antispam not working?

Ask questions about your setup or get help installing ZCS server (ZD section below).
marcmac
Elite member
Elite member
Posts: 2091
Joined: Fri Sep 12, 2014 9:53 pm

antispam not working?

Post by marcmac »

this header is blank because the score was 0. Usually it's a list of '*' characters, one for each point of spam score - so if your spam level is 3, it would be '***'.
The version problem means we're finding another set of SA config files, which means you've probably got it installed somewhere. If that's the case, you can search the forums for workarounds, it's been covered.
As for the password issue - try sh -x bin/zmtrainsa ... to make sure it's doing the right thing.
Also, if you've got any special characters in your username or password, pass them in single quotes: zmtrainsa localhost 'user' 'pass' etc...
marcmac
Elite member
Elite member
Posts: 2091
Joined: Fri Sep 12, 2014 9:53 pm

antispam not working?

Post by marcmac »

You can set sa_debug to 1 in amavisd.conf.in, and change the log_level to 5 (same file) then restart amavis, and tail /var/log/zimbra.log - that may log something useful...
unilogic
Advanced member
Advanced member
Posts: 51
Joined: Fri Sep 12, 2014 10:01 pm

antispam not working?

Post by unilogic »

Marcmac, It finds the SA files that are installed with zimbra. They seem to be from an older version then what the current install of SA is. It should be noted to be fixed for the next release for FC4.
-Ben
moebis
Posts: 35
Joined: Fri Sep 12, 2014 10:01 pm

antispam not working?

Post by moebis »

tailed the log, restarted amavisd and... well, sorry for what follows:
Dec 3 21:37:33 office amavis[6045]: Net::Server: 2005/12/03-21:37:33 Server closing!

Dec 3 21:37:33 office amavis[20145]: (20145-03) SMTP shutdown: empty tempdir is being removed: /opt/zimbra/amavisd/tmp/amavis-20051203T203403-20145

Dec 3 21:37:33 office amavis[7276]: (07276-01) SMTP shutdown: empty tempdir is being removed: /opt/zimbra/amavisd/tmp/amavis-20051203T211801-07276

Dec 3 21:37:33 office amavis[8314]: (08314-02) SMTP shutdown: empty tempdir is being removed: /opt/zimbra/amavisd/tmp/amavis-20051203T211729-08314

Dec 3 21:37:33 office amavis[24817]: (24817-08) SMTP shutdown: empty tempdir is being removed: /opt/zimbra/amavisd/tmp/amavis-20051203T151305-24817

Dec 3 21:37:33 office amavis[22608]: (22608-08) SMTP shutdown: empty tempdir is being removed: /opt/zimbra/amavisd/tmp/amavis-20051203T143846-22608

Dec 3 21:37:40 office amavis[19160]: starting. /opt/zimbra/amavisd/sbin/amavisd at office.zangani.com amavisd-new-2.3.1 (20050509), Unicode aware, LANG=en_US.UTF-8

Dec 3 21:37:40 office amavis[19160]: user=501, EUID: 501 (501); group=, EGID: 501 502 501 5 (501 502 501 5)

Dec 3 21:37:40 office amavis[19160]: Perl version 5.008006

Dec 3 21:37:40 office amavis[19160]: INFO: no optional modules: Sys::Hostname::Long Mail::SPF::Query Razor2::Client::Agent Net::CIDR::Lite

Dec 3 21:37:40 office amavis[19161]: Net::Server: Process Backgrounded

Dec 3 21:37:40 office amavis[19161]: Net::Server: 2005/12/03-21:37:40 Amavis (type Net::Server::PreForkSimple) starting! pid(19161)

Dec 3 21:37:40 office amavis[19161]: Net::Server: Binding to TCP port 10024 on host 127.0.0.1

Dec 3 21:37:40 office amavis[19161]: Net::Server: Group Not Defined. Defaulting to EGID '501 502 501 5'

Dec 3 21:37:40 office amavis[19161]: Net::Server: User Not Defined. Defaulting to EUID '501'

Dec 3 21:37:40 office amavis[19161]: Module Amavis::Conf 2.038

Dec 3 21:37:40 office amavis[19161]: Module Archive::Tar 1.26

Dec 3 21:37:40 office amavis[19161]: Module Archive::Zip 1.16

Dec 3 21:37:40 office amavis[19161]: Module BerkeleyDB 0.27

Dec 3 21:37:40 office amavis[19161]: Module Compress::Zlib 1.41

Dec 3 21:37:40 office amavis[19161]: Module Convert::TNEF 0.17

Dec 3 21:37:40 office amavis[19161]: Module Convert::UUlib 1.051

Dec 3 21:37:40 office amavis[19161]: Module DBD::mysql 3.0002

Dec 3 21:37:40 office amavis[19161]: Module DBI 1.48

Dec 3 21:37:40 office amavis[19161]: Module DB_File 1.810

Dec 3 21:37:40 office amavis[19161]: Module MIME::Entity 5.418

Dec 3 21:37:40 office amavis[19161]: Module MIME::Parser 5.418

Dec 3 21:37:40 office amavis[19161]: Module MIME::Tools 5.418

Dec 3 21:37:40 office amavis[19161]: Module Mail::Header 1.67

Dec 3 21:37:40 office amavis[19161]: Module Mail::Internet 1.67

Dec 3 21:37:40 office amavis[19161]: Module Mail::SpamAssassin 3.001000

Dec 3 21:37:40 office amavis[19161]: Module Net::Cmd 2.26

Dec 3 21:37:40 office amavis[19161]: Module Net::DNS 0.53

Dec 3 21:37:40 office amavis[19161]: Module Net::LDAP 0.33

Dec 3 21:37:40 office amavis[19161]: Module Net::SMTP 2.29

Dec 3 21:37:40 office amavis[19161]: Module Net::Server 0.88

Dec 3 21:37:40 office amavis[19161]: Module Time::HiRes 1.82

Dec 3 21:37:40 office amavis[19161]: Module Unix::Syslog 0.99

Dec 3 21:37:40 office amavis[19161]: Amavis::DB code loaded

Dec 3 21:37:40 office amavis[19161]: Amavis::Cache code loaded

Dec 3 21:37:40 office amavis[19161]: SQL base code NOT loaded

Dec 3 21:37:40 office amavis[19161]: SQL::Log code NOT loaded

Dec 3 21:37:40 office amavis[19161]: SQL::Quarantine NOT loaded

Dec 3 21:37:40 office amavis[19161]: Lookup::SQL code NOT loaded

Dec 3 21:37:40 office amavis[19161]: Lookup::LDAP code loaded

Dec 3 21:37:40 office amavis[19161]: AM.PDP prot code NOT loaded

Dec 3 21:37:40 office amavis[19161]: SMTP-in prot code loaded

Dec 3 21:37:40 office amavis[19161]: ANTI-VIRUS code loaded

Dec 3 21:37:40 office amavis[19161]: ANTI-SPAM code loaded

Dec 3 21:37:40 office amavis[19161]: Unpackers code loaded

Dec 3 21:37:40 office amavis[19161]: Found $file at /usr/bin/file

Dec 3 21:37:40 office amavis[19161]: No $dspam, not using it

Dec 3 21:37:40 office amavis[19161]: Internal decoder for .mail

Dec 3 21:37:40 office amavis[19161]: Internal decoder for .asc

Dec 3 21:37:40 office amavis[19161]: Internal decoder for .uue

Dec 3 21:37:40 office amavis[19161]: Internal decoder for .hqx

Dec 3 21:37:41 office amavis[19161]: Internal decoder for .ync

Dec 3 21:37:41 office amavis[19161]: No decoder for .F tried: unfreeze, freeze -d, melt, fcat

Dec 3 21:37:41 office amavis[19161]: Found decoder for .Z at /usr/bin/gzip -d

Dec 3 21:37:41 office amavis[19161]: Internal decoder for .gz

Dec 3 21:37:41 office amavis[19161]: Found decoder for .gz at /usr/bin/gzip -d (backup, not used)

Dec 3 21:37:41 office amavis[19161]: Found decoder for .bz2 at /usr/bin/bzip2 -d

Dec 3 21:37:41 office amavis[19161]: No decoder for .lzo tried: lzop -d

Dec 3 21:37:41 office amavis[19161]: Found decoder for .rpm at /usr/bin/rpm2cpio

Dec 3 21:37:41 office amavis[19161]: Found decoder for .cpio at /usr/bin/pax

Dec 3 21:37:41 office amavis[19161]: Found decoder for .tar at /usr/bin/pax

Dec 3 21:37:41 office amavis[19161]: Internal decoder for .tar (backup, not used)

Dec 3 21:37:41 office amavis[19161]: Found decoder for .deb at /usr/bin/ar

Dec 3 21:37:41 office amavis[19161]: Internal decoder for .zip

Dec 3 21:37:41 office amavis[19161]: No decoder for .rar tried: rar, unrar

Dec 3 21:37:41 office amavis[19161]: No decoder for .arj tried: arj, unarj

Dec 3 21:37:41 office amavis[19161]: No decoder for .arc tried: nomarch, arc

Dec 3 21:37:41 office amavis[19161]: No decoder for .zoo tried: zoo

Dec 3 21:37:41 office amavis[19161]: Found decoder for .lha at /usr/bin/lha

Dec 3 21:37:41 office amavis[19161]: No decoder for .cab tried: cabextract

Dec 3 21:37:41 office amavis[19161]: No decoder for .tnef tried: tnef

Dec 3 21:37:41 office amavis[19161]: Internal decoder for .tnef

Dec 3 21:37:41 office amavis[19161]: Found decoder for .exe at /usr/bin/lha

Dec 3 21:37:41 office amavis[19161]: Using internal av scanner code for (primary) ClamAV-clamd

Dec 3 21:37:41 office amavis[19161]: No primary av scanner: KasperskyLab AVP - aveclient

Dec 3 21:37:41 office amavis[19161]: No primary av scanner: KasperskyLab AntiViral Toolkit Pro (AVP)

Dec 3 21:37:41 office amavis[19161]: No primary av scanner: KasperskyLab AVPDaemonClient

Dec 3 21:37:41 office amavis[19161]: No primary av scanner: CentralCommand Vexira (new) vascan

Dec 3 21:37:41 office amavis[19161]: No primary av scanner: H+BEDV AntiVir or the (old) CentralCommand Vexira Antivirus

Dec 3 21:37:41 office amavis[19161]: No primary av scanner: Command AntiVirus for Linux

Dec 3 21:37:41 office amavis[19161]: No primary av scanner: Symantec CarrierScan via Symantec CommandLineScanner

Dec 3 21:37:41 office amavis[19161]: No primary av scanner: Symantec AntiVirus Scan Engine

Dec 3 21:37:41 office amavis[19161]: No primary av scanner: F-Secure Antivirus

Dec 3 21:37:41 office amavis[19161]: No primary av scanner: CAI InoculateIT

Dec 3 21:37:41 office amavis[19161]: No primary av scanner: CAI eTrust Antivirus

Dec 3 21:37:41 office amavis[19161]: No primary av scanner: MkS_Vir for Linux (beta)

Dec 3 21:37:41 office amavis[19161]: No primary av scanner: MkS_Vir daemon

Dec 3 21:37:41 office amavis[19161]: No primary av scanner: ESET Software NOD32

Dec 3 21:37:41 office amavis[19161]: No primary av scanner: ESET Software NOD32 - Client/Server Version

Dec 3 21:37:41 office amavis[19161]: No primary av scanner: Norman Virus Control v5 / Linux

Dec 3 21:37:41 office amavis[19161]: No primary av scanner: Panda Antivirus for Linux

Dec 3 21:37:41 office amavis[19161]: No primary av scanner: NAI McAfee AntiVirus (uvscan)

Dec 3 21:37:41 office amavis[19161]: No primary av scanner: VirusBuster

Dec 3 21:37:41 office amavis[19161]: No primary av scanner: CyberSoft VFind

Dec 3 21:37:41 office amavis[19161]: No primary av scanner: Ikarus AntiVirus for Linux

Dec 3 21:37:41 office amavis[19161]: No primary av scanner: BitDefender

Dec 3 21:37:41 office amavis[19161]: No secondary av scanner: ClamAV-clamscan

Dec 3 21:37:41 office amavis[19161]: No secondary av scanner: FRISK F-Prot Antivirus

Dec 3 21:37:41 office amavis[19161]: No secondary av scanner: Trend Micro FileScanner

Dec 3 21:37:41 office amavis[19161]: No secondary av scanner: drweb - DrWeb Antivirus

Dec 3 21:37:41 office amavis[19161]: No secondary av scanner: KasperskyLab kavscanner

Dec 3 21:37:41 office amavis[19161]: Creating db in /opt/zimbra/amavisd/db/; BerkeleyDB 0.27, libdb 4.2

Dec 3 21:37:42 office amavis[19161]: SpamControl: initializing Mail::SpamAssassin

Dec 3 21:37:44 office amavis[19161]: SpamControl: done
...what am I looking for? I see several things are "NOT LOADED".
moebis
Posts: 35
Joined: Fri Sep 12, 2014 10:01 pm

antispam not working?

Post by moebis »

[quote user="unilogic"]It finds the SA files that are installed with zimbra. They seem to be from an older version then what the current install of SA is. It should be noted to be fixed for the next release for FC4.
-Ben[/QUOTE]
Ben,
Thanks, I found your post and it worked to fix the version problem. (See first page of this post, you may have missed it). But since you're running FC4 have you been successful at capturing any spam? I haven't. If so, did you apply any other kind of fix? BTW, Thanks for the Parser.pm hack! Good work.
-Carl
moebis
Posts: 35
Joined: Fri Sep 12, 2014 10:01 pm

antispam not working?

Post by moebis »

Never thought I would say I was happy to see spam come into my Junk box, but it just did. Ran another test using the word v1agra from my gmail, and it caught it:
X-Virus-Scanned: amavisd-new at

X-Spam-Status: Yes, hits=2.898 tagged_above=-10 required=2 autolearn=no

tests=[BAYES_80=2, DRUGS_ERECTILE=0.216, HTML_20_30=0.226,

HTML_SHORT_LENGTH=0.389, RCVD_BY_IP=0.067]

X-Spam-Level: **

X-Spam-Flag: YES
------=_Part_12253_19545274.1133665296514

Content-Type: text/plain; charset=ISO-8859-1

Content-Transfer-Encoding: quoted-printable

Content-Disposition: inline
viagra v1agra
.....I realized the fix must have been from unilogic but it didn't implement until I restarted amavisd using marcmac's instructions to tail the log. Ok this is great, thanks for all your help guys!! Especially marcmac and unilogic. Last question, how can I get autolearn to turn on?
Lesson learned: the spamassassin scanner was failing in the FC4 build because of the wrong version number, and editing the Parser.pm to trick the version number fixes both scanning and zmtrainsa problems.
unilogic
Advanced member
Advanced member
Posts: 51
Joined: Fri Sep 12, 2014 10:01 pm

antispam not working?

Post by unilogic »

Use zmamavisdctl to stop amavis

Then run:

/opt/zimbra/amavisd/sbin/amavisd -c /opt/zimbra/conf/amavisd.conf debug

Send an email through to one of your zimbra accounts. Scroll a way up and it will show all the tests being run and the score being tallied up. There are a quite of errors because amavis looks for a number of tests that aren't installed they are as follows:

rules: failed to run HABEAS_USER RBL test, skipping:

(Can't locate object method "check_rbl_swe" via package "Mail::SpamAssassin::PerMsgStatus" at /opt/zimbra/zimbramon/lib/Mail/SpamAssassin/PerMsgStatus.pm line 2647, line 86.

)

rules: failed to run HABEAS_INFRINGER RBL test, skipping:

(Can't locate object method "check_rbl_swe" via package "Mail::SpamAssassin::PerMsgStatus" at /opt/zimbra/zimbramon/lib/Mail/SpamAssassin/PerMsgStatus.pm line 2647, line 86.

)

rules: failed to run HEAD_LONG test, skipping:

(Can't locate object method "check_for_long_header" via package "Mail::SpamAssassin::PerMsgStatus" at /opt/zimbra/zimbramon/lib/Mail/SpamAssassin/PerMsgStatus.pm line 2581, line 86.

)

rules: failed to run __HABEAS_SWE test, skipping:

(Can't locate object method "message_is_habeas_swe" via package "Mail::SpamAssassin::PerMsgStatus" at /opt/zimbra/zimbramon/lib/Mail/SpamAssassin/PerMsgStatus.pm line 2581, line 86.

)

rules: failed to run UNWANTED_LANGUAGE_BODY test, skipping:

(Can't locate object method "check_language" via package "Mail::SpamAssassin::PerMsgStatus" at /opt/zimbra/zimbramon/lib/Mail/SpamAssassin/PerMsgStatus.pm line 2581.

)

rules: failed to run RAZOR2_CF_RANGE_51_100 test, skipping:

(Can't locate object method "check_razor2_range" via package "Mail::SpamAssassin::PerMsgStatus" at /opt/zimbra/zimbramon/lib/Mail/SpamAssassin/PerMsgStatus.pm line 2581.

)

rules: failed to run BODY_8BITS test, skipping:

(Can't locate object method "check_for_body_8bits" via package "Mail::SpamAssassin::PerMsgStatus" at /opt/zimbra/zimbramon/lib/Mail/SpamAssassin/PerMsgStatus.pm line 2581.

)

rules: failed to run RAZOR2_CHECK test, skipping:

(Can't locate object method "check_razor2" via package "Mail::SpamAssassin::PerMsgStatus" at /opt/zimbra/zimbramon/lib/Mail/SpamAssassin/PerMsgStatus.pm line 2581.

)

rules: failed to run PYZOR_CHECK test, skipping:

(Can't locate object method "check_pyzor" via package "Mail::SpamAssassin::PerMsgStatus" at /opt/zimbra/zimbramon/lib/Mail/SpamAssassin/PerMsgStatus.pm line 2581.

)

rules: failed to run DCC_CHECK test, skipping:

(Can't locate object method "check_dcc" via package "Mail::SpamAssassin::PerMsgStatus" at /opt/zimbra/zimbramon/lib/Mail/SpamAssassin/PerMsgStatus.pm line 2581.

)

rules: failed to run AWL test, skipping:

(Can't locate object method "check_from_in_auto_whitelist" via package "Mail::SpamAssassin::PerMsgStatus" at /opt/zimbra/zimbramon/lib/Mail/SpamAssassin/PerMsgStatus.pm line 2581.

)
Edit: Why is AWL not installed in M2 as it was in M1? At least its not in the FC4 release.
Thats normal behavour. Also these errors are normal:

Dec 3 21:54:19 blazer /opt/zimbra/amavisd/sbin/amavisd[28865]: (28865-01) lookup_ldap_attr(amavisspamkilllevel) (WARN: no such attribute in LDAP entry), "unilogic@changeddomain.com" result=undef
You may be not just sending spammy enough spam emails for it to catch it. I'm catching spam with Bayes pretty well now. It took a little training to get it to start showing the test. I also am using dspam to run checks. An exmaple of one of my headers:
X-DSPAM-Result: Innocent

X-DSPAM-Processed: Sat Dec 3 21:47:43 2005

X-DSPAM-Confidence: 0.5790

X-DSPAM-Probability: 0.0000

X-DSPAM-Signature: 439258cf282349475511296

X-DSPAM-Factors: 27,

X-Virus-Scanned: amavisd-new at

X-Spam-Status: No, hits=-0.451 tagged_above=-10 required=2 autolearn=no

tests=[BAYES_20=-1.951, DSPAM_HAM=-0.1, NO_DNS_FOR_FROM=1.6]

X-Spam-Level:


The dspam install guide is here: http://www.zimbra.com/forums/showthread ... ight=dspam

If you want to use it, you need to train dspam also. Look on the last pages and you'll see my two ways of training Dspam. Also all the decoders not loaded are due to not having certain archivers installed. Just install the appropriate ones like unrar and such and those error will go away. As far as other patches I'm pretty sure I havn't made any. You have enabled antispam, and antivirus in Global Settings of the Web Admin UI? Other then this, I think you should have everything working.
-Ben
Edit: Also the autolearn is the header I beleive correct me if I'm wrong, just tell you if that spam was used to teach SA Bayes, it doesn't mean if its enabled or not. It is by default. It doesn't use every message. It just uses messages that are interesting to it. IE, deffinatly spam or deffinatly ham and nothing like that messages has been databased yet.
-Ben
Edit2: For the version mismatch someone should actually figure out how to fix that properly. My fix only makes SA ignore that the config files are from a different version.
-Ben
Post Reply