Docker-mailserver: multiple users: spamassassin not working properly

Created on 29 Jan 2017  路  19Comments  路  Source: tomav/docker-mailserver

I first configured the container with one user and spamassassin works fine and as expected for months. Then I added two new users with their own directory for receiving mails and for the life of me I can't get spamassassin headers added to incoming emails:

Return-Path: eyxdzn@domain.net
Delivered-To: [email protected]
Received: from localhost (localhost [127.0.0.1])
by mail.domain.com(Postfix) with ESMTP id 8290F1723BE
for support@domain.com; Sun, 29 Jan 2017 01:40:10 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at domain.net
Received: from mail.domain.com([127.0.0.1])
by localhost (mail.domain.com[127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id P5EdkQSiJxjI for support@domain.com;

So Amavis passes the mail off to Virus Scanning, works fine. But it doesn't pass it to Spamassassin?

My SA Tags are as follows:

$sa_tag_level_deflt = -999; # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 3.4; # add 'spam detected' headers at that level
$sa_kill_level_deflt = 99; # triggers spam evasive actions
$sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent

  • I checked permissions on the new users' postfix folders and they look OK. They appear writable.
  • Nothing of note is showing up in mail.err in /var/log/mail
  1. In theory, amavis is setup to process Spamassassin for all users with a single bayes database/tokens?
  2. Is there anything in amavis/spamassassin that would stop Spamassassin from adding X-Spam headers to these additional postfix users' mails?
bug
Source
picture davidszp

Most helpful comment

Better now.

picture tomav on 21 Apr 2017
👍2

All 19 comments

After a few additional hours, I have been able to figure out the problem. Here is some more info for those who were as lost as me:

  • In its default setup, amavis does not support "per user" setup of spamassassin rules. You can't have bayes sets for individual users. You have to use a shotgun approach: one big rule & bayes set that fits all users.
  • my problem above boiled down to the acl domain rules in amavis setup. Some of my domains are subdomains. The default amavis setup does activate spamassassin settings for subdomains but only for domain.com type domains.

I have overridden the default in 05-domain_id (in the amavis defaults)

@local_domains_acl = ( ".$mydomain" );

in 50-user with this rule

@local_domains_maps = (".");

which matches any sort of domain. And now my subdomain email accounts get Spamassassin x-headers written into their mails like they're supposed to.

davidszp picture davidszp on 29 Jan 2017

I closed the ticket and added the relevant information to the FAQ.

davidszp picture davidszp on 29 Jan 2017

Thanks for the update and wiki @makloda

tomav picture tomav on 29 Jan 2017

Not sure if we should close this so easy: Setting local_domains_maps only to head -n 1 /etc/mailname per default means that we enable spamfiltering only for the first domain and not for other domains we have.

I think we should modify amavisd here and provide it with all domains we know, maybe the /etc/postfix/vhost file could be handy here.

theomega picture theomega on 28 Mar 2017

I think @theomega is right. Only the first domain is scanned.

tomav picture tomav on 29 Mar 2017

Yep, just tried adding this to /etc/amavis/conf.d/40-policy_banks

@local_domains_maps = (
   read_hash('/etc/postfix/vhost')
);

Seems to work on other domain. I think we should also add integration tests too on that.

tomav picture tomav on 29 Mar 2017

PR https://github.com/tomav/docker-mailserver/pull/563

tomav picture tomav on 29 Mar 2017

@makloda, @theomega

The added test is ok on the PR:

@test "checking spamassassin: all registered domains should see spam headers" {
  run docker exec mail /bin/sh -c "grep -ir 'X-Spam-' /var/mail/localhost.localdomain/user1/new"
  assert_success
  run docker exec mail /bin/sh -c "grep -ir 'X-Spam-' /var/mail/otherdomain.tld/user2/new"
  assert_success
}

I let you check this code. I'll merge when I have your approval.

tomav picture tomav on 29 Mar 2017

is there any solution yet?

thiesschneider picture thiesschneider on 17 Apr 2017

Hi @thiesschneider, there are some fix to do on the PR https://github.com/tomav/docker-mailserver/pull/563
I currently don't have time for that but you can finalize it if you want.
Sorry.

tomav picture tomav on 18 Apr 2017

:) so I will wait...
i am not into it that much sorry!
but thank you for the project!!!

thiesschneider picture thiesschneider on 18 Apr 2017

Done.

tomav picture tomav on 18 Apr 2017
1

Is there a reason that this was pushed on elk only and not to the latest tag?
Would love to have this in my image too

thiesschneider picture thiesschneider on 20 Apr 2017

Docker Hub build failed due to Clamav.. again...
Just restarted it.
https://hub.docker.com/r/tvial/docker-mailserver/builds/

tomav picture tomav on 20 Apr 2017

hm... it failed again i think :(

thiesschneider picture thiesschneider on 20 Apr 2017

Better now.

tomav picture tomav on 21 Apr 2017
👍2

can you please make instructions how to make this exactly work

wasgehthierab picture wasgehthierab on 27 Apr 2017

I am also wondering which file I have to modify to get this working.
I am still getting Spam on my other domains :/
thx!

thiesschneider picture thiesschneider on 28 Apr 2017

Hey there,

can nobody help?

thx

thiesschneider picture thiesschneider on 4 May 2017
Was this page helpful?
0 / 5 - 0 ratings

Related issues

xiao1201 picture xiao1201  路  4Comments
Hamsterman picture Hamsterman  路  3Comments
H4R0 picture H4R0  路  3Comments
InsOpDe picture InsOpDe  路  4Comments
jholster picture jholster  路  4Comments