Pardon me if much of this has been covered in the past. I have browsed the archives but could find nothing that seemed to addres my rather basic questions.
First some background, though my question may be somewhat basic, myt setup is not. I have inherited a system that is running postfix, clamd, spamd and amavisd on one system (mx1) receiving and sending mail for clients with mail boxes on a second system (ms1) which is running courier-imap and spamd. Both systems are running SLES 9 and spamassassin 3.0.4. My /etc/syslog.conf entries for mail look like this on both systems: mail.* -/var/log/mail mail.info -/var/log/mail.info mail.warning -/var/log/mail.warn mail.err /var/log/mail.err and mx1 has the additional line: local5.*; -/var/log/spamassassin Thes files are created and update regularly so spamassassin is usint them, but according to various sources I have found the analysis of these files should depend on the existence of lines with the text 'identified spam' and I cannot even find the word 'identified' in the files. Studying the .Spam directories on ms1 confirms that spam is being detected. In fact, based on a study of the rules I have created a mail that caught on many tests. When I send this mail (from an external address) to my internal address it is, correctly, identified as spam and diverted to my spam folder. This is good, but.... If I then forward this file to a colleague or friend my smtp server does not detect it as spam and happily forwards it. This is bad. Also, if I send myself a message that I believe is spam and manually move it to my spam folder spamassassin does not learn from this. The contents of /etc/mail/spamassassin/local.cf on ms1 are: rewrite_header Subject *****Assumed SPAM***** report_safe 1 required_hits 5.0 use_bayes 1 bayes_auto_learn 1 bayes_ignore_header X-Spam-Level bayes_min_spam_num 1 bayes_path /var/spool/amavis/.spamassassin/bayes and on mx1 are: required_hits 5.0 rewrite_header Subject *****SPAM***** report_safe 1 use_bayes 1 bayes_path = /var/spool/amavis/.spamassassin/bayes bayes_auto_learn 1 skip_rbl_checks 0 use_razor2 1 use_dcc 1 use_pyzor 0 ok_languages en ok_locales en bayes_ignore_header X-purgate bayes_ignore_header X-purgate-ID bayes_ignore_header X-purgate-Ad bayes_ignore_header X-GMX-Antispam bayes_ignore_header X-Antispam bayes_ignore_header X-Spamcount bayes_ignore_header X-Spamsensitivity Though I must admit that this system's /var/log/spamassassin reports: Aug 8 04:57:35 mx1 spamd[13149]: debug: Razor2 is not available Aug 8 04:57:35 mx1 spamd[13149]: debug: DCCifd is not available: no r/w dccifd socket found. Aug 8 04:57:35 mx1 spamd[13149]: debug: DCC is not available: no executable dccproc found. So I am not sure how valid these settigns are, as I said I inherited this system. At least this seems to confirm that I am looking at the correct configuration file. The configuration files for the actual rules appear to be OK, it is after all stopping some spam coming in that I created based on the contents of these rules. My situation is complicated by the fact that there is no working test system at this location so I am torn between devoting time to investigating our spam problems and setting up a test environment - decisions, decisions! I have placed an order for the O'Reilly book on spamassassin, but this will take weeks to arrive. So, in the meantime if anybody could respond with any of the following: a) which files to look at for clues b) a good starter or howto on spamassassin c) pointer to where my problems are d) anything that you feel may be helpful I would be very grateful. Bear in mind that this is a live system so my investigation must be non-intrusive. Thanks Mike
