spamassassin does not honour local.cf

Question

I updated my /etc/spamassassin/local.cf spamassassin file to update some score rules. However, even after restarting spamassassin (via service), the new score are not shown in spam emails. In fact, nothing in that file seem to influence how spamassassin work.

I use exim as my MTA but that should not matter. All packages were installed via apt-get and are at the latest version for 14.04.

For example, I have this:

score HTML_MESSAGE 2.0

define in /etc/spamassassin/local.cf. I restarted both exim and spamassassin. spamassassing --lint shows that there are no errors int hat file. Then got yet another spam with this:

0.0 HTML_MESSAGE           BODY: HTML included in message

In the X-Spam-Report field.

I ran spamassassin -D < spam and the order of loading of cfg files seems to be wrong:

Jun  8 13:34:07.300 [21668] dbg: config: read file /etc/spamassassin/local.cf
...
Jun  8 13:34:07.600 [21668] dbg: config: read file /var/lib/spamassassin/3.004000/updates_spamassassin_org/50_scores.cf
...
Jun  8 13:34:07.787 [21668] dbg: config: read file /var/lib/spamassassin/3.004000/updates_spamassassin_org/73_sandbox_manual_scores.cf
Jun  8 13:34:07.788 [21668] dbg: config: fixed relative path: /var/lib/spamassas
sin/3.004000/updates_spamassassin_org/local.cf
...

What is going on?

Based on a comment from Centimane: I tried strace -f -e trace=file spamassassin -D < spam with the same result: Spamassassin is reading system files after the local.cf file. Thus, trashing any score changes.

From comments, here is the local.cf file, which is more or less the vanilla one.

# This is the right place to customize your installation of SpamAssassin.
#
# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be
# tweaked.
#
# Only a small subset of options are listed below
#
###########################################################################

#   Add *****SPAM***** to the Subject header of spam e-mails
#
rewrite_header Subject *****SPAM*****
add_header spam Flag _YESNOCAPS_
add_header all Checker-Version SpamAssassin _VERSION_ (_SUBVERSION_) on _HOSTNAME_
add_header all Status _YESNO_, score=_SCORE_ required=_REQD_ tests=_TESTS_ autolearn=_AUTOLEARN_ bayes=_BAYES_
add_header all Report _SUMMARY_

#   Save spam messages as a message/rfc822 MIME attachment instead of
#   modifying the original message (0: off, 2: use text/plain instead)
#
# report_safe 1


#   Set which networks or hosts are considered 'trusted' by your mail
#   server (i.e. not spammers)
#
# trusted_networks 212.17.35.


#   Set file-locking method (flock is not safe over NFS, but is faster)
#
# lock_method flock


#   Set the threshold at which a message is considered spam (default: 5.0)
#
required_score 5.0

#   Use Bayesian classifier (default: 1)
#
use_bayes 1
bayes_path /var/lib/spamassassin/bayes/bayes
bayes_file_mode 0777


#   Bayesian classifier auto-learning (default: 1)
#
bayes_auto_learn 1


#   Set headers which may provide inappropriate cues to the Bayesian
#   classifier
#
bayes_ignore_header X-Bogosity
bayes_ignore_header X-Spam-Flag
bayes_ignore_header X-Spam-Status


#   Some shortcircuiting, if the plugin is enabled
# 
ifplugin Mail::SpamAssassin::Plugin::Shortcircuit
#
#   default: strongly-whitelisted mails are *really* whitelisted now, if the
#   shortcircuiting plugin is active, causing early exit to save CPU load.
#   Uncomment to turn this on
#
shortcircuit USER_IN_WHITELIST       on
shortcircuit USER_IN_DEF_WHITELIST   on
shortcircuit USER_IN_ALL_SPAM_TO     on
shortcircuit SUBJECT_IN_WHITELIST    on

#   the opposite; blacklisted mails can also save CPU
#
shortcircuit USER_IN_BLACKLIST       on
shortcircuit USER_IN_BLACKLIST_TO    on
shortcircuit SUBJECT_IN_BLACKLIST    on

#   if you have taken the time to correctly specify your "trusted_networks",
#   this is another good way to save CPU
#
# shortcircuit ALL_TRUSTED             on

#   and a well-trained bayes DB can save running rules, too
#
shortcircuit BAYES_99                spam
shortcircuit BAYES_00                ham

blacklist_from wokfrance.com
blacklist_from brother-mailer.com
blacklist_from *.sd-soft.net
blacklist_from woifrance.com
blacklist_from adimacocl.net
blacklist_from bletspuranawyat.net
blacklist_from sd-soft.net
blacklist_from m1web-track.com
blacklist_from winntoniecline.net
blacklist_from kafod.org
blacklist_from *.kafod.org
blacklist_from [email protected]
blacklist_from *.bhlive.co.uk
blacklist_from *.regionasm.net
blacklist_from regionasm.net

## Tweaks.
score AC_BR_BONANZA                 1.0
score ADMITS_SPAM                  10.0
score A_HREF_TO_REMOVE              2.0
score DEAR_FRIEND                   4.0
score FREEMAIL_FORGED_FROMDOMAIN    4.0
score FREEMAIL_FROM                 1.0
score FROM_LOCAL_HEX                9.0
score HTML_MESSAGE                  2.0
score RCVD_IN_MSPIKE_BL             2.0
score RCVD_IN_SORBS_WEB             2.0
score RCVD_IN_XBL                   3.0
score RDNS_NONE                     2.0
score SCVD_IN_DNSWL_BLOCKED         3.0
score T_DKIM_INVALID                1.0
score T_FREEMAIL_DOC_PDF            3.0
score T_REMOTE_IMAGE                3.0
score URIBL_BLOCKED                 3.0
score URIBL_DBL_SPAM                3.0
score URIBL_JP_SURBL                3.0
score URIBL_WS_SURBL                3.0

endif # Mail::SpamAssassin::Plugin::Shortcircuit

And the whole output of spamassassin -D is too big for this. However, the relevant lines are above. If you want more information, tell me what to look for and I will add it.

A duplicate of [spamassassin does not honour local.cf](https://askubuntu.com/q/488379/24976) but the later got no where and here might be a better audience for this. — Sardathrion - against SE abuse, May 22 '17 at 13:57
@Sardathrion Duplicates are only counted within site. Questions on external stack exchange sites can't be marked as duplicates. — Centimane, May 25 '17 at 10:20
@Sardathrion I'm not familiar with `spamassassin` itself, but if you can launch it from command line, I'd recommend my usual tactic: `strace -f -e trace=file [command]`. That will print out all the files accessed by your application, and can be a great way to find config/log files in general. — Centimane, May 25 '17 at 10:22
@Centimane: `spamassassin -D` does tell me the order and which files are read: **The order appears to be wrong** as `local.cf` is read *first* then system configurations files… — Sardathrion - against SE abuse, May 25 '17 at 12:20
The application can lie, `strace` will not. Also consider that `/var/lib/` is a usual place for applications to store their data, not their config. Again, I'm not familiar with `spamassasin`, but I would recommend `strace` anyway to see if there are other config files it is/could be sourcing. — Centimane, May 25 '17 at 13:51
@Centimane Tried it, same result. Spamassassin is reading system files *after* the `local.cf` file. As to where those files live, I have no idea why Ubunut/Debian developers then there. I suspect someone familiar with both Ubuntu/Debian and spamassassin can answer but those people seem to not read stackexchange. ☹ — Sardathrion - against SE abuse, May 25 '17 at 14:21
@Sardathrion could you paste your *local.cf* and your `spamassassin -D` full output? — zuazo, May 28 '17 at 08:28
@Sardathrion loading sa-update rules (*/var/lib/spamassassin*) after the main *local.cf* is the expected behavior. That should not override the `score` you have added. Make sure you have your `score` added in the correct place in the config (at the bottom for example, outside any `ifplugin` option etc.). To help you better, please, pasting your *local.cf* and the full command output would help, you can use pastebin or similar pages for that. — zuazo, May 28 '17 at 11:05
@zuazo Uploaded. Cannot paste the whole log as it's way too big for stack. — Sardathrion - against SE abuse, May 30 '17 at 10:09

score 5 · Accepted Answer · answered May 31 '17 at 07:47

5

The problem is that you are setting the HTML_MESSAGE score inside the Shortcircuit plugin. But that plugin comes disabled by default. Try to set the score in the last line of the file, after the Shortcircuit endif instruction:

#   Some shortcircuiting, if the plugin is enabled
# 
ifplugin Mail::SpamAssassin::Plugin::Shortcircuit
# [...]
endif # Mail::SpamAssassin::Plugin::Shortcircuit

score HTML_MESSAGE 2.0

If you prefer to enable the Shortcuit plugin, you need to uncomment it from the /etc/spamassassin/v320.pre file:

# Shortcircuit - stop evaluation early if high-accuracy rules fire
# 
loadplugin Mail::SpamAssassin::Plugin::Shortcircuit

answered May 31 '17 at 07:47

zuazo

3,002
18
24

I have been running this for a hew hours and all seems to be working just fine. Many thanks indeed for the catch. It was driving me nuts! A bounty well earned. – Sardathrion - against SE abuse May 31 '17 at 10:24
2

You are welcome ;-) Having that score already set inside the Shortcuit plugin is always confusing. – zuazo May 31 '17 at 13:50
Wow, good eye, @zuazo! – Jesse Adelman Jun 02 '17 at 21:24

score 2 · Answer 2 · answered May 25 '17 at 22:35

2

The README for SpamAssassin talks about the convoluted way that SpamAssassin reads its own data files.

Start reading at line 95: http://svn.apache.org/viewvc/spamassassin/branches/3.4/README?view=markup#l95

From reading that, it seems that SpamAssassin, at least in the original, official source, does not read from

/etc/spamassassin/

at all, but rather from

/etc/mail/spamassassin/

Try moving your file there! :D

answered May 25 '17 at 22:35

Jesse Adelman

246
2
11

2

`/etc/mail/spamassassin/` is a symlink to `/etc/spamassassin/` in Ubuntu. The link is helpful. Thank you. – Sardathrion - against SE abuse May 26 '17 at 06:48
Incorrect answer and incorrect comment. You would simply be moving the file to `/etc/spamassassin/` anyway. Read about symlinks. If you wish to check what it uses, run a `spamassassin -D` and see where it reads from. Output: `LOCAL_RULES_DIR=/etc/spamassassin` (< Debian/Ubuntu default shown) – B. Shea Dec 29 '19 at 18:46
@bshea Before rushing into answering, you should read my answer more carefully. Debian obviously compiles SpamAssasin with their own, local, distro-specific options. The OFFICIAL Spamassasin codebase/repo does it the way I say, at least in that version. I am NOT referring to ANY Linux distro's customized spin on it. Unless you are challenging the authors of SpamAssasin themselves? – Jesse Adelman Dec 30 '19 at 20:24
Maybe you should do same? I wasn't trying to be rude, but you don't answer the question. See the question you are answering: "_All packages were installed via apt-get_". I based my response on that. And yes.. I know. – B. Shea Dec 30 '19 at 21:18

score 0 · Answer 3 · answered May 29 '17 at 15:35

0

In my default local.cf I read:

# These values can be overridden by editing ~/.spamassassin/user_prefs.cf
# (see spamassassin(1) for details)

Do you have a user spamassassin configuration file (~/.spamassassin/user_prefs.cf)?

Take a look as well to this perldoc:

perldoc Mail::SpamAssassin::Conf

In the USER PREFERENCES section I read:

USER PREFERENCES The following options can be used in both site-wide ("local.cf") and user-specific ("user_prefs") configuration files to customize how SpamAssassin handles incoming email messages.

answered May 29 '17 at 15:35

tmow

1,245
11
17

No I do not have such a file. Are you suggesting that I should? – Sardathrion - against SE abuse May 29 '17 at 16:48
Yes, you should, but look at the "spamassassin", "sa-learn", or "spamd" man pages to see where is located. It could also be ~/.config/spamassassin – tmow May 30 '17 at 06:55
This only work for a user, whereas I want to change those scores for the whole server. – Sardathrion - against SE abuse May 30 '17 at 09:56

spamassassin does not honour local.cf

3 Answers3