Spamassassin Whitelist is not working

I have a domain that I've set to automatically white-list all mailboxes in the domain.

Server Configuration -> Spam and Virus Delivery -> Always allow mail from mailboxes in domain? = yes

All the emails are correctly listed in:

Services -> SpamAssassin -> Allowed and Denied Addresses -> Senders to never classify as spam

I restarted spamassassin. It doesn't seem to get triggered as emails between domain users are consistently thrown into the SPAM folder. Where is this file located on CentOS5? I would assume somewhere under /home/domian.com/ but I can't seem to find it.

-- Craig

Status: 
Active

Comments

The list should be in the file /etc/webmin/virtual-server/spam/XXXX/virtualmin.cf , where XXXX is the unique ID for the domain. This can be found with the command :

virtualmin list-domains --domain whatever.com --id-only

If this isn't being processed, check the log file /var/webmin/lookup-domain-daemon.log and let me know what gets logged when email to one of these domains arrives..

If this isn't being processed, check the log file /var/webmin/lookup-domain-daemon.log and let me know what gets logged when email to one of these domains arrives..

The virtulmin.cf file exists and looks correct. The log file doesn't exist, see directory listing below...

[root@id1007 128527461420322]# ll -a /var/webmin/
total 9284
drwx------  3 root bin     4096 Feb  3 08:19 .
drwxr-xr-x 25 root root    4096 May 26  2010 ..
-rwx------  1 root bin        0 Feb  2 13:42 blocked
-rwx------  1 root bin     4096 Dec 30 13:28 lookup-domain-cache.dir
-rwx------  1 root bin     8192 Feb  3 08:20 lookup-domain-cache.pag
-rw-------  1 root bin   267345 Feb  3 00:52 miniserv.error
-rw-------  1 root bin       27 Feb  3 08:20 miniserv.lastcrons
-rw-------  1 root bin  8700069 Feb  3 08:20 miniserv.log
-rw-r--r--  1 root root       6 Jan 29 08:04 miniserv.pid
drwx------  2 root root    4096 Feb  1 18:31 output
-rwx------  1 root bin        0 Feb  9  2010 sessiondb.dir
-rwx------  1 root bin     1024 Feb  2 13:43 sessiondb.pag
-rw-------  1 root bin   468709 Feb  2 17:00 webmin.log

I also disabled then enabled spam/virus services w/in VM and restarted SA, still no joy.

-- Craig

Is the lookup-domain-daemon process running on your system? If not, how much RAM does it have?

I see the process running through ps

[root@id1007 ~]# ps aux | grep lookup
root     13903  0.0  0.0   1920   508 pts/0    S+   16:23   0:00 grep lookup
root     18029  0.7  1.5  35424 33200 ?        Ss   14:23   0:57 /usr/libexec/webmin/virtual-server/lookup-domain-daemon.pl

When I run the following manually from the command line as root it just sits there and doesn't return anything (using a valid user of course)..

/etc/webmin/virtual-server/lookup-domain.pl user.domain.com

The lookup-domain command expects some input, so you should really run :

/etc/webmin/virtual-server/lookup-domain.pl user.domain.com </dev/null

OK, that returned the domain ID. What next?

Ok .. so it appears to be working.

What gets logged to /var/log/procmail.log when mail to a user who is having this problem arrives?

Here are the recent procmail log for this account: The bottom line is emails from one user in the domain to another in the same domain is being marked as spam even though we've set the domain to "whitelist" all domain email accounts.

Time:1296792686 From:News@mail.crutchfield.com To:LZEHE@MAHAFFEYTHEATER.COM User:lzehe.mahaffeytheater.com Size:18248 Dest:/home/mahaffeytheater.com/homes/lzehe/Maildir/new/1296792686.15650_0.id1007.cm1.dashsystems.com Mode:None
  Folder: /home/mahaffeytheater.com/homes/abodziak/Maildir/new/1296793    92539
Time:1296793094 From:travelocity@email.travelocity.com To:ABODZIAK@MAHAFFEYTHEATER.COM User:abodziak.mahaffeytheater.com Size:92597 Dest:/home/mahaffeytheater.com/homes/abodziak/Maildir/new/1296793094.18363_0.id1007.cm1.dashsystems.com Mode:None
  Folder: /home/mahaffeytheater.com/homes/drovine/Maildir/new/12967931     4909
Time:1296793199 From:ebazel@thebazelgroup.com To:drovine@mahaffeytheater.com User:drovine.mahaffeytheater.com Size:4965 Dest:/home/mahaffeytheater.com/homes/drovine/Maildir/new/1296793199.19578_0.id1007.cm1.dashsystems.com Mode:None
  Folder: /home/mahaffeytheater.com/homes/jwarner/Maildir/.spam/new/12     4859
Time:1296794010 From:tyhyku6834@belgacom.be To:jwarner@mahaffeytheater.com User:jwarner.mahaffeytheater.com Size:4913 Dest:/home/mahaffeytheater.com/homes/jwarner/Maildir/.spam/new/1296794010.28193_0.id1007.cm1.dashsystems.com Mode:Spam
  Folder: /home/mahaffeytheater.com/homes/lzehe/Maildir/new/1296794748    92321
Time:1296794748 From:travelocity@email.travelocity.com To:LZEHE@MAHAFFEYTHEATER.COM User:lzehe.mahaffeytheater.com Size:92379 Dest:/home/mahaffeytheater.com/homes/lzehe/Maildir/new/1296794748.5258_0.id1007.cm1.dashsystems.com Mode:None
  Folder: /home/mahaffeytheater.com/homes/gchristensen/Maildir/new/129     5460
Time:1296796428 From:audio@centerforhighered.com To:gchristensen@mahaffeytheater.com User:gchristensen.mahaffeytheater.com Size:5519 Dest:/home/mahaffeytheater.com/homes/gchristensen/Maildir/new/1296796428.20449_0.id1007.cm1.dashsystems.com Mode:None
  Folder: /home/mahaffeytheater.com/homes/jwarner/Maildir/new/12967969    12314
Time:1296796990 From:help@oilspilldonation.com To:info@mahaffeytheater.com User:jwarner.mahaffeytheater.com Size:12371 Dest:/home/mahaffeytheater.com/homes/jwarner/Maildir/new/1296796989.26454_0.id1007.cm1.dashsystems.com Mode:None
  Folder: /home/mahaffeytheater.com/homes/eryan/Maildir/.spam/new/1296     6006
Time:1296798616 From:audio@hrexec.net To:eryan@mahaffeytheater.com User:eryan.mahaffeytheater.com Size:6054 Dest:/home/mahaffeytheater.com/homes/eryan/Maildir/.spam/new/1296798616.11315_0.id1007.cm1.dashsystems.com Mode:Spam
  Folder: /home/mahaffeytheater.com/homes/ebrincklow/Maildir/new/12967    18047

Thanks!
-- Craig

Any additional thoughts on this? All user-to-user emails are still being marked as spam.

Thanks!
-- Craig

If you like, I would be happy to login to your system myself and see what is going on. If that is possible, you can email me login details at jcameron@virtualmin.com

Ok, I see the cause now .. because you have configured Virtualmin to use spamc to check for spam, per-domain spamassassin config files are not used .. and so the whitelist won't apply.

A more interesting question is why mail from one user to another on the same system is being classified as spam in the first place - I wouldn't expect this to happen, even without the whitelist. Do you have an example of one of those mail files?

A more interesting question is why mail from one user to another on the same system is being classified as spam in the first place - I wouldn't expect this to happen, even without the whitelist. Do you have an example of one of those mail files?

Login (thorugh VM or webmail) and look in the spam folder for scornett.mahaffeytheater.com. Near as I can tell it only affects those emails sent though the web interface (you can use nlandry@ as a test sender account), although I'm not 100% certain about this.

Every test I"ve done from nlandry@ to scornett@ email from the web interface goes to spam.

-- Craig

By the way, I created a test account jcameron@mahaffeytheater.com , and email to it was delivered just fine without being classified as spam.

From what account? As previously mentioned it seems only to happen when sent from the web interface.

Ok, it looks like email is being classified as spam because spamassassin is seeing the IP of the PC usermin was accessed from, classifying that as dynamic (which is correct), and then giving it a high spam score!

This only happens because your system is setup to send email using the sendmail command instead of an SMTP connection. I have changed the usermin config to use SMTP instead ... let me know if that helps.

Ok, I see the cause now .. because you have configured Virtualmin to use spamc to check for spam, per-domain spamassassin config files are not used .. and so the whitelist won't apply.

So if I change (in VM) Email Messages -> Spam and Virus Scanning -> SpamAssassin client program = spamassassin (Standalone program) then per-domain spamassassin configurations are used?

This only happens because your system is setup to send email using the sendmail command instead of an SMTP connection. I have changed the usermin config to use SMTP instead ... let me know if that helps.

Where is this setting?

So if I change (in VM) Email Messages -> Spam and Virus Scanning -> SpamAssassin client program = spamassassin (Standalone program) then per-domain spamassassin configurations are used?

Yes, that is correct.

This only happens because your system is setup to send email using the sendmail command instead of an SMTP connection. I have changed the usermin config to use SMTP instead ... let me know if that helps.

Webmin -> Usermin Configuration -> Usermin Module Configuration -> Read Mail -> Sending email -> Send mail via connection to.

Webmin -> Usermin Configuration -> Usermin Module Configuration -> Read Mail -> Sending email -> Send mail via connection to

That would be set to localhost, correct? I just want to make sure I understand correctly, so much to learn...

Also, are you finished with SSH access to that server?

-- Thanks!
Craig

Yes, it should be set to localhost.

I am done with SSH access .. thanks!

Jamie,

This morning we have a client who is getting email rejected by the recipient (Barracuda Reputation scanner). The kicker is they are sending via Outlook client using SMTP port 587 (that's what they tell me) but the reject is based on their local dynamic pool IP - not the IP of our mail server.

Is there another setting we need to adjust (similar to the Usermin config changes above) to implement along-side port 587 so the Barracuda scanner see's this email as coming from our mail server IP? As a test I had them send the recipient a message through Webmail and that sailed through w/out incident (thanks to the usermin adjustments above).

Thanks!
Craig

I'm not sure what rule this barracuda box is using to bounce mail, sorry ...

Generally mail scanners like spamassassin will look at the Received: headers on email, and make sure it was relayed through at least one non-dynamic IP. In your case, that would be the IP of your mail server.

Ok, I just wanted to make sure we didn't have something mis-configured to use smtp-auth (port 587). Thanks!