RT+SpamAssassin+Procmail problem

Hi, I found Phil Homewood’s implementation of SpamAssassin interesting
and gave it a shot.

http://www.riverside.org/archive/html/rt-users/2002-06/msg00265.html

Unfortunately, in /etc/procmailrcs/rt, when i use spamassassin -c, all
the mail goes to the spam folder. When I change this to spamc and
restart the daemon, all the mail goes through the filter and into my
folder. Can someone please tell me what I’m doing wrong?

Rule 016 � A deal is a deal. (until a better one comes along).

Rene L. Pongco Jr. wrote:

http://www.riverside.org/archive/html/rt-users/2002-06/msg00265.html

Unfortunately, in /etc/procmailrcs/rt, when i use spamassassin -c, all
the mail goes to the spam folder.

“spamassassin -c” is not a valid spamassassin command line. The "-c"
means “config file”, and is deprecated…

When I change this to spamc and restart the daemon,

(what daemon? spamd?)

all the mail goes through the filter and into my
folder. Can someone please tell me what I’m doing wrong?

is spamd running? What “folder” are you referring to? Are any
"X-Spam-*" headers present at all? Did you obey the following:

  • The user running spamassassin (I chose the MTA’s "mailnull"
    user) must have (or have permission to create) a .spamassassin
    directory under his home dir. This was the only roadblock I
    hit (as spamassasin’s “spamc” silently does nothing if this is
    not the case.)

    Under FreeBSD:
    mkdir -p ~mailnull/.spamassassin
    chown mailnull ~mailnull/.spamassassin

    (other OSs will be similar.)

?

�|� http://www.bestpractical.com/rt – Trouble Ticketing. Free.

> When I change this to spamc and restart the daemon,(what daemon? spamd?)

is spamd running? What "folder" are you referring to? Are any
"X-Spam-*" headers present at all? Did you obey the following:

* The user running spamassassin (I chose the MTA's "mailnull"
  user) must have (or have permission to create) a .spamassassin
  directory under his home dir. This was the only roadblock I
  hit (as spamassasin's "spamc" silently does nothing if this is
  not the case.)

  Under FreeBSD:
        mkdir -p ~mailnull/.spamassassin
        chown mailnull ~mailnull/.spamassassin

  (other OSs will be similar.)

?

Yes, I'm using a spamc/spamd setup and i'm pretty sure spamd is running. 
Right now, my /etc/procmailrcs/rt has a line that says:

:0cw
| /usr/local/bin/spamc

spamc returns a 1 or 0 output right? Should I change this to /usr/local/bin/spamassassin?
The mail which goes through the test folder does not have any spam-marking headers. 
How do I find out which user is running spamd? I assumed that it was my mail delivery agent 
(postfix) so I gave postman permission to write on its .spamassassin folder. Is this correct? 
I also made one for root just in case I was mistaken.
Rule 260 » Life's not fair. How else would you turn a profit?

Rene L. Pongco Jr. said:

Yes, I’m using a spamc/spamd setup and i’m pretty sure spamd is running.
Right now, my /etc/procmailrcs/rt has a line that says:

:0cw
| /usr/local/bin/spamc

Ah! Here’s the rub.

This just passes email through the spamc filter for flagging.

You want to actually filter after this:

:0:

  • X-Spam-Status:.[Yes*]
    SPAM

Or something similar, to filter the spam out of the inbox.

spamc returns a 1 or 0 output right? Should I change this to
/usr/local/bin/spamassassin? The mail which goes through the test folder
does not have any spam-marking headers. How do I find out which user is
running spamd? I assumed that it was my mail delivery agent (postfix)
so I gave postman permission to write on its .spamassassin folder. Is
this correct? I also made one for root just in case I was mistaken.

Spamd should be running with the amavis user, whichever that is–usually
vscan (if running uvscan). To find out if it’s even running:

(this is what I’d do on FreeBSD)
ps -awwux | grep spam

See if it’s in the list. If not, then the daemon isn’t running, and maybe
you should check to see what’s going on with spamassassin.

Glenn
The original portions of this message are the copyright of the author
©1998-2002 Glenn E. Sieb. ICQ UIN: 300395 IRC Nick: Rainbear
"All acts of Love and Pleasure are Her rituals"-Charge of the Goddess

Folks,

Here’s a possible alternative for those of you who have SpamAssassin running
and injecting X-Spam-Status headers without procmail. I just hacked
rt-mailgate to inject mail into my ‘spam’ queue directly. (see below)

Phil, do you work for BestPractical now? Your .sig caught my attention :wink:

-Darren

— rt-mailgate.orig Sat Feb 22 22:14:05 2003
+++ rt-mailgate Sun Feb 23 13:58:15 2003
@@ -56,6 +56,7 @@
my ($Verbose, $ReturnTid, $Debug);
my ($From, $TicketId, $Subject,$SquelchReplies);
my ($status, $msg);
+my ($SpamHeader,$spam);

{{{ parse commandline

@@ -113,6 +114,10 @@
$Subject = $head->get(‘Subject’) || “[no subject]”;
chomp $Subject;

+#Check SPAM status
+$SpamHeader = $head->get(‘X-Spam-Status’) || “No”;
+$Queue = “spam” if ($SpamHeader =~ /Yes/s);

Get the ticket ID unless it’s already set

$TicketId = ParseTicketId($Subject) unless ($TicketId);

Actually, it’s a small bit rubbier. The flags to the procmail rule indicate
that the message should be copied to the spamc program, not filtered by it.
The correct recipe is:

:0fw
| /usr/local/bin/spamc

Then you also need to examine the filtered message headers as you pointed
out.

Mark----- Original Message -----
From: “Glenn Sieb” ges+lists@wingfoot.org
To: pongco@infophil.com; rt-users@lists.fsck.com
Sent: Tuesday, February 25, 2003 12:11 PM
Subject: Re: [rt-users] RT+SpamAssassin+Procmail problem

Rene L. Pongco Jr. said:

Yes, I’m using a spamc/spamd setup and i’m pretty sure spamd is running.
Right now, my /etc/procmailrcs/rt has a line that says:

:0cw
| /usr/local/bin/spamc

Ah! Here’s the rub.

This just passes email through the spamc filter for flagging.

You want to actually filter after this:

:0:

  • X-Spam-Status:.[Yes*]
    SPAM

I have had great success with procmail and the following:
:0fw
| /usr/local/bin/spamassassin -P

:0

  • ^X-Spam-Status: Yes
    ! root

Or you could send it to a “spam” queue if you get many false hits… But I
hardly ever get false hits.

-JamieFrom: rt-users-admin@lists.fsck.com
[mailto:rt-users-admin@lists.fsck.com]On Behalf Of Mark D. Nagel
Sent: Tuesday, February 25, 2003 3:18 PM
To: rt-users@pallas.eruditorum.org
Subject: Re: [rt-users] RT+SpamAssassin+Procmail problem

Actually, it’s a small bit rubbier. The flags to the procmail rule indicate
that the message should be copied to the spamc program, not filtered by it.
The correct recipe is:

:0fw
| /usr/local/bin/spamc

Then you also need to examine the filtered message headers as you pointed
out.

Mark

Thanks for the “ps -awwux | grep spam” hint. The spamd is run by root and
root has an existing writable .spamassassin folder.

For the procmail recipes, I’d like to clarify on this. Here is my /etc/procmailrc
which uses spamassassin:

:0fw

  • < 256000

| spamc

:0:

  • ^X-Spam-Status: Yes

/dev/null

This works for the mailboxes but unfortunately not for RT. The mail for RT
jumps this filter since

from /etc/aliases it gets piped to the rt-mailgate program. So I modified
my entries for rt_user

in /etc/aliases to look like this:

my_rt-user: “|/usr/bin/procmail -m /etc/procmailrcs/rt
support correspond”

And this is my complete text for /etc/procmailrcs/rt:

:0fw

| /usr/bin/formail -i “X-RT-Queue: $1”

:0cw

| /usr/local/bin/spamc

:0aw

| /opt/rt2_ss/bin/rt-mailgate --queue $1 --action $2

:0w

| /opt/rt2_ss/bin/rt-mailgate --queue spam --action $2

The problem is it always returns a success for the spamc line, so the mail
never gets delivered to the spam folder.

-- 
Rule 028 » Whisper your way to success.

I also checked my logs. When I look at my /var/log/procmail.log, i see this:

procmail: Executing “/usr/bin/formail,-i,X-RT-Queue: support”

procmail: Executing “/usr/local/bin/spamc,-c”

procmail: Program failure (74) of “/usr/local/bin/spamc”

procmail: Assigning “LASTFOLDER=/usr/local/bin/spamc -c”

procmail: Executing “/opt/rt2_ss/bin/rt-mailgate,–queue,spam,–action,correspond”

There’s also a corrsponding entry in /var/log/maillog

Feb 27 07:18:29 procmail[25150]: Denying special privileges for
"/etc/procmailrcs/rt"

The “Denying special privileges” error is in the procmailrc man page. Is
it just a permission problem? Can somebody help me figure out what is going
on?

>And this is my complete text for /etc/procmailrcs/rt:

>

>:0fw

>| /usr/bin/formail -i “X-RT-Queue: $1”

>

>:0cw

>| /usr/local/bin/spamc -c

>

>:0aw

>| /opt/rt2_ss/bin/rt-mailgate --queue $1 --action $2

>

>:0w

>| /opt/rt2_ss/bin/rt-mailgate --queue spam --action $2

>

> The problem is it always returns a success for the spamc line, so the
mail never gets delivered to the spam folder.

-- 
Rule 266 » When in doubt, lie.

There’s also a corrsponding entry in /var/log/maillog

Feb 27 07:18:29 procmail[25150]: Denying special privileges for
"/etc/procmailrcs/rt"

You want to have, at a minimum, of root:root 755 for /etc/procmailrcs/ ,
and rt:rt 444 for /etc/procmailrcs/rt . Procmail will complain if it
thinks that the file could have been tampered with (eg, group writable
etc).

                         Bruce Campbell                            RIPE
               Systems/Network Engineer                             NCC
             www.ripe.net - PGP562C8B1B             Operations/Security