server/procmail/$VIRTUALMIN
    }
    ORGMAIL=$HOME/Maildir/
    DEFAULT=$HOME/Maildir/
    #DROPPRIVS=yes
    #:0fw
    #| /bin/spamassassin
    #:0
    #* ^X-Spam-Status: Yes
    #$DEFAULT
    DROPPRIVS=yes

Blockquote

Is there anyone who have had the same issue? Please give me a clue.

FWIW - the config from one of my working servers is below:

LOGFILE=/var/log/procmail.log
TRAP=/etc/webmin/virtual-server/procmail-logger.pl
:0wi
VIRTUALMIN=|/etc/webmin/virtual-server/lookup-domain.pl $LOGNAME
EXITCODE=$?
:0

  • ?/usr/bin/test “$EXITCODE” = “73”
    /dev/null
    EXITCODE=0
    :0
  • ?/usr/bin/test “$VIRTUALMIN” != “”
    {
    INCLUDERC=/etc/webmin/virtual-server/procmail/$VIRTUALMIN
    }
    ORGMAIL=$HOME/Maildir/
    DEFAULT=$HOME/Maildir/
    DROPPRIVS=yes
    :0
    $DEFAULT
    :0
  • ^X-Spam-Status: Yes
    /dev/null
1 Like

It might be a bit of a longshot - copy your config off somewhere (notepad or something similar) and paste in the one I posted above and see if that makes any difference.

Yours is different to mine towards the bottom and I wonder if the sequence of lines makes a difference.

Give it a go. If it doesn’t help - you can always put your config back.

HIH

Dibs

Appreciate so much Dibs for your help. I had disabled as Andre had suggested as i had some errors and this part was disabled and it worked: I will surely try yours this evening once there is less mail traffic. its a small server but has active users. right now i hv disabled spamassasin n mail is being delivered.

Blockquote
#:0fw
#| /bin/spamassassin
#:0
#* ^X-Spam-Status: Yes
#$DEFAULT
DROPPRIVS=yes

Blockquote

Second thing i did is virtualmin> System Settings -> Module Config -> Spam Filtering Options > i chose mail delivered normal option as i want mail with spam to be delivered for now just to get by.
I hope to test your procmail config later this evening and see if it works. I have a centos 7 setup and similar to this one on another machine worked fine. It was working fine till 2 days ago but after changing spam tolerance low to high and adding some mail header rules problem started.
3rd thing i hope i can do is to start with a default config if nothing works. But i think problem is with procmail or some SAssasin command.

@atleast - no probs. let us know how you get on.

Your idea is good, to get things back to a working setup - maybe default - and then go thru your planned changes one at a time and see how you get on.

HIH

Dibs

1 Like

Yes i have never had this kind of odd issue. SA and procmail both are bit mysterious to me and dont seem to have much control what they do or how can we tune them up. But i follow the webmin virtualmin rules which are extremely good and things work. Once Andrey had given a simple trick that we should first disable from domains> spam function and save and then re try enable. I could not do that even as i needed the mails to be delivered as they began going to null and we cant get back. Someone has had this kind of problem before but that was way back in time. Looks like life has endless challenges :slight_smile:

Hello Joe i dont know if it is spamassasin or Procmail causing this issue. Can you kindly suggest what could be the cause and how can it be fixed?

If I knew, I would have replied. This isn’t something I’ve seen. I think when we’ve had folks with this kind of trouble in the past it was because they’d setup extra stuff; specifically RBLs in a way that was a hard block. SpamAssassin should always result in a score…if you’re getting everything always blocked, you’ve done something to make Procmail throw everything away. I doubt it is SpamAssassin making the decision.

Virtualmin defaults to putting spam into a spam folder, not throwing it away, so again, this is something you setup differently. If you can look at the mails that were filtered, you could see what SpamAssassin rules they triggered, but since you’ve apparently configured it to trash them, you’ve got nothing to look at.

I don’t know how to help, since I don’t know how you got to where you are.

1 Like

Dear Joe I agree totally. Just to help anyone in future i will give you quick review.

  1. Procmail I had no change in configs and i followed your tips and it was working smooth.
  2. Spamassassin: On this domain specific i had under virtualmin > spam/virus DELIVER NORMAL and for virus /maildir
  3. Today I changed virtualmin> System Settings -> Module Config -> Spam Filtering Options > i chose mail delivered normal option and saved just in case.
    [Not using SA still as i plan to do in few hours when there are fewer mails coming]
  4. SpamAssassin Mail Filter : Here I had tolerance 7 and increased it to 9 n later to 14
    THE KEY change i did was to add RULES in Header & Body tests
    to stop phishing scammers to add key words of their frequent using words like domain-admin or domain-mail-system etc. I had over 50 rules but the rule i added 2 days before and then restarted SA with higher tolerance to 14.0 at this point most incoming mails began going to dev null Mode:Spam

I initially thought it could be the key words i had added so i removed all words related to domain, changed SSL certificate and sill nothing happened.
Now I have two choices : to follow an idea you had suggested once that we disable spam service from virtualmin domain and then save and then re-add. I am wondering if this could cause problems in a running service.
second to start with a simpler /etc/mail/spamassasin/local.cf with basic configs.
as i had mostly a white list, denied list and then the rules in header/body. which i can add if it works.
My critical question is i had never changed anything in procmail and it has been all ok since one year and now should i make any change in procmail config? I posted mine in my first post.
I know i am asking for too much but you may have much better view of what is happening. If any tips pl give me hints. I am really grateful for all help.

If you haven’t changed Procmail, then don’t change Procmail.

Sounds like your most recent additions are the culprit. So, roll those back. Seems like the last thing you did before it stopped working is the obvious culprit, no?

1 Like

Indeed that is why i rolled back most of the rules quick but i guess if SA had a wrong config or syntax issue it usually will warn. But instead mails going to null in spam mode is bizarre.
ISSUE IS that if i start SA service mails instantly go to null spam mode.
I will clean out the sa local.cf possibly and then add rules later on that dint cause any issue.
Shouldnt there be a way to know the root of this dev null Mode: Spam function? Is there any way i can just stop that from some file?

On handling spam.
Another thing is there any way we could say separate mails above 20+ tolerance and then send them to a special folder. For now i had all mails delivered to user as many legitimate mails go labelled as spam. So fearing any loss i opted for deliver mail normally. Ordinary spam is not that big an issue as phishing scam mails which are not highly sophisticated and there should be some way to catch them.

As I said, the default configuration in Virtualmin is to send mail marked spam by SpamAssassin to a .spam folder. You’ve changed it. I don’t know why/how. :wink:

Look at the per-domain Procmail rules (find them in /etc/webmin/virtual-server/procmail/).

Well thanks Joe no i dint change anything trust me. I just follow the setup of all these programs as suggested. I checked per-domain Procmail rules find them in `/etc/webmin/virtual-server/procmail/
but they are config files of backups of procmail. Did you mean the file like this i found this back up file under virtual-server/procmail but i am using like the one i posted in first post. procmail seems to be highly sensitive and i wish i can find a ver that works with clam and spamassassin.

Blockquote
DROPPRIVS=yes
:0cw
| /etc/webmin/virtual-server/clam-wrapper.pl /bin/clamdscan --config-file /etc/clamd.d/scan.conf
VIRUSMODE=1
:0e
$HOME/Maildir/.Virus/
VIRUSMODE=0
:0fw
| /bin/spamc
SPAMMODE=1
:0

  • ^X-Spam-Level: ****************
    /dev/null
    SPAMMODE=0

Blockquote

You reckon you know more about Virtualmin than I do? :wink:

I’m telling you those are the config files that get run every time a mail is received by one of your domain users.

And, you’ve clearly got it configured to go to /dev/null:

1 Like

You configured that in <domain>->Server Configuration->Spam and Virus Delivery. You’ve changed it to “Throw Away”, when what you’ve said you want is to deliver it to different mailbox ( Write to standard spam Maildir ~/Maildir/.spam/ ).

Edit: I’ve updated this, as I was pointing out a different form earlier, which is probably not actually the right one. I think I have some extra old stuff on my personal machine that I was looking at. Though I may need to double check that. If we have two forms for these decisions in the default install that’s stupidly bad UI and I’ll need to fix it.

1 Like

@atleast - the config I posted earlier, have you tried it?

What @joe has said in his recent post, makes me think (more) that the commands in the config - the commands themselves and the order they are in may well affect things.

Let us know how it goes with the config from a working server?

Regards

Dibs

1 Like

Joe appreciate your details. I use virtualmin only intuitively grateful to you and Jamie’s hard work, persistence and zeal however yes i am a zealot user for years perhaps since beginning.
That last config of procmail i posted that was a default one i found on backup. Now i have is :

Blockquote
LOGFILE=/var/log/procmail.log
TRAP=/etc/webmin/virtual-server/procmail-logger.pl
:0wi
VIRTUALMIN=|/etc/webmin/virtual-server/lookup-domain.pl --exitcode 73 $LOGNAME
EXITCODE=$?
:0

  • ?/bin/test “$EXITCODE” = “73”
    /dev/null
    EXITCODE=0
    :0
  • ?/bin/test “$VIRTUALMIN” != “”
    {
    INCLUDERC=/etc/webmin/virtual-server/procmail/$VIRTUALMIN
    }
    ORGMAIL=$HOME/Maildir/
    DEFAULT=$HOME/Maildir/
    #DROPPRIVS=yes
    #:0fw
    #| /bin/spamassassin
    #:0
    #* ^X-Spam-Status: Yes
    #$DEFAULT
    DROPPRIVS=yes

I have this on domain as I cant use throw away on this domain as some critical mails get labelled as spam n thus user must receive them. This however has drawback that phishing scams get in.

Blockquote

Most of my settings are based on your suggestions, tips.

I do not want to opt for this as again spam folder will not reach outlook users.

IS it safe and better to uninstall spamasssasin and then re install will that help?

My need for this domain is:
All spam eg above 18.00 goes to a standard spam folder IF possible
All spam below 18.00 goes to deliver NORMALLY
Now if above is not feasible than I just need deliver to user inbox as
see this entry from procmail log
View Logfile

To: User:abc.zy Size:6167 Dest:/home/domain/homes/mailid/Maildir/new/1591973221.5378_0.um-domain.com Mode:None

Dibs good morning I was not able to do last night as I have to do Fri night or saturday morning to not interrupt any loss of mails. I will keep posted. I am trying to understand the mistake I did and what bug is causing this to happen. I bet you that this can happen to any user. It may be simple but configuring procmail and spamassa is not that simple.

Joe years ago you wrote : The SpamAssassin Webmin module is not the same as SpamAssassin. It is a GUI for controlling SpamAssassin. But, you have to install SpamAssassin separately (we recommend using packages provided by your OS).
If I uninstall spamassasin on my troubled setup how do i do? I just do yum uninstall ? Wil that impact SA GUI of webmin module? It will be great if you could give a little clue so that I dont fall in a bigger trouble. Pl let me know if possible.