Spamassassin (via procmail) is not checking for Spam, Viruses

virtuminprof · June 2, 2023, 1:11pm

I have enabled spam and virus checking but messages do not get checked. The SA headers do not show up.

I have enabled spam checking for the server and user.
Globally I enabled SpamAssassin Server and ClamAV Server

It seems /etc/procmailrc does not enter the domain specific procmailrc in /etc/webmin/virtual-server/procmail/ folder

Help on fixing this is highly appreciated

SYSTEM INFORMATION
OS type and version	Debian Linux 10
Webmin version	2.021
Virtualmin version	7.7 Pro
Related packages	SUGGESTED

virtuminprof · June 3, 2023, 1:39pm

I have done some fiddling around with logging in procmailrc and found it may have to do with: “< /dev/null” needed for lookup-domain.pl . Variable VIRTUALMIN is never assigned.
@staff Is there a way to overcome this error?

:0 wi
VIRTUALMIN=|/etc/webmin/virtual-server/lookup-domain.pl $LOGNAME < /dev/null
EXITCODE=$?
:0 wi
* RESULT=|logger --tag ‘pm’ --stderr “ln:${LOGNAME}, vm:${VIRTUALMIN}”
:0
* ?/usr/bin/test “$EXITCODE” = “73”

Adrie

Jamie · June 3, 2023, 5:45pm

Does anything useful get logged to /var/log/procmail.log when you receive email?

virtuminprof · June 3, 2023, 6:57pm

It showed that VIRTUALMIN did not get an id assigned.

I have put a shell wrapper around lookup-domain.pl to overcome the use of the redirect of stdin and lo-and-behold now virtualmin id’s are visible for LOGNAME’s with spanscanning enabled.

wrapper: /usr/local/bin/lookup-domain.sh

#!/bin/sh

exec /etc/webmin/virtual-server/lookup-domain.pl "$@" </dev/null

Modified procmailrc

VIRTUALMIN=|/usr/local/bin/lookup-domain.sh $LOGNAME
---
VIRTUALMIN=|/etc/webmin/virtual-server/lookup-domain.pl $LOGNAME < /dev/null

logs in procmail.log

<13>Jun  3 19:55:59 pm: ln:post-rcan.nl, vm:151351812522082
From bounce+0945cd.01f960-virtuminprof=rcan.nl@forum.virtualmin.com  Sat Jun  3 19:55:57 2023
 Subject: Spamassassin (via procmail) is not checking for Spam, Viruses
  Folder: /usr/lib/dovecot/deliver                                         7484
Time:1685814960 From:noreply@forum.virtualmin.com To:virtuminprof@rcan.nl User:post-rcan.nl Size:7484 Dest:/usr/lib/dovecot/deliver Mode:None

Joe · June 3, 2023, 7:29pm

Why is Dovecot’s LDA showing up in this?

Jamie · June 3, 2023, 8:07pm

It’s odd that the </dev/null is needed, because the lookup-domain command really does need to take the email as input in order to check the total size and potentially reject the message if the user is over quota.

Unless perhaps in your case the recipient is running out of quota??

virtuminprof · June 4, 2023, 8:40am

The < /dev/null was there already, not added by me.
When I run lookup-domain.pl from the shell it waits for input from stdin and entering Ctl-d or adding < /dev/null is needed.

Feeding the e-mail to lookup-domain.pl seems odd to me for a lookup-domain function (?).

Anyway, are you suggesting I remove < /dev/null ?

PS. No the recipient are not running out of quota.

virtuminprof · June 4, 2023, 10:21am

Interesting question.

It does help to see what is processed at delivery

Jamie · June 4, 2023, 5:39pm

The </dev/null shouldn’t be needed in /etc/procmailrc , and Virtualmin doesn’t add it. The line should be something like :

VIRTUALMIN=|/etc/webmin/virtual-server/lookup-domain.pl --exitcode 73 $LOGNAME

The lookup-domain command actually does more than looking up a domain, which is why it needs the email as input (which Procmail provides).

virtuminprof · June 5, 2023, 9:15pm

Jamie, thanks for your input. That is working fine.

Which is popping up another question, because few messages are captured. To help scanning I forward messages to spamtrap@

Will this do or should I feed it differently to that address?

Jamie · June 6, 2023, 2:04am

No, forwarding to that address is fine!

virtuminprof · June 6, 2023, 7:42pm

That’s nice.

Is there any logs of the workings of the spam-/hamtrap ? The sa-learn dump does not increment counters of nspam or nham the n I feed junk.
If I execute sa-learn from the shell I can see it incrementing nspam counter.

Jamie · June 8, 2023, 5:46am

You can run the spamtrap processor in debug mode by running /etc/webmin/virtual-server/spamtrap.pl --debug as root

virtuminprof · June 8, 2023, 6:36am

Thanks.

I looked at it and I think it is not executing it well.
The logs show that sa-learn is considering the address I forward the message from and the recipient : spamtrap@, not the original sender and recipient.
It indicates that the message is learnt as spam but I doubt it means the original message. I als forwarded as attachment but that looks similar.

Jamie · June 9, 2023, 4:50am

How did you do the forwarding exactly? The issue might be that we’re not extracting the original address from forwarded emails correctly…

virtuminprof · June 9, 2023, 8:49am

I forward the message via the IOS or macOS Mail client. The latter I tried forwarding as attachment but that did not change behaviour.

It would be nice to have a folder watched by sa-learn to drag spam to.

Jamie · June 10, 2023, 12:04am

Can you post the logs you’re getting from spamtrap.pl that show the wrong address?

virtuminprof · June 10, 2023, 9:07am

Sent you with DM

system · August 9, 2023, 9:08am

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.