Don’t uninstall SpamAssassin.
If you don’t want to scan mail for spam, just disable it for your domains. You can bulk disable spam filtering in List Domains->Check the boxes beside the domains you want to change->Update Selected
1 Like
Thanks Joe. That is very critical help. I will not touch that for now but only try to re start with a new basic local.cf
I want to scan mails for spam surely as SA does bans many kind of bad mails.
Problem is that i wish there is a way to stop all mails above eg 18 tolerance level to be rejected or go to a different folder on server. For this domain all other mails I need to not throw away but deliver normally.’
Well i know may be the above is not possible but my immediate need is to deliver normal to mail boxes.
So my best options for now are : 1. disable and then enable spam service on viritualmind> domain
then restart SA service. If still not working i then change the local.cf on sa as it has many other old definitions that have never been a problem. They stop all typical viagr+ kind of mails.
third option is to do some tweaking of procmail. as Dibs in this thread suggested. My procmail so far is excellent as i dint alter it.
I wish there is an option where even if spam labelled mails dnt go to null.
I truly appreciate your kindest help Joe. I am going to try tonight or Satur morning.
On another server I had a domain where i enabled spam n virus now and i chose Spam deliver normal.
i sent a mail to a test user and see here maillog = status=sent (delivered via spamassassin service)
and procmail.log = Mode:None
Spam and Virus Delivery
In domain abc.org
Spam : Deliver normally
Cant choose spam dir as outlook users can not see it.
postfix/pickup[27732]: C8A6825CE2: uid=1024 from=ok@dom.com
Jun 12 17:50:27 um-2277 postfix/pipe[32250]: C1DE651B: to=usero@host.org, orig_to=<@host.org>, relay=spamassassin, delay=1, delays=0.07/0.01/0/0.96, dsn=2.0.0, status=sent (delivered via spamassassin service)
Insecure dependency in exec while running with -T switch at /etc/webmin/virtual-server/lookup-domain.pl line 19.
procmail: Program failure (255) of “/etc/webmin/virtual-server/lookup-domain.pl”
From ok@dom.com Fri Jun 12 17:50:27 2020
Subject: testing
Folder: /home/dom/homes/usr/Maildir/new/1591998627.32260_0.um-2277 3179
Time:1591998627 From: To: User:abc Size:3269 Dest:/home/dom/homes/mailid/Maildir/new/1591998627.32260_0.host.org Mode:None
What the hell, dude? I’ve told you several times that this not only can be done, it is the default, and I’ve told you how to do it.
1 Like
Oh dear Joe you are so wonderful and gracious. THANK YOU for your kindest support and patience. I have followed each of your tip now i have good news that i did following to resolve this matter for now [almost 95%] but there is one issue remains that i need resolve its much less risk than few days ago but slightly illogical [MAY be its a solution already]
. 1. I removed all from local.cf of etc/mail/spamassasin ei all white list banned list n header definitions.
had only basic local.cf with following text. 2. in virtual server i disabled spam + virus and when it asks do you want to delete these services - THERE i stopped and cancelled and then i RE enabled both, saved. Then i started spamassasin n its working good. Most mails that are legitim seemingly coming fine.
I give you header of a good mail to see if it is ok.
Blockquote
From - Sat Jun 13 15:33:49 2020
X-Account-Key: account23
X-UIDL: 000037305c6f4f78
X-Mozilla-Status: 0011
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-Path: dontrump@gmail.com
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on hostname.org
X-Spam-Level: *****
X-Spam-Status: No, score=5.2 required=14.0 tests=DKIM_SIGNED,DKIM_VALID,
DKIM_VALID_AU,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,HTML_MESSAGE,
RCVD_IN_AHBL,RCVD_IN_AHBL_PROXY,RCVD_IN_AHBL_RTB,RCVD_IN_AHBL_SMTP,
RCVD_IN_AHBL_SPAM,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,
RCVD_IN_WSFF,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no
version=3.4.0
Blockquote
Now i give you local.cf file key configs to see if total tolerance level will be 14+5 = 19
and if any mail above 19 it is sent to spam. Now on three places i have configured DELIVER MAIL normally under spam.
local.cf
emphasized text
required_hits 5
rewrite_header subject [SpamRisk]
report_safe 0
required_score 14.0
#report_header 1
dns_available yes
emphasized text
in past 90 minutes most mails went to inbox and about 4/5 were filtered went to dev null
i give you the procmail log entries. My question is it normal to go to dev null when we opted for deliver mail normally? I AM FINE and happy if it really really does to all real spam.
Blockquote
From marywhitehouse@gmail.com Sat Jun 13 14:03:47 2020
Subject: [SpamRisk June 14, 2020
Folder: /dev/null 146299
Time:1592082236 From:mail@flocknote.com To:whitehouse@gmail.com User:usr Size:146299 Dest:/dev/null Mode:Spam
From steep@roofdamn.icu Sat Jun 13 14:09:20 2020
Subject: [SpamRisk Stop Snoring So Everybody Get’s A Good Nights Sleep!
Folder: /dev/null 19520
Time:1592082565 From:steep@roofdamn.icu To:charity.org User:usr Size:19520 Dest:/dev/null Mode:Spam
Blockquote
Somewhere you have configured it to go to trash. So, change it to not go to trash.
1 Like
Well my feeling is that it is spamassasin tolerance rate somewhere or some kind of command. NOW the system looks much more effective than before this mishap. Interesting point is i have three places chosen spam: deliver normal.
It is either the SA> local.cf or some hidden file i presume if i write 14 require_score I thnk it adds
required_hits 5 to it. So it means any mail above 19 or may be 14 go to Mode:Spam
If that is the case we achieve what we need. Second possiblity is procmail which is most mysterious for a layman like me. NONTHELESS as it is i can not complain i will try to increase required score to 18 to allow more [spam] but if spam is too high then decrease.
Good Morning Joe. I am so grateful to you and all friends on this forum. Everyone is so good.
I realized require_score is only working and required_hits default 5 is defunct unless I am mistaken.
I am looking at old VM forums and this page with great help on config of SA
spamass config tutorial
Today i find that any mails now above require_score 14 [i used] is being rejected going to null Mode:Spam. Trust me this never worked before. Now i have configured spam : deliver all but is it possible to know which file at etc/webmin/ or … virtualserver writes this option.
It is just to know. If i see any legitimate mails going to spam then i will increment require score higher.
Don’t confuse me with all this talk of what scores you’ve chosen. I don’t care about your spam scores. 
If the problem is that spam is still being delivered to /dev/null, please just say that.
Procmail is where the decision is made, and there are exactly three locations where procmail is configured by Virtualmin/Webmin/Usermin. It is possible you have enabled others, but these are the three procmail configs in play in Virtualmin:
/etc/procmailrc - This is the main procmailrc, and the very first one every email passes through. It uses INCLUDERC=/etc/webmin/virtual-server/procmail/$VIRTUALMIN to pull in the domain-specific procmail rc.
/etc/webmin/virtual-server/procmail/<virtualmin-domain-id> - This is the second recipe the mail passes through. It is domain-specific. There is one for every domain that has email. This is where I saw delivery to /dev/null in your earlier comment, so it is probably where it still exists. This is configured per-domain.
You may also have:
/home/<domain>/homes/<user>/.procmailrc - This is the per-user procmail recipe. It would be the last things seen, if enabled. This is, I think, not enabled by default in Virtualmin systems (too complicated for end users, so we provide a simplified auto-reply an forwarding tool in Usermin and Virtualmin).
If spam is being delivered to /dev/null, you have a delivery rule in one of those files (probably the per-domain file).
1 Like
Absolutely agreed. I was just doing that to put a case as a point of reference. 
I apologize to go into super details. GOOD NEWS is that now system is as per virtualmin’s default setup and working as i notice it always works. It now filters only anything above our score n puts them in dev null but all else delivered normal. IN reality i love it as it is. I have to test now how to enable automatic white list option as it is not working by default.
To find spam going to dev null or not i will check following as you suggest. Thank you for taking your time to explain. This discussion may help many people in similar state.
This is most critical for me n most users as its what i was trying to understand. I will review now each file. I will also review
YOU are right. It is possible that despite my having configured deliver normally it may not have saved properly on one of the files.
I still could not find the exact cause of why when one selects deliver all spam still it goes to dev null.
I did all quite as virtualmin defaults. YET i think its SA that needs an optimum config.
I have resolved for now by increasing score to 14 eg n any mail above that score is going to dev null.
I need to study SA more as it has some uncommon features that are not in default. If i find i will post.
FYI Virtualmin and webmin system as is - is perfectly setup and humanly the best functionality.
Rest is upon how we configure each part.
# grep -r '/dev/null' /etc/webmin/virtual-server/procmail/
Sorry to get back late. I notice that this procmail file changes after any change but the new file saves only some parts. I had a big problem past few days as perhaps via my gmail someone broke into my paypal and amazon accts ordering big time but both were cancelled either by these sites but these wont give me any trail of the invader. Any way i had to cancel my ccard. I added two way security now on such accounts. I wish we can enter some kind of security on webmin port login page. I changed it from 10k to another no. and it works but i find that i cant login from any browser other than internet explorer, even after adding the url to accepted sites.
Security is adequate when 2FA is enabled and Fail2ban is configured to stop brute force attacks for Webmin credentials. Changing the port from 10000 to another one will not help much. Please start a new topic if you wish to discuss security further.
1 Like
Thanks Calport. I am not familiar with 2FA and dont find any good way to config of Fail2ban.
I will begin searching first and in a few days create a topic if I fail.
Appreciate your help.
This topic was automatically closed 4 days after the last reply. New replies are no longer allowed.