Migrating Spamassassin Bayes DB

I am migrating a 10.5 mailserver to new hardware running 10.6.
The old mailserver uses a global spamassassin db stored in /var/amavis/.spamassassin and the files in this dir are as follows:
-rw------- 1 _amavisd _amavisd 42123264 Dec 8 22:42 auto-whitelist
-rw------- 1 _amavisd _amavisd 25272 Dec 8 22:42 bayes_journal
-rw------- 1 _amavisd _amavisd 41549824 Dec 8 22:25 bayes_seen
-rw------- 1 _amavisd _amavisd 5115904 Dec 8 22:25 bayes_toks
What is the best way to migrate this bayes db to the new server?
I thought:
sa-learn --backup > backup.txt
might work, but this yields basically an empty output file.
Tips?
Rusty
Message was edited by: Rusty Ross

Thanks, Alex.
I used spamtrainer.
A couple questions on that. The first time I ran spamtrainer -r on the new machine, I got a message from spamtrainer that /var/amavis/.spamassassin did not exist, and then spamtrainer went ahead to create the following two files in /var/amavis:
-rw------- 1 _amavisd _amavisd 41582592 Dec 9 13:21 .spamassassin_seen
-rw------- 1 _amavisd _amavisd 4202496 Dec 9 13:21 .spamassassin_toks
So then, I created /var/amavis/.spamassassin and rain spamtrainer -r again.
This time, spamtrainer created the following two files in /var/amavis/.spamassassin:
-rw------- 1 _amavisd _amavisd 41582592 Dec 9 13:26 bayes_seen
-rw------- 1 _amavisd _amavisd 4202496 Dec 9 13:26 bayes_toks
...which seems right to me.
Two questions.
(1) Can I safely delete .spamassassin_seen and .spamassassin_toks in /var/amavis now?
(2) Should I be concerned that spamtrainer didn't seem to migrate bayes_journal and auto-whitelist?
Thanks.

Similar Messages

Migrating SpamAssassin "Learnings"

How do I teach SpamAssassin on my new Leopard Server what my Tiger Server learned? I do not see that info in the migration or the mail documentation. If I use the tool to export Mail settings, will it migrate what I have taught SpamAssassin or will it even migrate the SpamAssassin settings? If neither, I am sure I can do the settings, but I am not sure how to transfer what it learned. Any ideas?

You can use spamtrainer to backup and restore your bayes DB. spamtrainer is available here:
http://osx.topicdesk.com/tool/
After installation, see "man spamtrainer".
The SpamAssassin setting on OS X, are really the amavisd settings. Do not replace /etc/amavisd.conf with your old file as they are not compatible. Simply carry over the settings you need.
Also, the learnjunkmail script that comes with Leopard server is broken. You can use spamtrainer instead. More info here: http://osx.topicdesk.com/content/view/131/84/

SpamAssassin bayes learning works ?

In the thread http://discussions.apple.com/thread.jspa?messageID=2343222&#2343222 I read about bayes autolearning with the two accounts "junkmail" and "notjunkmail".
However I thought that SpamAssassin automatically feeds the bayes filter automatically depending upon the score of each message.
But this thread makes me more in believing that without these two mail accounts SpamAssassin never learns.
So maybe someone can tell what is correct. And if it works only with these two special mail accounts, how can I achieve that SpamAssassin learns automatically (e.g. mails with score <= 1 are considered as ham, mails with score >1 is learned as spam) ? I have configured this similar on my old server, but have no idea how I made this years ago (maybe it was standard at SpamAssassin and this implementation is a special one by Apple).

You will need to feed it at least 200 ham and spam? After that, although I
This has been done; however I hadn't 200 ham messages, but learned around 1500 spams.
advise againt it, you can stop training it. However if you stop training it and
do not use rules, results are going to be poor.
Asking explicitly: Without junkmail/nonjunkmail mail accounts - does SA learn automatically ?
Are the tag levels set correctly in /etc/amavisd.conf?
Probably, I left them to the defaults. Here are the values:
satag_leveldeflt = -999
satag2_leveldeflt = 5.0
sakill_leveldeflt = satag2_leveldeflt (so also 5.0)
However... on my old server I have a mail tag like this one:
Yes, score=34.1 required=5.0 tests=BAYES_99, DATEIN_FUTURE_96_XX,FORGED_RCVD_HELO,FUZZY_AMBIEN,FUZZYVLIUM, FUZZYXPILL,HTML_50_60,HTML_FONT_LOW_CONTRAST,HTMLMESSAGE, HTMLTITLE_EMPTY,MIME_HTML_ONLY,RCVD_IN_BL_SPAMCOP_NET,RCVD_INXBL, SUBJALL_CAPS,URIBL_AB_SURBL,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBLSBL, URIBLSCSURBL autolearn=spam version=3.1.3
Notice the "autolearn=spam" entry... this is what I miss at my new server as a proof that it has learned.

SpamAssassin / Amavisd tuning - TCP active open: Failed connect() errors

I started this post as we were experiencing a problem with occassional delayed mail delivery to our mail store. As I continued writing it, I think that I've resolved it. But I wanted to post this anyway so if I'm doing things right it might help someone else; or, if I'm doing something wrong someone can correct me. :) For reference, we have a quad Sun v440, and process about 500,000 messages a day.
We were seeing messages like this in our log files:
09-Nov-2006 08:28:09.37 tcp_scan Q 1 [email protected] rfc822;[email protected] @tcp_scan-daemon:[email protected] TCP active open: Failed connect() Error: Connection timed out
example.com represents our local domain. The errors seemed to occur proportionally to the amount of incoming mail we received. That is, we saw more of them under load.
We are running SpamAssassin, Amavisd/clamav, and:
Sun Java(tm) System Messaging Server 6.2-5.01 (built Nov 22 2005)
libimta.so 6.2-5.01 (built 11:57:57, Nov 22 2005)
SunOS hostname 5.9 Generic_118558-11 sun4u sparc SUNW,Sun-Fire-V440
This line seems to say that the message is in the tcp_scan channel, and cannot send to 127.0.0.1:10024 (amavisd) because that port isn't listening.
My amavisd max_servers was set at 15. After reading http://www.ijs.si/software/amavisd/amavisd-new-magdeburg-20050519.pdf and making a wild guess, I increased it to 30. The errors were less frequent, but still occurred.
The output of 'sar -d' showed that my local disk was experiencing upwards of 80% utilization. I moved the amavisd temp directory and the spamassassin bayes db to a san volume, and that sped everything up dramatically. The connect errors went away, clamav avg time per message is at 4 seconds down from 10. I am now receiving errors from spamassassin that say:
Nov 9 10:27:27 hostname.example.com spamd[21601]: prefork: server reached --max-children setting, consider raising it
My --max-children is set to 25 right now, and the server is cpu bound under heavy load, so I see no reason to raise it.
So this is my setup. I am no longer having an immediate problem, but comments/questions are welcome.
Config files related to my setup are below.
Excerpts of imta.cnf:
! tcp_scan
[] $E$R${tcp_scan,$L}$U%[$L]@tcp_scan-daemon
! ims-ms
ims-ms defragment subdirs 20 notices 1 7 14 21 28 backoff "pt5m" "pt10m" "pt30m" "pt1h" "pt2h" "pt4h" maxjobs 2 pool IMS_POOL destinat
ionspamfilter1 fileinto $U+$S@$D
ims-ms-daemon
! tcp_local
tcp_local smtp mx single_sys remotehost inner switchchannel identnonenumeric subdirs 20 maxjobs 7 pool SMTP_POOL saslswitchchannel tcp
auth maytlsserver maysaslserver missingrecipientpolicy 0 aliasdetourhost tcpscan-daemon
tcp-daemon
! tcp_intranet
tcp_intranet smtp mx single_sys subdirs 20 dequeue_removeroute maxjobs 7 pool SMTP_POOL allowswitchchannel saslswitchchannel tcp_auth
maytlsserver maysaslserver missingrecipientpolicy 4 aliasdetourhost tcp_scan-daemon
tcp_intranet-daemon
! tcp_scan
tcp_scan smtp single_sys subdirs 5 notices 1 backoff "pt10m" "pt30m" "pt2h" "pt4h" dequeue_removeroute maxjobs 7 pool SMTP_POOL daemon
[127.0.0.1] port 10024
tcp_scan-daemon
option.dat:
SPAMFILTER1_LIBRARY=/opt/sunjes/SUNWmsgsr/lib/libspamass.so
SPAMFILTER1_CONFIG_FILE=/opt/sunjes/SUNWmsgsr/config/SpamAssassin
SPAMFILTER1_STRING_ACTION=data:,require ["addheader"]; addheader "Spam-test: $U"; require "fileinto"; fileinto "Junk";
SPAMFILTER1_OPTIONAL=1
dispatcher.cnf:
[SERVICE=SMTP-SCAN]
DEBUG=-1
PARAMETER=CHANNEL=tcp_scan
PORT=10025
IMAGE=IMTA_BIN:tcp_smtp_server
LOGFILE=IMTA_LOG:tcp_scan-server.log
STACKSIZE=2048000
INTERFACE_ADDRESS=127.0.0.1
SpamAssassin:
host=127.0.0.1
port=783
debug=0
mode=1
field=
verdict=Junk
USE_CHECK=0

Suggest dropping Amavis in preference to the built-in
integration, per our documentation. Simpler, more
performant.Sorry, my title wasn't very accurate. We are running SpamAssassin through the built in integration, and clamav through amavisd. There isn't any built in integration to clamav, is there?

Mailman and Spamassassin

Greetings again,
My mail configuration is humming along nicely, but there is a small matter which irks me somewhat. We run a mailing list for our company so that any mail our customers send to our main e-mail address gets bounced to all our personal accounts.
Since out e-mail address is advertised on our website, spam-blocking is a big consideration, so we've set up set of Spamassassin/Bayes rules which greatly cut down on Spam. Naturally, we've also assembled a comprehensive "whitelist_sender" hash file to make sure nothing from our clients ever gets blocked.
When spam does get through, it gets marked in the subject "<Junk> <Junk>". This dual-marking puzzled me at first, but I realized that mail gets scanned once it arrives on our server and then again as the server delivers it to each e-mail on the mailman list. The problem is, I've occasionally seen list e-mails with the spam marking "<junk>" only appear one in the subject line. To further confuse matters, I've seen them appear on e-mails from people who are whitelisted. Why would a different set of rules apply for the mailing list delivery?
A mailing list mails are from "[email protected]". Does Amavis scan the the "From:" field of the e-mail or the "FROM" envelope header? I've considered adding "localhost" to the whitelist_sender file, but I fear that all e-mails would then go unscanned.
Have other people encountered this situation? Any simple solutions?

Depending on the usage of your server....
You could have amavis discard or bounce the messages before they hit Mailman (if you don't mind the same for your non-mailman mail).
If you look in /etc/amavisd.conf, you'll find a kill_level (default of 22), you can set this to a lower number. Some sites, which prefer aggressive anti-spam protection, will set this to the same level as tag2 (also in the config file).
In this way, no spam which hits the threshold is delivered.
Make sure to configure finalspamdestiny to your preference.
Again, this would effect your non-mailman users- so whether this is viable for you- I don't know.
Jeff

Uninstall spamassassin?

Hi all --
I had an existing installation of spamassassin. I installed again using cpan (which I'm pretty sure is how I originally installed, and it seems to have installed everything in a new set of locations (e.g., I have copies of spamd in both /usr/bin/local/ and /usr/bin/).
When I try to run spamd or utilities like sa-learn, I get this message:
error: spamd: spamd script is v3.002003, but using modules v3.002005
I assume that's because I have two different versions sitting across my file system.
Can any of you suggest the best way to clean this up? There's quite an assortment of files that were installed.

Wow, thanks David.
I don't know enough about perl or CPAN to make much sense of this, so I ran your script to see if it would become evident.
I was thinking that your script might point out duplicate entries of SpamAssassin components, and I could just trash the older version. I see that it doesn't do that.
However, I see that some entries seem to refer to an earlier version (3.1.8 instead of 3.2.5). Does that mean that perhaps my installation failed to overwrite those components? I'm not quite sure how to correct this.
Here's the relevant part of the output (i.e., all lines beginning with "Mail::SpamAssassin"
Mail::SpamAssassin,3.002005,/Library/Perl/5.8.8/Mail/SpamAssassin.pm,3.002005,J/ JM/JMASON/Mail-SpamAssassin-3.2.5.tar.gz,1,WHICH
Mail::SpamAssassin::AICache,undef,/Library/Perl/5.8.8/Mail/SpamAssassin/AICache. pm,undef,F/FE/FELICITY/Mail-SpamAssassin-3.1.8.tar.gz,1,WHICH
Mail::SpamAssassin::ArchiveIterator,undef,/Library/Perl/5.8.8/Mail/SpamAssassin/ ArchiveIterator.pm,undef,J/JM/JMASON/Mail-SpamAssassin-3.2.5.tar.gz,1,WHICH
Mail::SpamAssassin::AsyncLoop,undef,/Library/Perl/5.8.8/Mail/SpamAssassin/AsyncL oop.pm,undef,J/JM/JMASON/Mail-SpamAssassin-3.2.5.tar.gz,1,WHICH
Mail::SpamAssassin::AutoWhitelist,undef,/Library/Perl/5.8.8/Mail/SpamAssassin/Au toWhitelist.pm,undef,J/JM/JMASON/Mail-SpamAssassin-3.2.5.tar.gz,1,WHICH
Mail::SpamAssassin::Bayes,undef,/Library/Perl/5.8.8/Mail/SpamAssassin/Bayes.pm,u ndef,J/JM/JMASON/Mail-SpamAssassin-3.2.5.tar.gz,1,WHICH
Mail::SpamAssassin::Bayes::CombineChi,undef,/Library/Perl/5.8.8/Mail/SpamAssassi n/Bayes/CombineChi.pm,undef,J/JM/JMASON/Mail-SpamAssassin-3.2.5.tar.gz,1,WHICH
Mail::SpamAssassin::Bayes::CombineNaiveBayes,undef,/Library/Perl/5.8.8/Mail/Spam Assassin/Bayes/CombineNaiveBayes.pm,undef,J/JM/JMASON/Mail-SpamAssassin-3.2.5.ta r.gz,1,WHICH
Mail::SpamAssassin::BayesStore,undef,/Library/Perl/5.8.8/Mail/SpamAssassin/Bayes Store.pm,undef,J/JM/JMASON/Mail-SpamAssassin-3.2.5.tar.gz,1,WHICH
Mail::SpamAssassin::BayesStore::DBM,undef,/Library/Perl/5.8.8/Mail/SpamAssassin/ BayesStore/DBM.pm,undef,F/FE/FELICITY/Mail-SpamAssassin-3.1.8.tar.gz,1,WHICH
Mail::SpamAssassin::BayesStore::MySQL,undef,/Library/Perl/5.8.8/Mail/SpamAssassi n/BayesStore/MySQL.pm,undef,J/JM/JMASON/Mail-SpamAssassin-3.2.5.tar.gz,1,WHICH
Mail::SpamAssassin::BayesStore::PgSQL,undef,/Library/Perl/5.8.8/Mail/SpamAssassi n/BayesStore/PgSQL.pm,undef,J/JM/JMASON/Mail-SpamAssassin-3.2.5.tar.gz,1,WHICH
Mail::SpamAssassin::BayesStore::SDBM,undef,/Library/Perl/5.8.8/Mail/SpamAssassin /BayesStore/SDBM.pm,undef,J/JM/JMASON/Mail-SpamAssassin-3.2.5.tar.gz,1,WHICH
Mail::SpamAssassin::BayesStore::SQL,undef,/Library/Perl/5.8.8/Mail/SpamAssassin/ BayesStore/SQL.pm,undef,F/FE/FELICITY/Mail-SpamAssassin-3.1.8.tar.gz,1,WHICH
Mail::SpamAssassin::Client,undef,/Library/Perl/5.8.8/Mail/SpamAssassin/Client.pm ,undef,J/JM/JMASON/Mail-SpamAssassin-3.2.5.tar.gz,1,WHICH
Mail::SpamAssassin::Conf,bogus,/Library/Perl/5.8.8/Mail/SpamAssassin/Conf.pm,bog us,J/JM/JMASON/Mail-SpamAssassin-3.2.5.tar.gz,1,WHICH
Mail::SpamAssassin::Conf::LDAP,undef,/Library/Perl/5.8.8/Mail/SpamAssassin/Conf/ LDAP.pm,undef,F/FE/FELICITY/Mail-SpamAssassin-3.1.8.tar.gz,1,WHICH
Mail::SpamAssassin::Conf::Parser,undef,/Library/Perl/5.8.8/Mail/SpamAssassin/Con f/Parser.pm,undef,F/FE/FELICITY/Mail-SpamAssassin-3.1.8.tar.gz,1,WHICH
Mail::SpamAssassin::Conf::SQL,undef,/Library/Perl/5.8.8/Mail/SpamAssassin/Conf/S QL.pm,undef,F/FE/FELICITY/Mail-SpamAssassin-3.1.8.tar.gz,1,WHICH
Mail::SpamAssassin::Constants,undef,/Library/Perl/5.8.8/Mail/SpamAssassin/Consta nts.pm,undef,F/FE/FELICITY/Mail-SpamAssassin-3.1.8.tar.gz,1,WHICH
Mail::SpamAssassin::DBBasedAddrList,undef,/Library/Perl/5.8.8/Mail/SpamAssassin/ DBBasedAddrList.pm,undef,J/JM/JMASON/Mail-SpamAssassin-3.2.5.tar.gz,1,WHICH
Mail::SpamAssassin::Dns,bogus,/Library/Perl/5.8.8/Mail/SpamAssassin/Dns.pm,bogus ,J/JM/JMASON/Mail-SpamAssassin-3.2.5.tar.gz,1,WHICH
Mail::SpamAssassin::DnsResolver,undef,/Library/Perl/5.8.8/Mail/SpamAssassin/DnsR esolver.pm,undef,J/JM/JMASON/Mail-SpamAssassin-3.2.5.tar.gz,1,WHICH
Mail::SpamAssassin::HTML,undef,/Library/Perl/5.8.8/Mail/SpamAssassin/HTML.pm,und ef,M/MS/MSERGEANT/Mail-SpamAssassin-2.43.tar.gz,1,WHICH
Mail::SpamAssassin::Locales,undef,/Library/Perl/5.8.8/Mail/SpamAssassin/Locales. pm,undef,J/JM/JMASON/Mail-SpamAssassin-3.2.5.tar.gz,1,WHICH
Mail::SpamAssassin::Locker,undef,/Library/Perl/5.8.8/Mail/SpamAssassin/Locker.pm ,undef,J/JM/JMASON/Mail-SpamAssassin-3.2.5.tar.gz,1,WHICH
Mail::SpamAssassin::Locker::Flock,undef,/Library/Perl/5.8.8/Mail/SpamAssassin/Lo cker/Flock.pm,undef,F/FE/FELICITY/Mail-SpamAssassin-3.1.8.tar.gz,1,WHICH
Mail::SpamAssassin::Locker::UnixNFSSafe,undef,/Library/Perl/5.8.8/Mail/SpamAssas sin/Locker/UnixNFSSafe.pm,undef,F/FE/FELICITY/Mail-SpamAssassin-3.1.8.tar.gz,1,W HICH
Mail::SpamAssassin::Locker::Win32,undef,/Library/Perl/5.8.8/Mail/SpamAssassin/Lo cker/Win32.pm,undef,F/FE/FELICITY/Mail-SpamAssassin-3.1.8.tar.gz,1,WHICH
Mail::SpamAssassin::Logger,undef,/Library/Perl/5.8.8/Mail/SpamAssassin/Logger.pm ,undef,J/JM/JMASON/Mail-SpamAssassin-3.2.5.tar.gz,1,WHICH
Mail::SpamAssassin::Logger::File,undef,/Library/Perl/5.8.8/Mail/SpamAssassin/Log ger/File.pm,undef,J/JM/JMASON/Mail-SpamAssassin-3.2.5.tar.gz,1,WHICH
Mail::SpamAssassin::Logger::Stderr,undef,/Library/Perl/5.8.8/Mail/SpamAssassin/L ogger/Stderr.pm,undef,J/JM/JMASON/Mail-SpamAssassin-3.2.5.tar.gz,1,WHICH
Mail::SpamAssassin::Logger::Syslog,undef,/Library/Perl/5.8.8/Mail/SpamAssassin/L ogger/Syslog.pm,undef,J/JM/JMASON/Mail-SpamAssassin-3.2.5.tar.gz,1,WHICH
Mail::SpamAssassin::MailingList,undef,/Library/Perl/5.8.8/Mail/SpamAssassin/Mail ingList.pm,undef,M/MS/MSERGEANT/Mail-SpamAssassin-2.43.tar.gz,1,WHICH
Mail::SpamAssassin::Message,undef,/Library/Perl/5.8.8/Mail/SpamAssassin/Message. pm,undef,J/JM/JMASON/Mail-SpamAssassin-3.2.5.tar.gz,1,WHICH
Mail::SpamAssassin::Message::Metadata,undef,/Library/Perl/5.8.8/Mail/SpamAssassi n/Message/Metadata.pm,undef,F/FE/FELICITY/Mail-SpamAssassin-3.1.8.tar.gz,1,WHICH
Mail::SpamAssassin::Message::Metadata::Received,undef,/Library/Perl/5.8.8/Mail/S pamAssassin/Message/Metadata/Received.pm,undef,F/FE/FELICITY/Mail-SpamAssassin-3 .1.8.tar.gz,1,WHICH
Mail::SpamAssassin::Message::Node,undef,/Library/Perl/5.8.8/Mail/SpamAssassin/Me ssage/Node.pm,undef,F/FE/FELICITY/Mail-SpamAssassin-3.1.8.tar.gz,1,WHICH
Mail::SpamAssassin::NetSet,undef,/Library/Perl/5.8.8/Mail/SpamAssassin/NetSet.pm ,undef,J/JM/JMASON/Mail-SpamAssassin-3.2.5.tar.gz,1,WHICH
Mail::SpamAssassin::PerMsgLearner,undef,/Library/Perl/5.8.8/Mail/SpamAssassin/Pe rMsgLearner.pm,undef,J/JM/JMASON/Mail-SpamAssassin-3.2.5.tar.gz,1,WHICH
Mail::SpamAssassin::PerMsgStatus,undef,/Library/Perl/5.8.8/Mail/SpamAssassin/Per MsgStatus.pm,undef,J/JM/JMASON/Mail-SpamAssassin-3.2.5.tar.gz,1,WHICH
Mail::SpamAssassin::PersistentAddrList,undef,/Library/Perl/5.8.8/Mail/SpamAssass in/PersistentAddrList.pm,undef,J/JM/JMASON/Mail-SpamAssassin-3.2.5.tar.gz,1,WHIC H
Mail::SpamAssassin::Plugin,bogus,/Library/Perl/5.8.8/Mail/SpamAssassin/Plugin.pm ,bogus,F/FE/FELICITY/Mail-SpamAssassin-3.1.8.tar.gz,1,WHICH
Mail::SpamAssassin::Plugin::ASN,undef,/Library/Perl/5.8.8/Mail/SpamAssassin/Plug in/ASN.pm,undef,J/JM/JMASON/Mail-SpamAssassin-3.2.5.tar.gz,1,WHICH
Mail::SpamAssassin::Plugin::AWL,undef,/Library/Perl/5.8.8/Mail/SpamAssassin/Plug in/AWL.pm,undef,J/JM/JMASON/Mail-SpamAssassin-3.2.5.tar.gz,1,WHICH
Mail::SpamAssassin::Plugin::AccessDB,undef,/Library/Perl/5.8.8/Mail/SpamAssassin /Plugin/AccessDB.pm,undef,J/JM/JMASON/Mail-SpamAssassin-3.2.5.tar.gz,1,WHICH
Mail::SpamAssassin::Plugin::AntiVirus,undef,/Library/Perl/5.8.8/Mail/SpamAssassi n/Plugin/AntiVirus.pm,undef,J/JM/JMASON/Mail-SpamAssassin-3.2.5.tar.gz,1,WHICH
Mail::SpamAssassin::Plugin::AutoLearnThreshold,undef,/Library/Perl/5.8.8/Mail/Sp amAssassin/Plugin/AutoLearnThreshold.pm,undef,J/JM/JMASON/Mail-SpamAssassin-3.2. 5.tar.gz,1,WHICH
Mail::SpamAssassin::Plugin::Bayes,undef,/Library/Perl/5.8.8/Mail/SpamAssassin/Pl ugin/Bayes.pm,undef,J/JM/JMASON/Mail-SpamAssassin-3.2.5.tar.gz,1,WHICH
Mail::SpamAssassin::Plugin::BodyEval,undef,/Library/Perl/5.8.8/Mail/SpamAssassin /Plugin/BodyEval.pm,undef,J/JM/JMASON/Mail-SpamAssassin-3.2.5.tar.gz,1,WHICH
Mail::SpamAssassin::Plugin::BodyRuleBaseExtractor,undef,/Library/Perl/5.8.8/Mail /SpamAssassin/Plugin/BodyRuleBaseExtractor.pm,undef,J/JM/JMASON/Mail-SpamAssassi n-3.2.5.tar.gz,1,WHICH
Mail::SpamAssassin::Plugin::Check,undef,/Library/Perl/5.8.8/Mail/SpamAssassin/Pl ugin/Check.pm,undef,J/JM/JMASON/Mail-SpamAssassin-3.2.5.tar.gz,1,WHICH
Mail::SpamAssassin::Plugin::DCC,undef,/Library/Perl/5.8.8/Mail/SpamAssassin/Plug in/DCC.pm,undef,J/JM/JMASON/Mail-SpamAssassin-3.2.5.tar.gz,1,WHICH
Mail::SpamAssassin::Plugin::DKIM,undef,/Library/Perl/5.8.8/Mail/SpamAssassin/Plu gin/DKIM.pm,undef,F/FE/FELICITY/Mail-SpamAssassin-3.1.8.tar.gz,1,WHICH
Mail::SpamAssassin::Plugin::DNSEval,undef,/Library/Perl/5.8.8/Mail/SpamAssassin/ Plugin/DNSEval.pm,undef,J/JM/JMASON/Mail-SpamAssassin-3.2.5.tar.gz,1,WHICH
Mail::SpamAssassin::Plugin::DomainKeys,undef,/Library/Perl/5.8.8/Mail/SpamAssass in/Plugin/DomainKeys.pm,undef,J/JM/JMASON/Mail-SpamAssassin-3.2.5.tar.gz,1,WHICH
Mail::SpamAssassin::Plugin::HTMLEval,undef,/Library/Perl/5.8.8/Mail/SpamAssassin /Plugin/HTMLEval.pm,undef,J/JM/JMASON/Mail-SpamAssassin-3.2.5.tar.gz,1,WHICH
Mail::SpamAssassin::Plugin::HTTPSMismatch,undef,/Library/Perl/5.8.8/Mail/SpamAss assin/Plugin/HTTPSMismatch.pm,undef,J/JM/JMASON/Mail-SpamAssassin-3.2.5.tar.gz,1 ,WHICH
Mail::SpamAssassin::Plugin::Hashcash,undef,/Library/Perl/5.8.8/Mail/SpamAssassin /Plugin/Hashcash.pm,undef,F/FE/FELICITY/Mail-SpamAssassin-3.1.8.tar.gz,1,WHICH
Mail::SpamAssassin::Plugin::HeaderEval,undef,/Library/Perl/5.8.8/Mail/SpamAssass in/Plugin/HeaderEval.pm,undef,J/JM/JMASON/Mail-SpamAssassin-3.2.5.tar.gz,1,WHICH
Mail::SpamAssassin::Plugin::ImageInfo,undef,/Library/Perl/5.8.8/Mail/SpamAssassi n/Plugin/ImageInfo.pm,undef,J/JM/JMASON/Mail-SpamAssassin-3.2.5.tar.gz,1,WHICH
Mail::SpamAssassin::Plugin::MIMEEval,undef,/Library/Perl/5.8.8/Mail/SpamAssassin /Plugin/MIMEEval.pm,undef,J/JM/JMASON/Mail-SpamAssassin-3.2.5.tar.gz,1,WHICH
Mail::SpamAssassin::Plugin::MIMEHeader,undef,/Library/Perl/5.8.8/Mail/SpamAssass in/Plugin/MIMEHeader.pm,undef,J/JM/JMASON/Mail-SpamAssassin-3.2.5.tar.gz,1,WHICH
Mail::SpamAssassin::Plugin::OneLineBodyRuleType,undef,/Library/Perl/5.8.8/Mail/S pamAssassin/Plugin/OneLineBodyRuleType.pm,undef,J/JM/JMASON/Mail-SpamAssassin-3. 2.5.tar.gz,1,WHICH
Mail::SpamAssassin::Plugin::Pyzor,undef,/Library/Perl/5.8.8/Mail/SpamAssassin/Pl ugin/Pyzor.pm,undef,J/JM/JMASON/Mail-SpamAssassin-3.2.5.tar.gz,1,WHICH
Mail::SpamAssassin::Plugin::Razor2,undef,/Library/Perl/5.8.8/Mail/SpamAssassin/P lugin/Razor2.pm,undef,J/JM/JMASON/Mail-SpamAssassin-3.2.5.tar.gz,1,WHICH
Mail::SpamAssassin::Plugin::RelayCountry,undef,/Library/Perl/5.8.8/Mail/SpamAssa ssin/Plugin/RelayCountry.pm,undef,F/FE/FELICITY/Mail-SpamAssassin-3.1.8.tar.gz,1 ,WHICH
Mail::SpamAssassin::Plugin::RelayEval,undef,/Library/Perl/5.8.8/Mail/SpamAssassi n/Plugin/RelayEval.pm,undef,J/JM/JMASON/Mail-SpamAssassin-3.2.5.tar.gz,1,WHICH
Mail::SpamAssassin::Plugin::ReplaceTags,undef,/Library/Perl/5.8.8/Mail/SpamAssas sin/Plugin/ReplaceTags.pm,undef,J/JM/JMASON/Mail-SpamAssassin-3.2.5.tar.gz,1,WHI CH
Mail::SpamAssassin::Plugin::Rule2XSBody,undef,/Library/Perl/5.8.8/Mail/SpamAssas sin/Plugin/Rule2XSBody.pm,undef,J/JM/JMASON/Mail-SpamAssassin-3.2.5.tar.gz,1,WHI CH
Mail::SpamAssassin::Plugin::SPF,undef,/Library/Perl/5.8.8/Mail/SpamAssassin/Plug in/SPF.pm,undef,F/FE/FELICITY/Mail-SpamAssassin-3.1.8.tar.gz,1,WHICH
Mail::SpamAssassin::Plugin::Shortcircuit,undef,/Library/Perl/5.8.8/Mail/SpamAssa ssin/Plugin/Shortcircuit.pm,undef,J/JM/JMASON/Mail-SpamAssassin-3.2.5.tar.gz,1,W HICH
Mail::SpamAssassin::Plugin::SpamCop,undef,/Library/Perl/5.8.8/Mail/SpamAssassin/ Plugin/SpamCop.pm,undef,J/JM/JMASON/Mail-SpamAssassin-3.2.5.tar.gz,1,WHICH
Mail::SpamAssassin::Plugin::Test,undef,/Library/Perl/5.8.8/Mail/SpamAssassin/Plu gin/Test.pm,undef,F/FE/FELICITY/Mail-SpamAssassin-3.1.8.tar.gz,1,WHICH
Mail::SpamAssassin::Plugin::TextCat,undef,/Library/Perl/5.8.8/Mail/SpamAssassin/ Plugin/TextCat.pm,undef,J/JM/JMASON/Mail-SpamAssassin-3.2.5.tar.gz,1,WHICH
Mail::SpamAssassin::Plugin::URIDNSBL,undef,/Library/Perl/5.8.8/Mail/SpamAssassin /Plugin/URIDNSBL.pm,undef,F/FE/FELICITY/Mail-SpamAssassin-3.1.8.tar.gz,1,WHICH
Mail::SpamAssassin::Plugin::URIDetail,undef,/Library/Perl/5.8.8/Mail/SpamAssassi n/Plugin/URIDetail.pm,undef,J/JM/JMASON/Mail-SpamAssassin-3.2.5.tar.gz,1,WHICH
Mail::SpamAssassin::Plugin::URIEval,undef,/Library/Perl/5.8.8/Mail/SpamAssassin/ Plugin/URIEval.pm,undef,J/JM/JMASON/Mail-SpamAssassin-3.2.5.tar.gz,1,WHICH
Mail::SpamAssassin::Plugin::VBounce,undef,/Library/Perl/5.8.8/Mail/SpamAssassin/ Plugin/VBounce.pm,undef,J/JM/JMASON/Mail-SpamAssassin-3.2.5.tar.gz,1,WHICH
Mail::SpamAssassin::Plugin::WLBLEval,undef,/Library/Perl/5.8.8/Mail/SpamAssassin /Plugin/WLBLEval.pm,undef,J/JM/JMASON/Mail-SpamAssassin-3.2.5.tar.gz,1,WHICH
Mail::SpamAssassin::Plugin::WhiteListSubject,undef,/Library/Perl/5.8.8/Mail/Spam Assassin/Plugin/WhiteListSubject.pm,undef,J/JM/JMASON/Mail-SpamAssassin-3.2.5.ta r.gz,1,WHICH
Mail::SpamAssassin::PluginHandler,bogus,/Library/Perl/5.8.8/Mail/SpamAssassin/Pl uginHandler.pm,bogus,F/FE/FELICITY/Mail-SpamAssassin-3.1.8.tar.gz,1,WHICH
Mail::SpamAssassin::Reporter,bogus,/Library/Perl/5.8.8/Mail/SpamAssassin/Reporte r.pm,bogus,J/JM/JMASON/Mail-SpamAssassin-3.2.5.tar.gz,1,WHICH
Mail::SpamAssassin::SQLBasedAddrList,undef,/Library/Perl/5.8.8/Mail/SpamAssassin /SQLBasedAddrList.pm,undef,F/FE/FELICITY/Mail-SpamAssassin-3.1.8.tar.gz,1,WHICH
Mail::SpamAssassin::SpamdForkScaling,undef,/Library/Perl/5.8.8/Mail/SpamAssassin /SpamdForkScaling.pm,undef,J/JM/JMASON/Mail-SpamAssassin-3.2.5.tar.gz,1,WHICH
Mail::SpamAssassin::SubProcBackChannel,undef,/Library/Perl/5.8.8/Mail/SpamAssass in/SubProcBackChannel.pm,undef,J/JM/JMASON/Mail-SpamAssassin-3.2.5.tar.gz,1,WHIC H
Mail::SpamAssassin::Timeout,undef,/Library/Perl/5.8.8/Mail/SpamAssassin/Timeout. pm,undef,F/FE/FELICITY/Mail-SpamAssassin-3.1.8.tar.gz,1,WHICH
Mail::SpamAssassin::Util,undef,/Library/Perl/5.8.8/Mail/SpamAssassin/Util.pm,und ef,J/JM/JMASON/Mail-SpamAssassin-3.2.5.tar.gz,1,WHICH
Mail::SpamAssassin::Util::DependencyInfo,undef,/Library/Perl/5.8.8/Mail/SpamAssa ssin/Util/DependencyInfo.pm,undef,J/JM/JMASON/Mail-SpamAssassin-3.2.5.tar.gz,1,W HICH
Mail::SpamAssassin::Util::Progress,undef,/Library/Perl/5.8.8/Mail/SpamAssassin/U til/Progress.pm,undef,J/JM/JMASON/Mail-SpamAssassin-3.2.5.tar.gz,1,WHICH
Mail::SpamAssassin::Util::RegistrarBoundaries,undef,/Library/Perl/5.8.8/Mail/Spa mAssassin/Util/RegistrarBoundaries.pm,undef,F/FE/FELICITY/Mail-SpamAssassin-3.1. 8.tar.gz,1,WHICH
Mail::SpamAssassin::Util::TieOneStringHash,undef,/Library/Perl/5.8.8/Mail/SpamAs sassin/Util/TieOneStringHash.pm,undef,J/JM/JMASON/Mail-SpamAssassin-3.2.5.tar.gz ,1,WHICH

[spamassassin] failure on writing his own files

Hello,
i set up a mail server using arch, postfix, dovecot, mysql, spamassassin.
almost everything is working fine, but i got an error about spamassassin not able to create/read some files, an bayes eval failure.
here is the log :
2012-11-22T11:34:55.100773+00:00 localhost postfix/postscreen[20895]: CONNECT from [209.85.214.46]:62210 to [92.243.17.51]:25
2012-11-22T11:34:55.100996+00:00 localhost postfix/postscreen[20895]: PASS OLD [209.85.214.46]:62210
2012-11-22T11:34:55.117560+00:00 localhost postfix/smtpd[20896]: connect from mail-bk0-f46.google.com[209.85.214.46]
2012-11-22T11:34:55.506511+00:00 localhost postfix/smtpd[20896]: 7B9E3255C2: client=mail-bk0-f46.google.com[209.85.214.46]
2012-11-22T11:34:55.749004+00:00 localhost postfix/cleanup[20902]: 7B9E3255C2: message-id=<[email protected]m>
2012-11-22T11:34:55.773781+00:00 localhost postfix/qmgr[17253]: 7B9E3255C2: from=<[email protected]>, size=1506, nrcpt=1 (queue active)
2012-11-22T11:34:55.788150+00:00 localhost spamd[16751]: spamd: connection from localhost [127.0.0.1] at port 46217
2012-11-22T11:34:55.788961+00:00 localhost spamd[16751]: spamd: setuid to nobody succeeded
2012-11-22T11:34:55.789217+00:00 localhost spamd[16751]: spamd: creating default_prefs: //.spamassassin/user_prefs
2012-11-22T11:34:55.790047+00:00 localhost spamd[16751]: config: cannot create user preferences file //.spamassassin/user_prefs: No such file or directory
2012-11-22T11:34:55.790284+00:00 localhost spamd[16751]: spamd: failed to create readable default_prefs: //.spamassassin/user_prefs
2012-11-22T11:34:55.792041+00:00 localhost spamd[16751]: spamd: processing message <[email protected]m> for nobody:99
2012-11-22T11:34:58.650172+00:00 localhost spamd[16751]: plugin: eval failed: bayes: (in learn) locker: safe_lock: cannot create lockfile /.spamassassin/bayes.mutex: No such file or directory
2012-11-22T11:34:58.652776+00:00 localhost spamd[16751]: spamd: clean message (-0.8/5.0) for nobody:99 in 2.9 seconds, 1477 bytes.
2012-11-22T11:34:58.653071+00:00 localhost spamd[16751]: spamd: result: . 0 - DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,RCVD_IN_DNSWL_LOW scantime=2.9,size=1477,user=nobody,uid=99,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=46217,mid=<[email protected]m>,autolearn=unavailable
2012-11-22T11:34:58.694529+00:00 localhost postfix/pickup[18387]: A94E7255C4: uid=99 from=<[email protected]>
2012-11-22T11:34:58.696117+00:00 localhost postfix/pipe[20903]: 7B9E3255C2: to=<[email protected]>, relay=spamassassin, delay=3.3, delays=0.41/0.01/0/2.9, dsn=2.0.0, status=sent (delivered via spamassassin service)
2012-11-22T11:34:58.698830+00:00 localhost postfix/qmgr[17253]: 7B9E3255C2: removed
2012-11-22T11:34:58.699185+00:00 localhost postfix/cleanup[20902]: A94E7255C4: message-id=<[email protected]m>
2012-11-22T11:34:58.701168+00:00 localhost spamd[16750]: prefork: child states: II
2012-11-22T11:34:58.723994+00:00 localhost postfix/qmgr[17253]: A94E7255C4: from=<[email protected]>, size=1863, nrcpt=1 (queue active)
2012-11-22T11:34:58.760261+00:00 localhost dovecot: auth-worker(20909): mysql(localhost): Connected to database postfix_db
2012-11-22T11:34:58.793178+00:00 localhost dovecot: lda([email protected]): sieve: msgid=<[email protected]m>: stored mail into mailbox 'Latex.gut'
2012-11-22T11:34:58.794782+00:00 localhost postfix/pipe[20907]: A94E7255C4: to=<[email protected]>, relay=dovecot, delay=0.13, delays=0.06/0.01/0/0.06, dsn=2.0.0, status=sent (delivered via dovecot service)
2012-11-22T11:34:58.795047+00:00 localhost postfix/qmgr[17253]: A94E7255C4: removed
2012-11-22T11:35:26.227313+00:00 localhost postfix/smtpd[20896]: disconnect from mail-bk0-f46.google.com[209.85.214.46]
i suspect this :
2012-11-22T11:34:55.788961+00:00 localhost spamd[16751]: spamd: setuid to nobody succeeded
to be part of the problem, but i'm not sure, and maybe some guru here can help me ?
here is postconf -n :
alias_database = $alias_maps
alias_maps = hash:/etc/postfix/aliases
body_checks = regexp:/etc/postfix/body_checks.cf
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/lib/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
dovecot_destination_recipient_limit = 1
header_checks = regexp:/etc/postfix/header_checks.cf
html_directory = no
inet_protocols = ipv4
local_recipient_maps = $virtual_mailbox_maps
local_transport = virtual
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
mime_header_checks = regexp:/etc/postfix/mime_headers_checks.cf
newaliases_path = /usr/bin/newaliases
postscreen_dnsbl_action = enforce
postscreen_dnsbl_sites = zen.spamhaus.org*2 bl.spamcop.net*2 b.barracudacentral.org*1 bl.mailspike.net*1
postscreen_dnsbl_threshold = 2
postscreen_greet_action = enforce
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix
relay_domains = *
sample_directory = /etc/postfix/sample
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpd_recipient_restrictions = reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_non_fqdn_sender, reject_unknown_recipient_domain, reject_invalid_helo_hostname, reject_unlisted_recipient, reject_unlisted_sender, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, reject_unauth_destination, permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $mydomain
smtpd_sasl_path = /var/run/dovecot/auth-client
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
smtpd_sasl_type = dovecot
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/ssl/private/server.crt
smtpd_tls_key_file = /etc/ssl/private/server.key
smtpd_tls_loglevel = 1
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550
virtual_alias_maps = proxy:mysql:/etc/postfix/virtual_alias_maps.cf
virtual_gid_maps = static:5000
virtual_mailbox_base = /srv/vmail
virtual_mailbox_domains = proxy:mysql:/etc/postfix/virtual_domains_maps.cf
virtual_mailbox_limit = 512000000
virtual_mailbox_maps = proxy:mysql:/etc/postfix/virtual_mailbox_maps.cf
virtual_minimum_uid = 5000
virtual_transport = dovecot:
virtual_uid_maps = static:5000
master.cf :
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
# Do not forget to execute "postfix reload" after editing this file.
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
#smtp inet n - n - - smtpd
smtp inet n - n - 1 postscreen
smtpd pass - - n - - smtpd -o content_filter=spamassassin
dnsblog unix - - n - 0 dnsblog
tlsproxy unix - - n - 0 tlsproxy
submission inet n - n - - smtpd
#smtp inet n - n - - smtpd -o content_filter=spamassassin
# -o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#smtps inet n - n - - smtpd
# -o syslog_name=postfix/smtps
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - n - - qmqpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 oqmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#maildrop unix - n n - - pipe
# flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
# ====================================================================
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
# Specify in cyrus.conf:
# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
# Specify in main.cf one or more of the following:
# mailbox_transport = lmtp:inet:localhost
# virtual_transport = lmtp:inet:localhost
# ====================================================================
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#cyrus unix - n n - - pipe
# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
# ====================================================================
# Old example of delivery via Cyrus.
#old-cyrus unix - n n - - pipe
# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
# ====================================================================
# See the Postfix UUCP_README file for configuration details.
#uucp unix - n n - - pipe
# flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
# ====================================================================
# Other external delivery methods.
#ifmail unix - n n - - pipe
# flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
#bsmtp unix - n n - - pipe
# flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
#scalemail-backend unix - n n - 2 pipe
# flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
# ${nexthop} ${user} ${extension}
#mailman unix - n n - - pipe
# flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
# ${nexthop} ${user}
spamassassin unix - n n - - pipe user=nobody argv=/usr/bin/vendor_perl/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}
#using LDA with dovecot
dovecot unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/dovecot-lda -f ${sender} -d ${recipient}

i'm probably a bit stupid...
mkdir & chown spamd: did the job...

SpamAssassin not filtering junk

I have configured SpamAssassin according to the rules (best I can tell) and I can get it to learn from the junkmail and notjunkmail accounts but it does not seem to do any filtering. I have tried several different settings to no avail. I have tried both with and without "en" in the accepted languages and locales (currently both are empty. I have tried "Delivered" with "* JUNK MAIL *" attached to the subject and by redirecting it to a specially created account. I believe the virus scanning is working because I am getting the notifications.
This one box, running 10.4.7 server, has several legacy domains attched and answers to and receives mail for these domains. This one box with all its domains is behind a DSL modem that fowards all ports. I know I had trouble configuring the zones using the Apple software and had to do them manually to get them all to work. It is an address at one of the legacy domains that gets the bulk of the SPAM. I have copied the SOA records for the main DOMAIN and LEGACY-DOMAIN below.
$TTL 86400
DOMAIN.com. SOA g4.DOMAIN.com. paul.DOMAIN.com. (
2005050701 ; serial
3h ; refresh
1h ; retry
1w ; expiry
1h ) ; minimum
DOMAIN.com. IN NS 192.168.1.254
DOMAIN.com. IN M X 10 mail
DOMAIN.com. IN A 192.168.1.254
ls IN A 192.168.1.1
g5 IN A 192.168.1.2
x31 IN A 192.168.1.21
dsl IN A 192.168.1.32
g4 IN A 192.168.1.254
ns IN CNAME g4
www IN CNAME g4
lists IN CNAME g4
ftp IN CNAME g4
mail IN CNAME g4
$TTL 86400
LEGACY-DOMAIN.org. SOA g4.DOMAIN.com. paul.DOMAIN.com. (
2005070201 ; serial
3h ; refresh
1h ; retry
1w ; expiry
1h ) ; minimum
LEGACY-DOMAIN.org. IN NS g4.DOMAIN.com
DOMAIN.com. IN MX 10 mail
LEGACY-DOMAIN.org. IN A 192.168.1.254
g4 IN A 192.168.1.254
mail IN CNAME g4
ns IN CNAME g4
pop IN CNAME g4
www IN CNAME LEGACY-DOMAIN.org.
ftp IN CNAME g4
Any help would be greatly appreciated.

I don't know what "rules" you followed, so you may have done the things I suggest below.
First -- and this is from pterobyte's post http://discussions.apple.com/thread.jspa?messageID=1283449 -- you need to get SpamAssassin to check for spam in all of your domains:
In a text editor (not Word) open /etc/amavisd.conf
Search for the section that reads:
@localdomainsacl = ( ".$mydomain" );
below it add this line:
@localdomainsmaps = ( 1 );
Save.
Stop and Start Mail Services
Before you start with the instructions below, you can set the following in Server Admin. Check "Scan email for junk mail"; set the "Minimum junk mail score" to something conservative like "6"; don't worry about "Accepted languages" (it will become obsolete the moment you update SpamAssassin as described in the wiki below; "locals" can be set to "en" if you don't get mail from foreign countries; set "Junk mail messages should be:" to "Delivered"; check "Attach subject tag:". It sounds like the rest of your setup is working. Save this configuration, and then then leave Server Admin behind. You can't use it to do the rest of the steps you need to take.
For a quick, concise guide to getting SpamAssassin up and running properly, visit http://wiki.apache.org/spamassassin/SpamAssassinon_Mac_OS_XServer and review the directions (by Miles Muri) you find there.
There are a lot of instructions at this link, but the most important things you can do are:
(1) Properly link the amavisd and clamav .spamassassin bayes DBs (see "Bayesean Filtering" on the wiki link above). The instructions are easy and it makes all the difference.
(2) Install spamtrainer (http://osx.topicdesk.com/downloads/). This is a brilliant little script that will make life easier for you when you start training the spamassassin filter. Then, begin training spamassassin as described in the wiki link above.
(3) Set your tag2 and kill levels in your amavisd.conf (located at /etc/amavisd.conf) file to something reasonable. The default levels are too high. You can start with something conservative like:
$satag_leveldeflt = -999; # add spam info headers if at, or above that level
$satag2_leveldeflt = 6.0; # add 'spam detected' headers at that level
$sakill_leveldeflt = 10.0;

Command line mail not working since Server 2.2

Since Mountain Lion, everytime Server.app updates it borks my previous mail settings/hacks/workarounds to the issues with the last version. I just want sendmail, mail, postfix, etc to work and stay working. I even have my own list of stuff to reapply with each Server.app update, but sadly even that has stopped working.
Just basic mail won't even work:
$ mail adam
Subject: test
This is a test mail
⌃D
$ mail
No mail for adam
Here are my current settings.
$ sudo serveradmin fullstatus mail
mail:setStateVersion = 1
mail:readWriteSettingsVersion = 1
mail:connectionCount = 0
mail:servicePortsRestrictionInfo = _empty_array
mail:protocolsArray:_array_index:0:status = "ON"
mail:protocolsArray:_array_index:0:kind = "INCOMING"
mail:protocolsArray:_array_index:0:protocol = "IMAP"
mail:protocolsArray:_array_index:0:state = "STOPPED"
mail:protocolsArray:_array_index:0:error = ""
mail:protocolsArray:_array_index:1:status = "ON"
mail:protocolsArray:_array_index:1:kind = "INCOMING"
mail:protocolsArray:_array_index:1:protocol = "POP3"
mail:protocolsArray:_array_index:1:state = "STOPPED"
mail:protocolsArray:_array_index:1:error = ""
mail:protocolsArray:_array_index:2:status = "ON"
mail:protocolsArray:_array_index:2:kind = "INCOMING"
mail:protocolsArray:_array_index:2:protocol = "SMTP"
mail:protocolsArray:_array_index:2:state = "RUNNING"
mail:protocolsArray:_array_index:2:error = ""
mail:protocolsArray:_array_index:3:status = "ON"
mail:protocolsArray:_array_index:3:kind = "OUTGOING"
mail:protocolsArray:_array_index:3:protocol = "SMTP"
mail:protocolsArray:_array_index:3:state = "RUNNING"
mail:protocolsArray:_array_index:3:error = ""
mail:protocolsArray:_array_index:4:status = "ON"
mail:protocolsArray:_array_index:4:kind = "INCOMING"
mail:protocolsArray:_array_index:4:protocol = "Junk_mail_filter"
mail:protocolsArray:_array_index:4:state = "RUNNING"
mail:protocolsArray:_array_index:4:error = ""
mail:protocolsArray:_array_index:5:status = "ON"
mail:protocolsArray:_array_index:5:kind = "INCOMING"
mail:protocolsArray:_array_index:5:protocol = "Virus_scanner"
mail:protocolsArray:_array_index:5:state = "RUNNING"
mail:protocolsArray:_array_index:5:error = ""
mail:startedTime = "2013-02-05 16:26:45 +0000"
mail:logPaths:IMAP Log = "/Library/Logs/Mail/mailaccess.log"
mail:logPaths:Server Log = "/Library/Logs/Mail/mailaccess.log"
mail:logPaths:POP Log = "/Library/Logs/Mail/mailaccess.log"
mail:logPaths:SMTP Log = "/var/log/mail.log"
mail:logPaths:Migration Log = "/Library/Logs/MailMigration.log"
mail:logPaths:Virus Log = "/Library/Logs/Mail/clamav.log"
mail:logPaths:Amavisd Log = "/Library/Logs/Mail/amavis.log"
mail:logPaths:Virus DB Log = "/Library/Logs/Mail/freshclam.log"
mail:imapStartedTime = ""
mail:servicePortsAreRestricted = "NO"
mail:state = "RUNNING"
mail:postfixStartedTime = "2013-02-05 16:26:45 +0000"

Yes, the ProgramArguments key contains the exact array you posted.
And here is the output for
sudo serveradmin settings mail
mail:postfix:smtpd_pw_server_security_options:_array_index:0 = "cram-md5"
mail:postfix:smtpd_pw_server_security_options:_array_index:1 = "digest-md5"
mail:postfix:smtpd_pw_server_security_options:_array_index:2 = "login"
mail:postfix:smtpd_pw_server_security_options:_array_index:3 = "plain"
mail:postfix:spam_quarantine = "[email protected]"
mail:postfix:smtp_reject_list_enabled = no
mail:postfix:bayes_path = "/Library/Server/Mail/Data/scanner/amavis/.spamassassin/bayes"
mail:postfix:smtp_sasl_auth_enable = yes
mail:postfix:whitelist_from = _empty_array
mail:postfix:submit_cred:XXXXXXX.local:username = "submit"
mail:postfix:submit_cred:XXXXXXX.local:password = "XXXXXXXXXXXXXXXXXXXXXXX"
mail:postfix:smtp_auth_relay_dict:smtp_auth_relay_userid = "[email protected]"
mail:postfix:smtp_auth_relay_dict:smtp_auth_relay_pwd = "XXXXXXXXXXXXXX"
mail:postfix:smtp_auth_relay_dict:smtp_auth_relay_host = "smtp://smtp.gmail.com:587"
mail:postfix:client_permit_mynetworks = yes
mail:postfix:smtpd_tls_cert_file = "/etc/certificates/XXXXXXX.local.XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.cert.pem"
mail:postfix:maps_rbl_domains_enabled = no
mail:postfix:spam_subject_tag = "***JUNK MAIL*** "
mail:postfix:smtpd_tls_CAfile = "/etc/certificates/XXXXXXX.local.XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.chain.pem"
mail:postfix:message_size_limit_enabled = yes
mail:postfix:virus_db_last_update = "2013-02-06 13:52:18 +0000"
mail:postfix:mail_enabled_groups = _empty_array
mail:postfix:add_whitelist_domain = _empty_array
mail:postfix:virus_scan_enabled = yes
mail:postfix:spam_ok_locales = "en"
mail:postfix:spam_notify_admin_email = "[email protected]"
mail:postfix:black_hole_domains:_array_index:0 = "zen.spamhaus.org"
mail:postfix:virus_db_log_level = "notice"
mail:postfix:spam_scan_enabled = yes
mail:postfix:virus_quarantine = "[email protected]"
mail:postfix:reject_unauth_piplining_enabled = no
mail:postfix:blacklist_from = _empty_array
mail:postfix:spam_rewrite_subject = yes
mail:postfix:message_size_limit = 10485760
mail:postfix:greylist_disable = no
mail:postfix:mynetworks:_array_index:0 = "127.0.0.0/8"
mail:postfix:virus_log_level = "notice"
mail:postfix:host_whitelist = _empty_array
mail:postfix:rbl_override_list = _empty_array
mail:postfix:group_expansion:start_interval = 10
mail:postfix:group_expansion:enable_group_expansion = no
mail:postfix:virus_notify_recipients = no
mail:postfix:luser_relay_enabled = no
mail:postfix:mydomain = "XXXXXXX.local"
mail:postfix:mydestination:_array_index:0 = "localhost"
mail:postfix:virus_notify_admin_email = "[email protected]"
mail:postfix:enable_virtual_domains = yes
mail:postfix:spam_notify_admin = no
mail:postfix:required_hits = 6
mail:postfix:add_whitelist_host = _empty_array
mail:postfix:always_bcc_enabled = no
mail:postfix:enable_var_mail = no
mail:postfix:junk_mail_userid = "junkmail"
mail:postfix:smtpd_tls_key_file = "/etc/certificates/XXXXXXX.local.XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.key.pem"
mail:postfix:enable_smtp = yes
mail:postfix:relayhost = "smtp://smtp.gmail.com:587"
mail:postfix:not_junk_mail_userid = "notjunkmail"
mail:postfix:mynetworks_enabled = yes
mail:postfix:spam_ok_languages = "en fr de ja sw ta"
mail:postfix:virtual_domains:_array_index:0 = "imap.gmail.com"
mail:postfix:rbl_override_enabled = no
mail:postfix:log_rolling_days = 1
mail:postfix:enable_smtp_in = yes
mail:postfix:tls_server_options = "use"
mail:postfix:spam_action = "deliver"
mail:postfix:log_rolling_days_enabled = yes
mail:postfix:spam_log_level = "warn"
mail:postfix:smtp_uce_controlls = 1
mail:postfix:relayhost_enabled = yes
mail:postfix:virus_action = "delete"
mail:postfix:virus_db_update_days = 12
mail:postfix:virus_notify_admin = no
mail:postfix:domain_whitelist = _empty_array
mail:postfix:enable_smtp_out = yes
mail:postfix:text_only_attachments = yes
mail:postfix:reject_unknown_client_enabled = no
mail:postfix:log_level = "warn"
mail:postfix:myhostname = "XXXXXXX.local"
mail:global:auto_auth = yes
mail:global:service_data_path = "/Library/Server/Mail"
mail:imap:imap_auth_cram_md5 = yes
mail:imap:srvtab = "/etc/srvtab"
mail:imap:imap_auth_clear = yes
mail:imap:loginuseacl = no
mail:imap:popexpiretime = 0
mail:imap:notifysocket = "/var/imap/socket/notify"
mail:imap:timeout = 30
mail:imap:max_imap_connections = 1000
mail:imap:sieve_maxscripts = 5
mail:imap:logtimestamps = no
mail:imap:quota_enforce_restrictions = no
mail:imap:tls_imap_key_file = ""
mail:imap:mupdate_authname = ""
mail:imap:newsprefix = ""
mail:imap:proxyservers = _empty_array
mail:imap:junk_mail_userid = ""
mail:imap:singleinstancestore = yes
mail:imap:mupdate_password = ""
mail:imap:imap_auth_digest_md5 = yes
mail:imap:tls_cert_file = "/etc/certificates/XXXXXXX.local.XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.cert.pem"
mail:imap:lmtp_admins = _empty_array
mail:imap:poptimeout = 10
mail:imap:postuser = ""
mail:imap:imap_auth_plain = yes
mail:imap:quota_custom_error = _empty_dictionary
mail:imap:tls_imap_cert_file = ""
mail:imap:aps_topic = "com.apple.mail.XServer.e8cc7328-2fe9-4b6f-aae5-b6f26f9287b3"
mail:imap:sieve_proxyservers = _empty_array
mail:imap:request_enable_webmail = no
mail:imap:lmtp_luser_relay_enabled = no
mail:imap:unixhierarchysep = no
mail:imap:urlauth_hostport = ""
mail:imap:imap_auth_gssapi = no
mail:imap:partition-default = "/Library/Server/Mail/Data/mail"
mail:imap:allowanonymouslogin = no
mail:imap:quota_custom_warning_message_path = ""
mail:imap:imapidlepoll = 60
mail:imap:quota_custom_error_message_path = ""
mail:imap:enable_pop = yes
mail:imap:tls_session_timeout = 1440
mail:imap:mupdate_server = ""
mail:imap:mupdate_realm = ""
mail:imap:auth_gssapi_hostname = ""
mail:imap:enable_sieve = yes
mail:imap:lmtpsocket = "/var/imap/socket/lmtp"
mail:imap:enable_quota_warnings = no
mail:imap:mupdate_port = ""
mail:imap:postmaster = "postmaster"
mail:imap:pop_auth_gssapi = no
mail:imap:pop_auth_apop = yes
mail:imap:deleteright = "c"
mail:imap:proxyd_allow_status_referral = no
mail:imap:sharedprefix = "Shared Folders"
mail:imap:sasl_auto_transition = no
mail:imap:tls_ca_file = "/etc/certificates/XXXXXXX.local.XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.chain.pem"
mail:imap:sasl_minimum_layer = 0
mail:imap:sievedir = ""
mail:imap:debug_command = ""
mail:imap:duplicatesuppression = yes
mail:imap:tls_lmtp_key_file = ""
mail:imap:servername = ""
mail:imap:quota_full_tempfail = yes
mail:imap:partitions = _empty_array
mail:imap:tls_imap_require_cert = no
mail:imap:sieve_admins = _empty_array
mail:imap:global_quota = 0
mail:imap:mupdate_retry_delay = 20
mail:imap:not_junk_mail_userid = ""
mail:imap:quota_custom_warning = _empty_dictionary
mail:imap:enable_imap = yes
mail:imap:popminpoll = 0
mail:imap:tls_pop3_key_file = ""
mail:imap:sendmail = "/usr/lib/sendmail"
mail:imap:tls_lmtp_cert_file = ""
mail:imap:tls_require_cert = no
mail:imap:notification_server_enabled = yes
mail:imap:tls_sieve_require_cert = no
mail:imap:defaultpartition = "default"
mail:imap:pop_auth_clear = yes
mail:imap:allowallsubscribe = no
mail:imap:sasl_pwcheck_method = "auxprop"
mail:imap:sieve_maxscriptsize = 32
mail:imap:tls_sieve_key_file = ""
mail:imap:tls_ca_path = ""
mail:imap:defaultacl = "anyone lrs"
mail:imap:reject8bit = no
mail:imap:tls_key_file = "/etc/certificates/XXXXXXX.local.XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.key.pem"
mail:imap:tls_pop3_require_cert = no
mail:imap:sasl_maximum_layer = 256
mail:imap:autocreatequota = 0
mail:imap:tls_sieve_cert_file = ""
mail:imap:userprefix = "Other Users"
mail:imap:mupdate_admins = _empty_array
mail:imap:postmaster_address = "[email protected]"
mail:imap:mupdate_username = ""
mail:imap:quota_warn_frequency_days = 0
mail:imap:tls_pop3_cert_file = ""
mail:imap:aps_topic_enabled = yes
mail:imap:quotawarn = 80
mail:imap:plaintextloginpause = 0
mail:imap:enforce_quotas = no
mail:imap:tls_server_options = "require"
mail:imap:allowplaintext = yes
mail:imap:loginrealms = _empty_array
mail:imap:lmtp_luser_relay = ""
mail:imap:imapidresponse = yes
mail:imap:tls_cipher_list:_array_index:0 = "DEFAULT"
mail:imap:imap_auth_login = yes
mail:imap:admins = _empty_array
mail:imap:altnamespace = no
mail:imap:sieveusehomedir = no
mail:imap:tls_lmtp_require_cert = no
mail:imap:log_level = "warn"
mail:imap:umask = "077"
mail:imap:hashimapspool = no
mail:imap:imap_proxyservers = _empty_array

Auto-whitelist

Greetings,
not sure how many people still run 10.4 mail systems. but what the heck
I have a mail server that has been running spammassassin for years. pumping SA learn and running spamtrainer.
recently i received OS and postfix error messages regarding insufficient storage space although i had 30gig of room on the drive.
During a clone operation i discovered a very large Auto-whitelist file in /var/clamav/.spamassassin
i don't remember setting Auto-Whitelist 1
mylocal.cf doesn't mention AutoWhitelist
and my amavisd.conf has it commented out .
#$saautowhitelist = 0; # turn on AWL (default: false)
# Bayesian Auto Learn
auto_learn 1
# Safe Reporting
safe_reporting 0
# Full/Terse Reporting
usetersereport 0
# Subject Tag
subject_tag * Warning: Junk Mail *
# Rewrite the Subject
rewrite_subject 0
# Use Bayesian Filtering
use_bayes 1
# OK locals
ok_locales en
# OK languages
ok_languages en fr de ja
# Required hits to be marked as spam
required_hits 5
I ran a test message through SA, i did not see anything referencing Auto-Whitelist.
here is debug ::: ::
}mx1:/var/clamav root# spamassassin -D < /private/var/root/Documents/Message1.rtf
debug: SpamAssassin version 3.0.1
debug: Score set 0 chosen.
debug: running in taint mode? yes
debug: Running in taint mode, removing unsafe env vars, and resetting PATH
debug: PATH included '/bin', keeping.
debug: PATH included '/sbin', keeping.
debug: PATH included '/usr/bin', keeping.
debug: PATH included '/usr/sbin', keeping.
debug: Final PATH set to: /bin:/sbin:/usr/bin:/usr/sbin
debug: using "/etc/mail/spamassassin/init.pre" for site rules init.pre
debug: config: read file /etc/mail/spamassassin/init.pre
debug: using "//usr/share/spamassassin" for default rules dir
debug: config: read file //usr/share/spamassassin/10_misc.cf
debug: config: read file //usr/share/spamassassin/20antiratware.cf
debug: config: read file //usr/share/spamassassin/20bodytests.cf
debug: config: read file //usr/share/spamassassin/20_compensate.cf
debug: config: read file //usr/share/spamassassin/20dnsbltests.cf
debug: config: read file //usr/share/spamassassin/20_drugs.cf
debug: config: read file //usr/share/spamassassin/20fake_helotests.cf
debug: config: read file //usr/share/spamassassin/20headtests.cf
debug: config: read file //usr/share/spamassassin/20htmltests.cf
debug: config: read file //usr/share/spamassassin/20metatests.cf
debug: config: read file //usr/share/spamassassin/20_phrases.cf
debug: config: read file //usr/share/spamassassin/20_****.cf
debug: config: read file //usr/share/spamassassin/20_ratware.cf
debug: config: read file //usr/share/spamassassin/20uritests.cf
debug: config: read file //usr/share/spamassassin/23_bayes.cf
debug: config: read file //usr/share/spamassassin/25body_testses.cf
debug: config: read file //usr/share/spamassassin/25body_testspl.cf
debug: config: read file //usr/share/spamassassin/25_hashcash.cf
debug: config: read file //usr/share/spamassassin/25head_testses.cf
debug: config: read file //usr/share/spamassassin/25head_testspl.cf
debug: config: read file //usr/share/spamassassin/25_spf.cf
debug: config: read file //usr/share/spamassassin/25_uribl.cf
debug: config: read file //usr/share/spamassassin/30textde.cf
debug: config: read file //usr/share/spamassassin/30textes.cf
debug: config: read file //usr/share/spamassassin/30textfr.cf
debug: config: read file //usr/share/spamassassin/30textit.cf
debug: config: read file //usr/share/spamassassin/30textnl.cf
debug: config: read file //usr/share/spamassassin/30textpl.cf
debug: config: read file //usr/share/spamassassin/30textsk.cf
debug: config: read file //usr/share/spamassassin/50_scores.cf
debug: config: read file //usr/share/spamassassin/60_whitelist.cf
debug: using "//etc/mail/spamassassin" for site rules dir
debug: config: read file //etc/mail/spamassassin/local.cf
debug: using "/private/var/root/.spamassassin" for user state dir
debug: using "/private/var/root/.spamassassin/user_prefs" for user prefs file
debug: config: read file /private/var/root/.spamassassin/user_prefs
debug: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC
debug: plugin: registered Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840)
debug: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC
debug: plugin: registered Mail::SpamAssassin::Plugin::Hashcash=HASH(0x1a8be70)
debug: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC
debug: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0x1af36a4)
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) implements 'parse_config'
debug: plugin: Mail::SpamAssassin::Plugin::Hashcash=HASH(0x1a8be70) implements 'parse_config'
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: config: SpamAssassin failed to parse line, skipping: auto_learn 1
debug: config: SpamAssassin failed to parse line, skipping: safe_reporting 0
debug: config: SpamAssassin failed to parse line, skipping: usetersereport 0
debug: config: SpamAssassin failed to parse line, skipping: subject_tag * Warning: Junk Mail *
debug: config: SpamAssassin failed to parse line, skipping: rewrite_subject 0
debug: using "/private/var/root/.spamassassin" for user state dir
debug: bayes: 17114 tie-ing to DB file R/O /private/var/root/.spamassassin/bayes_toks
debug: bayes: 17114 tie-ing to DB file R/O /private/var/root/.spamassassin/bayes_seen
debug: bayes: found bayes db version 3
debug: using "/private/var/root/.spamassassin" for user state dir
debug: bayes: Not available for scanning, only 0 spam(s) in Bayes DB < 200
debug: bayes: 17114 untie-ing
debug: bayes: 17114 untie-ing db_toks
debug: bayes: 17114 untie-ing db_seen
debug: Score set 1 chosen.
debug: bayes: 17114 tie-ing to DB file R/O /private/var/root/.spamassassin/bayes_toks
debug: bayes: 17114 tie-ing to DB file R/O /private/var/root/.spamassassin/bayes_seen
debug: bayes: found bayes db version 3
debug: bayes: Not available for scanning, only 0 spam(s) in Bayes DB < 200
debug: bayes: 17114 untie-ing
debug: bayes: 17114 untie-ing db_toks
debug: bayes: 17114 untie-ing db_seen
debug: metadata: X-Spam-Relays-Trusted:
debug: metadata: X-Spam-Relays-Untrusted:
debug: ---- MIME PARSER START ----
debug: main message type: text/plain
debug: parsing normal part
debug: added part, type: text/plain
debug: ---- MIME PARSER END ----
debug: decoding: no encoding detected
debug: Loading languages file...
debug: Can't determine language uniquely enough
debug: metadata: X-Languages:
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) implements 'parsed_metadata'
debug: is Net::DNS::Resolver available? yes
debug: Net::DNS version: 0.66
debug: trying (3) sun.com...
debug: looking up NS for 'sun.com'
debug: NS lookup of sun.com succeeded => Dns available (set dns_available to hardcode)
debug: is DNS available? 1
debug: uri found: mailto:[email protected]
debug: uri found: mailto:[email protected]
debug: uri found: mailto:[email protected]
debug: uri found: mailto:[email protected]
debug: uri found: mailto:[email protected]
debug: URIDNSBL: domains to query: beth.k12.pa.us hetnet.nl aim.com
debug: all '*From' addrs:
debug: Running tests for priority: 0
debug: running header regexp tests; score so far=0
debug: registering glue method for checkhashcash_doublespend (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x1a8be70))
debug: registering glue method for checkfor_spf_helopass (Mail::SpamAssassin::Plugin::SPF=HASH(0x1af36a4))
debug: SPF: message was delivered entirely via trusted relays, not required
debug: registering glue method for checkhashcashvalue (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x1a8be70))
debug: all '*To' addrs:
debug: registering glue method for checkfor_spfsoftfail (Mail::SpamAssassin::Plugin::SPF=HASH(0x1af36a4))
debug: SPF: message was delivered entirely via trusted relays, not required
debug: registering glue method for checkfor_spfpass (Mail::SpamAssassin::Plugin::SPF=HASH(0x1af36a4))
debug: registering glue method for checkfor_spf_helosoftfail (Mail::SpamAssassin::Plugin::SPF=HASH(0x1af36a4))
debug: registering glue method for checkfor_spf_helofail (Mail::SpamAssassin::Plugin::SPF=HASH(0x1af36a4))
debug: running body-text per-line regexp tests; score so far=-2.801
debug: running uri tests; score so far=-2.801
debug: registering glue method for check_uridnsbl (Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840))
debug: Razor2 is not available
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) implements 'check_tick'
debug: URIDNSBL: query for hetnet.nl took 1 seconds to look up (multi.surbl.org.:hetnet.nl)
debug: URIDNSBL: query for aim.com took 1 seconds to look up (multi.surbl.org.:aim.com)
debug: URIDNSBL: query for beth.k12.pa.us took 1 seconds to look up (multi.surbl.org.:beth.k12.pa.us)
debug: URIDNSBL: queries completed: 6 started: 8
debug: URIDNSBL: queries active: at Mon Mar 8 18:06:35 2010
debug: running raw-body-text per-line regexp tests; score so far=-2.801
debug: running full-text regexp tests; score so far=-2.801
debug: Razor2 is not available
debug: Current PATH is: /bin:/sbin:/usr/bin:/usr/sbin
debug: Pyzor is not available: pyzor not found
debug: DCCifd is not available: no r/w dccifd socket found.
debug: DCC is not available: no executable dccproc found.
debug: Running tests for priority: 500
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) implements 'checkpostdnsbl'
debug: URIDNSBL: queries completed: 8 started: 8
debug: URIDNSBL: queries active: at Mon Mar 8 18:06:35 2010
debug: waiting 2 seconds for URIDNSBL lookups to complete
debug: URIDNSBL: queries completed: 0 started: 0
debug: URIDNSBL: queries active: DNSBL=8 at Mon Mar 8 18:06:35 2010
debug: URIDNSBL: query for aim.com took 2 seconds to look up (sbl.spamhaus.org.:132.51.12.64)
debug: URIDNSBL: query for beth.k12.pa.us took 2 seconds to look up (sbl.spamhaus.org.:2.96.96.209)
debug: URIDNSBL: query for aim.com took 2 seconds to look up (sbl.spamhaus.org.:80.73.200.207)
debug: URIDNSBL: query for aim.com took 2 seconds to look up (sbl.spamhaus.org.:107.1.236.64)
debug: URIDNSBL: query for hetnet.nl took 2 seconds to look up (sbl.spamhaus.org.:34.63.75.213)
debug: URIDNSBL: query for hetnet.nl took 2 seconds to look up (sbl.spamhaus.org.:69.63.75.213)
debug: URIDNSBL: query for aim.com took 2 seconds to look up (sbl.spamhaus.org.:232.157.188.205)
debug: URIDNSBL: query for beth.k12.pa.us took 2 seconds to look up (sbl.spamhaus.org.:20.3.172.207)
debug: URIDNSBL: queries completed: 8 started: 0
debug: URIDNSBL: queries active: at Mon Mar 8 18:06:36 2010
debug: done waiting for URIDNSBL lookups to complete
debug: running meta tests; score so far=-2.801
debug: running header regexp tests; score so far=-1.231
debug: running body-text per-line regexp tests; score so far=-1.231
debug: running uri tests; score so far=-1.231
debug: running raw-body-text per-line regexp tests; score so far=-1.231
debug: running full-text regexp tests; score so far=-1.231
debug: Running tests for priority: 1000
debug: running meta tests; score so far=-1.231
debug: running header regexp tests; score so far=-1.231
debug: running body-text per-line regexp tests; score so far=-1.231
debug: running uri tests; score so far=-1.231
debug: running raw-body-text per-line regexp tests; score so far=-1.231
debug: running full-text regexp tests; score so far=-1.231
debug: auto-learn: currently using scoreset 1.
debug: auto-learn: message score: -1.231, computed score for autolearn: -1.231
debug: auto-learn? ham=0.1, spam=12, body-points=0, head-points=-2.801, learned-points=0
debug: auto-learn? yes, ham (-1.231 < 0.1)
debug: Learning Ham
debug: all '*From' addrs:
debug: all '*To' addrs:
debug: uri found: mailto:[email protected]
debug: uri found: mailto:[email protected]
debug: uri found: mailto:[email protected]
debug: uri found: mailto:[email protected]
debug: uri found: mailto:[email protected]
debug: lock: 17114 created /private/var/root/.spamassassin/bayes.lock.mx1.beth.k12.pa.us.17114
debug: lock: 17114 trying to get lock on /private/var/root/.spamassassin/bayes with 0 retries
debug: lock: 17114 link to /private/var/root/.spamassassin/bayes.lock: link ok
debug: bayes: 17114 tie-ing to DB file R/W /private/var/root/.spamassassin/bayes_toks
debug: bayes: 17114 tie-ing to DB file R/W /private/var/root/.spamassassin/bayes_seen
debug: bayes: found bayes db version 3
debug: ebd3a443815ae7214b74ef30dfb2c5524e3adf7a@sa_generated: already learnt correctly, not learning twice
debug: bayes: 17114 untie-ing
debug: bayes: 17114 untie-ing db_toks
debug: bayes: 17114 untie-ing db_seen
debug: bayes: files locked, now unlocking lock
debug: unlock: 17114 unlink /private/var/root/.spamassassin/bayes.lock
debug: is spam? score=-1.231 required=5
debug: tests=ALLTRUSTED,MISSING_DATE,MISSINGSUBJECT
debug: subtests=_UNUSABLEMSGID
X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on mx1.beth.k12.pa.us
X-Spam-Level:
X-Spam-Status: No, score=-1.2 required=5.0 tests=ALLTRUSTED,MISSINGDATE,
MISSING_SUBJECT autolearn=unavailable version=3.0.1
\f0\fs24 \cf0 Return-Path: <[email protected]>\
Received: from murder ([unix socket]) by bragg.beth.k12.pa.us (Cyrus v2.2.12-OS X 10.4.8) with LMTPA; Sun, 07 Mar 2010 22:32:43 -0500\
Received: from smtp3.beth.k12.pa.us (smtp3.beth.k12.pa.us [10.135.1.13]) by bragg.beth.k12.pa.us (Postfix) with ESMTP id 3D3F02CE4B19 for <[email protected]>; Sun, 7 Mar 2010 22:32:43 -0500 (EST)\
Received: from localhost (mx1.beth.k12.pa.us [10.135.1.6]) by smtp3.beth.k12.pa.us (Postfix) with ESMTP id 7E5EB2425D0C for <[email protected]>; Sun, 7 Mar 2010 22:32:07 -0500 (EST)\
Received: from mx1.beth.k12.pa.us ([127.0.0.1]) by localhost (mx1.beth.k12.pa.us [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 11329-05 for <[email protected]>; Sun, 7 Mar 2010 19:32:06 -0800 (PST)\
Received: from mail2.beth.k12.pa.us (mail2.beth.k12.pa.us [192.227.0.10]) by mx1.beth.k12.pa.us (Postfix) with ESMTP id 9DDDFCF9E5 for <[email protected]>; Sun, 7 Mar 2010 19:32:06 -0800 (PST)\
Received: from cpsmtpb-ews07.kpnxchange.com (cpsmtpb-ews07.kpnxchange.com [213.75.39.10]) by mail2.beth.k12.pa.us (Postfix) with ESMTP id 36E83E51479 for <[email protected]>; Sun, 7 Mar 2010 22:32:05 -0500 (EST)\
Received: from cpbrm-ews29.kpnxchange.com ([10.94.84.160]) by cpsmtpb-ews07.kpnxchange.com with Microsoft SMTPSVC(6.0.3790.3959); Mon, 8 Mar 2010 04:32:05 +0100\
Received: from CPSMTPM-EML04.kpnxchange.com ([213.75.39.74]) by cpbrm-ews29.kpnxchange.com with Microsoft SMTPSVC(6.0.3790.3959); Mon, 8 Mar 2010 04:32:04 +0100\
Received: from localhost ([10.94.77.199]) by CPSMTPM-EML04.kpnxchange.com with Microsoft SMTPSVC(7.0.6001.18000); Mon, 8 Mar 2010 04:32:04 +0100\
X-Sieve: CMU Sieve 2.2\
Content-Class: urn:content-classes:message\
Mime-Version: 1.0\
Content-Type: multipart/alternative; boundary="----=_NextPart_00101CABE6F.E8E7FFDB"\
X-Mimeole: Produced By Microsoft Exchange V6.5\
Message-Id: <[email protected]>\
X-Ms-Has-Attach: \
X-Ms-Tnef-Correlator: \
Thread-Topic: EU INT LOTTO\
Thread-Index: Acqbc/3PXjmnUcQsGeSny2PogEEg==\
X-Originalarrivaltime: 08 Mar 2010 03:32:04.0493 (UTC) FILETIME=[EC150BD0:01CABE6F]\
X-Recipientdomain: beth.k12.pa.us\
X-Spam-Status: No, hits=4.117 tagged_above=-999 required=5 tests=BAYES_50, HTML5060, HTML_MESSAGE, MIMEQP_LONGLINE, NOREALNAME, SUBJALLCAPS, UNDISC_RECIPS, UPPERCASE5075\
X-Spam-Level: **\
EU INT LOTTO\
YOUR EMAIL ID HAS WON \'db1,000,000.00, IN THE FIRST CATEGORY, ALL THE E-MAIL ADDRESSES WERE SELECTED THROUGH ELECTRONIC BALLOTING SYSTEM OF INTERNET E-MAIL USERS, FROM WHICH YOUR E-MAIL ADDRESS CAME OUT AS THE WINNING COUPON.\
Clarification and procedure Contact: [email protected]\
Tel:\'ca\'ca\'ca\'ca +31-630-861-292\'ca\'ca\'ca\'ca\'ca\'ca\'ca\'ca \
Miss. Gillian Rowland \
Qualification winning Number [EU/ILO-564/003/008] \
Expiring date is 19th of March, 2010.\
All response should be send Via Email: [email protected]\
}mx1:/var/clamav root#

postfix receives the mail, then passes it to amavisd.
amavisd decides what scanners to use (clamav/spamassassin and possibly others) and performs the scan
amavisd might not scan the messages if certain criteria are met (size too large, white list, etc), this is all configurable in amavisd.conf. For example, the size threshold by default may be too small, so messages with large graphics may not be scanned.
after amavis processes the message, depending on the config of amavis, certain actions are performed (add headers, discard, reject, bounce, etc).
then amavisd passes the mail back to postfix
postfix delivers any deliverable mail to cyrus/dovecot and/or processes and bounce/rejection.
a rejection doesn't work in the above scenario because it's already been accepted by postfix.
best to discard.
if you would like to learn more about the flow and logic, look at the amavisd config file
/etc/amavisd.conf
and check out the docs
http://www.ijs.si/software/amavisd/
Jeff

Sa-learn run as clamav or root

I have been running sa-learn as root. I now believe this is wrong and should be running as clamav
however I get problems running as clamav. I believe I have the correct permissions..
my junk and NotJunk folders are as follows
drwx------ 285 cyrusima mail 9690 May 14 12:50 junkmail
drwx------ 6 cyrusima mail 204 May 14 11:08 notjunkmail
I get the following errors:
sudo -u clamav sa-learn --spam /var/spool/imap/user/junkmail
bayes expireoldtokens: lock: 5428 cannot create tmp lockfile /private/var/root/.spamassassin/bayes.lock.fileserver.onestep.co.uk.5428 for /private/var/root/.spamassassin/bayes.lock: Permission denied
Unable to open /var/spool/imap/user/junkmail: Permission denied
Learned from 0 message(s) (0 message(s) examined).
or
fileserver:/var/spool/imap/user root# su - clamav
[fileserver:~] clamav% sa-learn --spam /var/spool/imap/user/junkmail
Unable to open /var/spool/imap/user/junkmail: Permission denied
Learned from 0 message(s) (0 message(s) examined).
Also how can I tell that the sa-learn script has run automatically at night?
when I run
su - clamav -c "sa-learn --dump magic"
I get
0.000 0 3 0 non-token data: bayes db version
0.000 0 205 0 non-token data: nspam
0.000 0 13929 0 non-token data: nham
0.000 0 156732 0 non-token data: ntokens
0.000 0 1178593410 0 non-token data: oldest atime
0.000 0 1179144505 0 non-token data: newest atime
0.000 0 1179144088 0 non-token data: last journal sync atime
0.000 0 1179140819 0 non-token data: last expiry atime
0.000 0 345600 0 non-token data: last expire atime delta
0.000 0 253032 0 non-token data: last expire reduction count
Xserve Mac OS X (10.4.8) Intel and PPC systems
TIA

You are much better off getting spamtrainer and let it do this for you.
However, for general education purposes read on
I have been running sa-learn as root. I now believe
this is wrong and should be running as clamav
You must run it as user clamav
however I get problems running as clamav. I believe I
have the correct permissions..
my junk and NotJunk folders are as follows
drwx------ 285 cyrusima mail 9690 May 14
12:50 junkmail
drwx------ 6 cyrusima mail 204 May 14
11:08 notjunkmail
I get the following errors:
sudo -u clamav sa-learn --spam
/var/spool/imap/user/junkmail
bayes expireoldtokens: lock: 5428 cannot create tmp
lockfile
/private/var/root/.spamassassin/bayes.lock.fileserver.
onestep.co.uk.5428 for
/private/var/root/.spamassassin/bayes.lock:
Permission denied
Unable to open /var/spool/imap/user/junkmail:
Permission denied
Learned from 0 message(s) (0 message(s) examined).
or
fileserver:/var/spool/imap/user root# su - clamav
[fileserver:~] clamav% sa-learn --spam
/var/spool/imap/user/junkmail
Unable to open /var/spool/imap/user/junkmail:
Permission denied
Learned from 0 message(s) (0 message(s) examined).
This is because the user's mailboxes are owned by root.
To work around this do the follwing as root:
cat /var/spool/imap/user/junkmail/messagefilenumber. | su - clamav -c "sa-learn --spam
Also how can I tell that the sa-learn script has run
automatically at night?
when I run
su - clamav -c "sa-learn --dump magic"
I get
0.000 0 3 0 non-token
data: bayes db version
0.000 0 205 0 non-token
data: nspam
0.000 0 13929 0 non-token
data: nham
0.000 0 156732 0 non-token
data: ntokens
0.000 0 1178593410 0 non-token
data: oldest atime
0.000 0 1179144505 0 non-token
data: newest atime
0.000 0 1179144088 0 non-token
data: last journal sync atime
0.000 0 1179140819 0 non-token
data: last expiry atime
0.000 0 345600 0 non-token
data: last expire atime delta
0.000 0 253032 0 non-token
This tells you what the bayes db has beend fed with so far. Whether this happend automatically or manually is a different issue.
sa-learn will not run automatically unless you told it to by means of a startup item, cron job, .... If you did you should know which logs to check.

MailServer anomolies

Hi.
I would appreciate any useful comments regarding the following anomolies
During a weekly examination of mail services i notice that there are many connections opened and being maintained to the mailserver port 25 also some being maintained to port 993 used by users to access their mail.
Further examination revealed that a large number of fileperms have been altered.
Any helpful comments or suggestions relating to possibilities would be appreciated.
Thanks in advance.
Fileperms issues;
Permissions differ on ./System/Library/Perl/Extras/5.8.6/Mail/SpamAssassin/ArchiveIterator.pm, should be -rw-r--r-- , they are -rwxr-xr-x
Permissions differ on ./System/Library/Perl/Extras/5.8.6/Mail/SpamAssassin/AuditMessage.pm, should be -rw-r--r-- , they are -rwxr-xr-x
Permissions differ on ./System/Library/Perl/Extras/5.8.6/Mail/SpamAssassin/AutoWhitelist.pm, should be -rw-r--r-- , they are -rwxr-xr-x
Permissions differ on ./System/Library/Perl/Extras/5.8.6/Mail/SpamAssassin/Bayes.pm, should be -rw-r--r-- , they are -rwxr-xr-x
Permissions differ on ./System/Library/Perl/Extras/5.8.6/Mail/SpamAssassin/BayesStore/DBM.pm, should be -rw-r--r-- , they are -rwxr-xr-x
Permissions differ on ./System/Library/Perl/Extras/5.8.6/Mail/SpamAssassin/BayesStore/SQL.pm, should be -rw-r--r-- , they are -rwxr-xr-x
Permissions differ on ./System/Library/Perl/Extras/5.8.6/Mail/SpamAssassin/BayesStore.pm, should be -rw-r--r-- , they are -rwxr-xr-x
Permissions differ on ./System/Library/Perl/Extras/5.8.6/Mail/SpamAssassin/CmdLearn.pm, should be -rw-r--r-- , they are -rwxr-xr-x
Permissions differ on ./System/Library/Perl/Extras/5.8.6/Mail/SpamAssassin/Conf/LDAP.pm, should be -rw-r--r-- , they are -rwxr-xr-x
Permissions differ on ./System/Library/Perl/Extras/5.8.6/Mail/SpamAssassin/Conf/Parser.pm, should be -rw-r--r-- , they are -rwxr-xr-x
Permissions differ on ./System/Library/Perl/Extras/5.8.6/Mail/SpamAssassin/Conf/SQL.pm, should be -rw-r--r-- , they are -rwxr-xr-x
Permissions differ on ./System/Library/Perl/Extras/5.8.6/Mail/SpamAssassin/Conf.pm, should be -rw-r--r-- , they are -rwxr-xr-x
Permissions differ on ./System/Library/Perl/Extras/5.8.6/Mail/SpamAssassin/ConfSourceSQL.pm, should be -rw-r--r-- , they are -rwxr-xr-x
Permissions differ on ./System/Library/Perl/Extras/5.8.6/Mail/SpamAssassin/Constants.pm, should be -rw-r--r-- , they are -rwxr-xr-x
Permissions differ on ./System/Library/Perl/Extras/5.8.6/Mail/SpamAssassin/DBBasedAddrList.pm, should be -rw-r--r-- , they are -rwxr-xr-x
Permissions differ on ./System/Library/Perl/Extras/5.8.6/Mail/SpamAssassin/Dns.pm, should be -rw-r--r-- , they are -rwxr-xr-x
Permissions differ on ./System/Library/Perl/Extras/5.8.6/Mail/SpamAssassin/EncappedMIME.pm, should be -rw-r--r-- , they are -rwxr-xr-x
Permissions differ on ./System/Library/Perl/Extras/5.8.6/Mail/SpamAssassin/EncappedMessage.pm, should be -rw-r--r-- , they are -rwxr-xr-x
Permissions differ on ./System/Library/Perl/Extras/5.8.6/Mail/SpamAssassin/EvalTests.pm, should be -rw-r--r-- , they are -rwxr-xr-x
Permissions differ on ./System/Library/Perl/Extras/5.8.6/Mail/SpamAssassin/HTML.pm, should be -rw-r--r-- , they are -rwxr-xr-x
Permissions differ on ./System/Library/Perl/Extras/5.8.6/Mail/SpamAssassin/Locales.pm, should be -rw-r--r-- , they are -rwxr-xr-x
Permissions differ on ./System/Library/Perl/Extras/5.8.6/Mail/SpamAssassin/Locker/Flock.pm, should be -rw-r--r-- , they are -rwxr-xr-x
Permissions differ on ./System/Library/Perl/Extras/5.8.6/Mail/SpamAssassin/Locker/UnixNFSSafe.pm, should be -rw-r--r-- , they are -rwxr-xr-x
Permissions differ on ./System/Library/Perl/Extras/5.8.6/Mail/SpamAssassin/Locker/Win32.pm, should be -rw-r--r-- , they are -rwxr-xr-x
Permissions differ on ./System/Library/Perl/Extras/5.8.6/Mail/SpamAssassin/Locker.pm, should be -rw-r--r-- , they are -rwxr-xr-x
Permissions differ on ./System/Library/Perl/Extras/5.8.6/Mail/SpamAssassin/MailingList.pm, should be -rw-r--r-- , they are -rwxr-xr-x
Permissions differ on ./System/Library/Perl/Extras/5.8.6/Mail/SpamAssassin/Message/Metadata/Received. pm, should be -rw-r--r-- , they are -rwxr-xr-x
Permissions differ on ./System/Library/Perl/Extras/5.8.6/Mail/SpamAssassin/Message/Metadata.pm, should be -rw-r--r-- , they are -rwxr-xr-x
Permissions differ on ./System/Library/Perl/Extras/5.8.6/Mail/SpamAssassin/Message/Node.pm, should be -rw-r--r-- , they are -rwxr-xr-x
Permissions differ on ./System/Library/Perl/Extras/5.8.6/Mail/SpamAssassin/Message.pm, should be -rw-r--r-- , they are -rwxr-xr-x
Permissions differ on ./System/Library/Perl/Extras/5.8.6/Mail/SpamAssassin/NetSet.pm, should be -rw-r--r-- , they are -rwxr-xr-x
Permissions differ on ./System/Library/Perl/Extras/5.8.6/Mail/SpamAssassin/NoMailAudit.pm, should be -rw-r--r-- , they are -rwxr-xr-x
Permissions differ on ./System/Library/Perl/Extras/5.8.6/Mail/SpamAssassin/PerMsgLearner.pm, should be -rw-r--r-- , they are -rwxr-xr-x
Permissions differ on ./System/Library/Perl/Extras/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm, should be -rw-r--r-- , they are -rwxr-xr-x
Permissions differ on ./System/Library/Perl/Extras/5.8.6/Mail/SpamAssassin/PersistentAddrList.pm, should be -rw-r--r-- , they are -rwxr-xr-x
Permissions differ on ./System/Library/Perl/Extras/5.8.6/Mail/SpamAssassin/PhraseFreqs.pm, should be -rw-r--r-- , they are -rwxr-xr-x
Permissions differ on ./System/Library/Perl/Extras/5.8.6/Mail/SpamAssassin/Plugin/Hashcash.pm, should be -rw-r--r-- , they are -rwxr-xr-x
Permissions differ on ./System/Library/Perl/Extras/5.8.6/Mail/SpamAssassin/Plugin/RelayCountry.pm, should be -rw-r--r-- , they are -rwxr-xr-x
Permissions differ on ./System/Library/Perl/Extras/5.8.6/Mail/SpamAssassin/Plugin/SPF.pm, should be -rw-r--r-- , they are -rwxr-xr-x
Permissions differ on ./System/Library/Perl/Extras/5.8.6/Mail/SpamAssassin/Plugin/Test.pm, should be -rw-r--r-- , they are -rwxr-xr-x
Permissions differ on ./System/Library/Perl/Extras/5.8.6/Mail/SpamAssassin/Plugin/URIDNSBL.pm, should be -rw-r--r-- , they are -rwxr-xr-x
Permissions differ on ./System/Library/Perl/Extras/5.8.6/Mail/SpamAssassin/Plugin.pm, should be -rw-r--r-- , they are -rwxr-xr-x
Permissions differ on ./System/Library/Perl/Extras/5.8.6/Mail/SpamAssassin/PluginHandler.pm, should be -rw-r--r-- , they are -rwxr-xr-x
Permissions differ on ./System/Library/Perl/Extras/5.8.6/Mail/SpamAssassin/Received.pm, should be -rw-r--r-- , they are -rwxr-xr-x
Permissions differ on ./System/Library/Perl/Extras/5.8.6/Mail/SpamAssassin/Replier.pm, should be -rw-r--r-- , they are -rwxr-xr-x
Permissions differ on ./System/Library/Perl/Extras/5.8.6/Mail/SpamAssassin/Reporter.pm, should be -rw-r--r-- , they are -rwxr-xr-x
Permissions differ on ./System/Library/Perl/Extras/5.8.6/Mail/SpamAssassin/SHA1.pm, should be -rw-r--r-- , they are -rwxr-xr-x
Permissions differ on ./System/Library/Perl/Extras/5.8.6/Mail/SpamAssassin/SQLBasedAddrList.pm, should be -rw-r--r-- , they are -rwxr-xr-x
Permissions differ on ./System/Library/Perl/Extras/5.8.6/Mail/SpamAssassin/TextCat.pm, should be -rw-r--r-- , they are -rwxr-xr-x
Permissions differ on ./System/Library/Perl/Extras/5.8.6/Mail/SpamAssassin/UnixLocker.pm, should be -rw-r--r-- , they are -rwxr-xr-x
Permissions differ on ./System/Library/Perl/Extras/5.8.6/Mail/SpamAssassin/Util/RegistrarBoundaries.p m, should be -rw-r--r-- , they are -rwxr-xr-x
Permissions differ on ./System/Library/Perl/Extras/5.8.6/Mail/SpamAssassin/Util.pm, should be -rw-r--r-- , they are -rwxr-xr-x
Permissions differ on ./System/Library/Perl/Extras/5.8.6/Mail/SpamAssassin/Win32Locker.pm, should be -rw-r--r-- , they are -rwxr-xr-x
Permissions differ on ./System/Library/Perl/Extras/5.8.6/Mail/SpamAssassin.pm, should be -rw-r--r-- , they are -rwxr-xr-x
Permissions differ on ./private/var/log/secure.log, should be -rw------- , they are -rw-r-----
Permissions differ on ./usr/libexec/dumpemacs, should be -r-xr-xr-x , they are -r-sr-xr-x
maintained connections to the server
Apr 22 10:23:13 syrinx ipfw: 4000 Accept TCP 172.16.20.14:25 89.242.89.198:51163 out via en0
Apr 22 10:26:03 syrinx ipfw: 4000 Accept TCP 172.16.20.14:25 89.242.89.198:51156 out via en0
Apr 22 10:26:28 syrinx ipfw: 4000 Accept TCP 172.16.20.14:25 89.242.156.29:50326 out via en0
Apr 22 10:27:58 syrinx ipfw: 4000 Accept TCP 172.16.20.14:25 89.242.89.198:51163 out via en0
Apr 22 10:30:48 syrinx ipfw: 4000 Accept TCP 172.16.20.14:25 89.242.89.198:51156 out via en0
Apr 22 10:31:13 syrinx ipfw: 4000 Accept TCP 172.16.20.14:25 89.242.156.29:50326 out via en0
Apr 22 10:32:43 syrinx ipfw: 4000 Accept TCP 172.16.20.14:25 89.242.89.198:51163 out via en0
Apr 22 10:35:33 syrinx ipfw: 4000 Accept TCP 172.16.20.14:25 89.242.89.198:51156 out via en0
Apr 22 10:35:58 syrinx ipfw: 4000 Accept TCP 172.16.20.14:25 89.242.156.29:50326 out via en0
Apr 22 10:37:28 syrinx ipfw: 4000 Accept TCP 172.16.20.14:25 89.242.89.198:51163 out via en0
Apr 22 10:40:18 syrinx ipfw: 4000 Accept TCP 172.16.20.14:25 89.242.89.198:51156 out via en0
Apr 22 10:40:43 syrinx ipfw: 4000 Accept TCP 172.16.20.14:25 89.242.156.29:50326 out via en0
Apr 22 10:42:13 syrinx ipfw: 4000 Accept TCP 172.16.20.14:25 89.242.89.198:51163 out via en0
Apr 22 10:45:03 syrinx ipfw: 4000 Accept TCP 172.16.20.14:25 89.242.89.198:51156 out via en0
Apr 22 10:45:28 syrinx ipfw: 4000 Accept TCP 172.16.20.14:25 89.242.156.29:50326 out via en0
Apr 22 10:46:58 syrinx ipfw: 4000 Accept TCP 172.16.20.14:25 89.242.89.198:51163 out via en0
Apr 22 10:49:48 syrinx ipfw: 4000 Accept TCP 172.16.20.14:25 89.242.89.198:51156 out via en0
Apr 22 10:50:13 syrinx ipfw: 4000 Accept TCP 172.16.20.14:25 89.242.156.29:50326 out via en0
Apr 22 10:51:43 syrinx ipfw: 4000 Accept TCP 172.16.20.14:25 89.242.89.198:51163 out via en0
Apr 22 10:54:33 syrinx ipfw: 4000 Accept TCP 172.16.20.14:25 89.242.89.198:51156 out via en0
Apr 22 10:54:58 syrinx ipfw: 4000 Accept TCP 172.16.20.14:25 89.242.156.29:50326 out via en0
Apr 22 10:56:28 syrinx ipfw: 4000 Accept TCP 172.16.20.14:25 89.242.89.198:51163 out via en0
Apr 22 10:59:18 syrinx ipfw: 4000 Accept TCP 172.16.20.14:25 89.242.89.198:51156 out via en0
Apr 22 10:59:43 syrinx ipfw: 4000 Accept TCP 172.16.20.14:25 89.242.156.29:50326 out via en0
Apr 22 11:01:13 syrinx ipfw: 4000 Accept TCP 172.16.20.14:25 89.242.89.198:51163 out via en0
Apr 22 11:04:03 syrinx ipfw: 4000 Accept TCP 172.16.20.14:25 89.242.89.198:51156 out via en0
Apr 22 11:04:28 syrinx ipfw: 4000 Accept TCP 172.16.20.14:25 89.242.156.29:50326 out via en0
Apr 22 11:05:58 syrinx ipfw: 4000 Accept TCP 172.16.20.14:25 89.242.89.198:51163 out via en0
Apr 22 11:08:48 syrinx ipfw: 4000 Accept TCP 172.16.20.14:25 89.242.89.198:51156 out via en0
Apr 22 11:09:13 syrinx ipfw: 4000 Accept TCP 172.16.20.14:25 89.242.156.29:50326 out via en0
Apr 22 11:10:43 syrinx ipfw: 4000 Accept TCP 172.16.20.14:25 89.242.89.198:51163 out via en0
Apr 22 11:13:33 syrinx ipfw: 4000 Accept TCP 172.16.20.14:25 89.242.89.198:51156 out via en0
Apr 22 11:13:58 syrinx ipfw: 4000 Accept TCP 172.16.20.14:25 89.242.156.29:50326 out via en0
Apr 22 11:15:27 syrinx ipfw: 4000 Accept TCP 172.16.20.14:25 89.242.89.198:51163 out via en0
Apr 22 11:18:17 syrinx ipfw: 4000 Accept TCP 172.16.20.14:25 89.242.89.198:51156 out via en0
Apr 22 11:18:42 syrinx ipfw: 4000 Accept TCP 172.16.20.14:25 89.242.156.29:50326 out via en0
Apr 22 11:20:12 syrinx ipfw: 4000 Accept TCP 172.16.20.14:25 89.242.89.198:51163 out via en0
Apr 22 11:23:02 syrinx ipfw: 4000 Accept TCP 172.16.20.14:25 89.242.89.198:51156 out via en0
Apr 22 11:23:27 syrinx ipfw: 4000 Accept TCP 172.16.20.14:25 89.242.156.29:50326 out via en0
Apr 22 11:24:57 syrinx ipfw: 4000 Accept TCP 172.16.20.14:25 89.242.89.198:51163 out via en0
Apr 22 11:27:47 syrinx ipfw: 4000 Accept TCP 172.16.20.14:25 89.242.89.198:51156 out via en0

CYRUS.CONF
# standard standalone server implementation
START {
# do not delete this entry!
recover cmd="ctl_cyrusdb -r"
# this is only necessary if using idled for IMAP IDLE
# idled cmd="idled"
# UNIX sockets start with a slash and are put into /var/imap/socket
SERVICES {
# add or remove based on preferences
imap cmd="imapd" listen="imap" prefork=0
imaps cmd="imapd -s" listen="imaps" prefork=0
pop3 cmd="pop3d" listen="pop3" prefork=0
pop3s cmd="pop3d -s" listen="pop3s" prefork=0
sieve cmd="timsieved" listen="sieve" prefork=0
# at least one LMTP is required for delivery
# lmtp cmd="lmtpd" listen="lmtp" prefork=0
lmtpunix cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=0
# this is only necessary if using notifications
# notify cmd="notifyd" listen="/var/imap/socket/notify" proto="udp" prefork=1
EVENTS {
# this is required
checkpoint cmd="ctl_cyrusdb -c" period=30
# this is only necessary if using duplicate delivery suppression
delprune cmd="ctl_deliver -E 3" at=0400
# this is only necessary if caching TLS sessions
tlsprune cmd="tls_prune" at=0400
LIMITS {
imaplimit value=10
IMAPD.CONF
admins: cyrusimap
configdirectory: /var/imap
partition-default: /var/spool/imap
unixhierarchysep: yes
altnamespace: yes
servername: mail.robertcummings.com
sendmail: /usr/sbin/sendmail
lmtpdowncasercpt: 1
logrollingdays: 30
logrolling_daysenabled: true
tlscertfile: /var/imap/server.pem
tlscafile: /var/imap/server.pem
tlsserveroptions: use
imapauthlogin: yes
imapauth_crammd5: yes
tlskeyfile: /var/imap/server.pem
imapauthplain: yes
imapauthgssapi: yes
popauthgssapi: yes
popauthapop: yes
tlscommonname:
mboxlist_db: skiplist
seenstate_db: skiplist

MacMini backup from unix shell

I have setup a MacMini as a web server, and the only way I can get to it is with SSH.
I am trying to setup a cron job to do backups to an external hard drive, but I am having some dificulty finding out what some of the best practices are. Since I do not have a GUI, what utilities are out there to help me back up the system?
I want, in case of a failure, to be able to restore the full OS, with the boot record and everything.
The tar did not allow me to go over 4BG or space... (plus it does not do the MBR)
MacMini
MacMini

IF you need more help with rsync, you should move this discussion into the Unix forum. The guys over there know the command quite well.
Mac's rsync is a little different than the standard Linux flavor, because it makes allowances for the HFS+ format.
Here's the command I use (it runs nightly as a cron job)
rsync -a -c --exclude-from=/etc/rsyncx/exclude.conf /Users /private/etc /var/mail /var/ldap /Volumes/Backup > ~mainuser/rsyncx.log
This command backs up the Users, etc, var/mail, and var/ldap directories to /Volumes/Backup. Any problems are recorded in rsyncx.log in mainuser's home directory.
I use the exclude.conf file to skip things like cache files and other detritus that doesn't need to be saved. It's just a plain text file with these lines (note the "NoArchive/" -- anytime I have stuff I don't want archived, I just create a folder named "NoArchive" anywhere I want; anything in there won't get backed up):
Caches/
Cache/
caches/
cache/
Library/Thunderbird/
Library/Syndication/Database*
Library/Application Support/SyncServices/
Library/Application Support/Firefox/
Library/Application Support/Quicksilver/
Library/Preferences/MS Internet Cache/
SyncServices/
.spamassassin/bayes*
.razor/*log
.procmail/log
NoArchive/
.spumux/
.cpan/
.Trash/
Fonts/
iPhoto Library/
iTunes/
*.band/
.emlx
*.qsindex
*cache

Bayes Error Question after Spamassassin Upgrade

I have just upgraded to Version 3.1.5 of the Spamassassin and I am getting the following readout when after I run spamassassin -D --lint
xserve1:/var/amavis root# spamassassin -D --lint
[18757] dbg: logger: adding facilities: all
[18757] dbg: logger: logging level is DBG
[18757] dbg: generic: SpamAssassin version 3.1.5
[18757] dbg: config: score set 0 chosen.
[18757] dbg: util: running in taint mode? yes
[18757] dbg: util: taint mode: deleting unsafe environment variables, resetting PATH
[18757] dbg: util: PATH included '/bin', keeping
[18757] dbg: util: PATH included '/sbin', keeping
[18757] dbg: util: PATH included '/usr/bin', keeping
[18757] dbg: util: PATH included '/usr/sbin', keeping
[18757] dbg: util: final PATH set to: /bin:/sbin:/usr/bin:/usr/sbin
[18757] dbg: message: ---- MIME PARSER START ----
[18757] dbg: message: main message type: text/plain
[18757] dbg: message: parsing normal part
[18757] dbg: message: added part, type: text/plain
[18757] dbg: message: ---- MIME PARSER END ----
[18757] dbg: dns: is Net::DNS::Resolver available? yes
[18757] dbg: dns: Net::DNS version: 0.59
[18757] dbg: diag: perl platform: 5.008006 darwin
[18757] dbg: diag: module installed: Digest::SHA1, version 2.10
[18757] dbg: diag: module installed: Archive::Tar, version 1.30
[18757] dbg: diag: module installed: IO::Zlib, version 1.04
[18757] dbg: diag: module installed: DB_File, version 1.814
[18757] dbg: diag: module installed: HTML::Parser, version 3.36
[18757] dbg: diag: module installed: MIME::Base64, version 3.05
[18757] dbg: diag: module installed: Net::DNS, version 0.59
[18757] dbg: diag: module installed: Net::SMTP, version 2.29
[18757] dbg: diag: module installed: Mail::SPF::Query, version 1.999001
[18757] dbg: diag: module installed: IP::Country::Fast, version 604.001
[18757] dbg: diag: module installed: Razor2::Client::Agent, version 2.82
[18757] dbg: diag: module installed: Net::Ident, version 1.20
[18757] dbg: diag: module not installed: IO::Socket::INET6 ('require' failed)
[18757] dbg: diag: module installed: IO::Socket::SSL, version 1.0
[18757] dbg: diag: module installed: Time::HiRes, version 1.68
[18757] dbg: diag: module installed: DBI, version 1.52
[18757] dbg: diag: module installed: Getopt::Long, version 2.34
[18757] dbg: diag: module installed: LWP::UserAgent, version 2.033
[18757] dbg: diag: module installed: HTTP::Date, version 1.47
[18757] dbg: ignore: using a test message to lint rules
[18757] dbg: config: using "/etc/mail/spamassassin" for site rules pre files
[18757] dbg: config: read file /etc/mail/spamassassin/init.pre
[18757] dbg: config: read file /etc/mail/spamassassin/v310.pre
[18757] dbg: config: read file /etc/mail/spamassassin/v312.pre
[18757] dbg: config: using "/usr/local/share/spamassassin" for sys rules pre files
[18757] dbg: config: using "/usr/local/share/spamassassin" for default rules dir
[18757] dbg: config: read file /usr/local/share/spamassassin/10_misc.cf
[18757] dbg: config: read file /usr/local/share/spamassassin/20_advance_fee.cf
[18757] dbg: config: read file /usr/local/share/spamassassin/20_anti_ratware.cf
[18757] dbg: config: read file /usr/local/share/spamassassin/20_body_tests.cf
[18757] dbg: config: read file /usr/local/share/spamassassin/20_compensate.cf
[18757] dbg: config: read file /usr/local/share/spamassassin/20_dnsbl_tests.cf
[18757] dbg: config: read file /usr/local/share/spamassassin/20_drugs.cf
[18757] dbg: config: read file /usr/local/share/spamassassin/20_fake_helo_tests.cf
[18757] dbg: config: read file /usr/local/share/spamassassin/20_head_tests.cf
[18757] dbg: config: read file /usr/local/share/spamassassin/20_html_tests.cf
[18757] dbg: config: read file /usr/local/share/spamassassin/20_meta_tests.cf
[18757] dbg: config: read file /usr/local/share/spamassassin/20_net_tests.cf
[18757] dbg: config: read file /usr/local/share/spamassassin/20_phrases.cf
[18757] dbg: config: read file /usr/local/share/spamassassin/20_****.cf
[18757] dbg: config: read file /usr/local/share/spamassassin/20_ratware.cf
[18757] dbg: config: read file /usr/local/share/spamassassin/20_uri_tests.cf
[18757] dbg: config: read file /usr/local/share/spamassassin/23_bayes.cf
[18757] dbg: config: read file /usr/local/share/spamassassin/25_accessdb.cf
[18757] dbg: config: read file /usr/local/share/spamassassin/25_antivirus.cf
[18757] dbg: config: read file /usr/local/share/spamassassin/25_body_tests_es.cf
[18757] dbg: config: read file /usr/local/share/spamassassin/25_body_tests_pl.cf
[18757] dbg: config: read file /usr/local/share/spamassassin/25_dcc.cf
[18757] dbg: config: read file /usr/local/share/spamassassin/25_dkim.cf
[18757] dbg: config: read file /usr/local/share/spamassassin/25_domainkeys.cf
[18757] dbg: config: read file /usr/local/share/spamassassin/25_hashcash.cf
[18757] dbg: config: read file /usr/local/share/spamassassin/25_pyzor.cf
[18757] dbg: config: read file /usr/local/share/spamassassin/25_razor2.cf
[18757] dbg: config: read file /usr/local/share/spamassassin/25_replace.cf
[18757] dbg: config: read file /usr/local/share/spamassassin/25_spf.cf
[18757] dbg: config: read file /usr/local/share/spamassassin/25_textcat.cf
[18757] dbg: config: read file /usr/local/share/spamassassin/25_uribl.cf
[18757] dbg: config: read file /usr/local/share/spamassassin/30_text_de.cf
[18757] dbg: config: read file /usr/local/share/spamassassin/30_text_fr.cf
[18757] dbg: config: read file /usr/local/share/spamassassin/30_text_it.cf
[18757] dbg: config: read file /usr/local/share/spamassassin/30_text_nl.cf
[18757] dbg: config: read file /usr/local/share/spamassassin/30_text_pl.cf
[18757] dbg: config: read file /usr/local/share/spamassassin/30_text_pt_br.cf
[18757] dbg: config: read file /usr/local/share/spamassassin/50_scores.cf
[18757] dbg: config: read file /usr/local/share/spamassassin/60_awl.cf
[18757] dbg: config: read file /usr/local/share/spamassassin/60_whitelist.cf
[18757] dbg: config: read file /usr/local/share/spamassassin/60_whitelist_dk.cf
[18757] dbg: config: read file /usr/local/share/spamassassin/60_whitelist_dkim.cf
[18757] dbg: config: read file /usr/local/share/spamassassin/60_whitelist_spf.cf
[18757] dbg: config: read file /usr/local/share/spamassassin/60_whitelist_subject.cf
[18757] dbg: config: using "/etc/mail/spamassassin" for site rules dir
[18757] dbg: config: read file /etc/mail/spamassassin/70_sare_adult.cf
[18757] dbg: config: read file /etc/mail/spamassassin/70_sare_bayes_poison_nxm.cf
[18757] dbg: config: read file /etc/mail/spamassassin/70_sare_evilnum0.cf
[18757] dbg: config: read file /etc/mail/spamassassin/70_sare_evilnum1.cf
[18757] dbg: config: read file /etc/mail/spamassassin/70_sare_evilnum2.cf
[18757] dbg: config: read file /etc/mail/spamassassin/70_sare_html.cf
[18757] dbg: config: read file /etc/mail/spamassassin/70_sare_obfu.cf
[18757] dbg: config: read file /etc/mail/spamassassin/70_sare_oem.cf
[18757] dbg: config: read file /etc/mail/spamassassin/70_sare_random.cf
[18757] dbg: config: read file /etc/mail/spamassassin/70_sare_stocks.cf
[18757] dbg: config: read file /etc/mail/spamassassin/70_sc_top200.cf
[18757] dbg: config: read file /etc/mail/spamassassin/99_FVGT_Tripwire.cf
[18757] dbg: config: read file /etc/mail/spamassassin/Chinese_rules.cf
[18757] dbg: config: read file /etc/mail/spamassassin/local.cf
[18757] dbg: config: read file /etc/mail/spamassassin/weeds.cf
[18757] dbg: config: using "/private/var/root/.spamassassin/user_prefs" for user prefs file
[18757] dbg: config: read file /private/var/root/.spamassassin/user_prefs
[18757] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC
[18757] dbg: plugin: registered Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x18796d0)
[18757] dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC
[18757] dbg: plugin: registered Mail::SpamAssassin::Plugin::Hashcash=HASH(0x1c828d8)
[18757] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC
[18757] dbg: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0x1d91a64)
[18757] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC
[18757] dbg: pyzor: network tests on, attempting Pyzor
[18757] dbg: plugin: registered Mail::SpamAssassin::Plugin::Pyzor=HASH(0x1c66f5c)
[18757] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC
[18757] dbg: razor2: razor2 is available, version 2.82
[18757] dbg: plugin: registered Mail::SpamAssassin::Plugin::Razor2=HASH(0x466db0)
[18757] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from @INC
[18757] dbg: reporter: network tests on, attempting SpamCop
[18757] dbg: plugin: registered Mail::SpamAssassin::Plugin::SpamCop=HASH(0x468e68)
[18757] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC
[18757] dbg: plugin: registered Mail::SpamAssassin::Plugin::AWL=HASH(0x1dd02d0)
[18757] dbg: plugin: loading Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC
[18757] dbg: plugin: registered Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x1e34100)
[18757] dbg: plugin: loading Mail::SpamAssassin::Plugin::WhiteListSubject from @INC
[18757] dbg: plugin: registered Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x1e36be0)
[18757] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader from @INC
[18757] dbg: plugin: registered Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x1e39d30)
[18757] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags from @INC
[18757] dbg: plugin: registered Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x1e3e260)
[18757] dbg: config: adding redirector regex: /^http:\/\/chkpt\.zdnet\.com\/chkpt\/\w+\/(.*)$/i
[18757] dbg: config: adding redirector regex: /^http:\/\/www(?:\d+)?\.nate\.com\/r\/\w+\/(.*)$/i
[18757] dbg: config: adding redirector regex: /^http:\/\/.+\.gov\/(?:.*\/)?externalLink\.jhtml\?.*url=(.*?)(?:&.*)?$/i
[18757] dbg: config: adding redirector regex: /^http:\/\/redir\.internet\.com\/.+?\/.+?\/(.*)$/i
[18757] dbg: config: adding redirector regex: /^http:\/\/(?:.*?\.)?adtech\.de\/.*(?:;|\|)link=(.*?)(?:;|$)/i
[18757] dbg: config: adding redirector regex: m'^http.*?/redirect\.php\?.*(?<=[?&])goto=(.*?)(?:$|[&\#])'i
[18757] dbg: config: adding redirector regex: m'^https?:/*(?:[^/]+\.)?emf\d\.com/r\.cfm.*?&r=(.*)'i
[18757] dbg: config: adding redirector regex: m'/(?:index.php)?\?.*(?<=[?&])URL=(.*?)(?:$|[&\#])'i
[18757] dbg: config: adding redirector regex: m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/url\?.*?(?<=[?&])q=(.*?)(?:$|[&\#] )'i
[18757] dbg: config: adding redirector regex: m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]*?(?<=%2 0|..[=+\s])site:(.*?)(?:$|%20|[\s+&\#])'i
[18757] dbg: config: adding redirector regex: m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]*?(?<=%2 0|..[=+\s])(?:"|%22)(.*?)(?:$|%22|["\s+&\#])'i
[18757] dbg: config: adding redirector regex: m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/translate\?.*?(?<=[?&])u=(.*?)(?:$ |[&\#])'i
[18757] warn: config: failed to parse line, skipping: scare RCVD_IN_NJABL_SPAM 3.0
[18757] dbg: plugin: Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x1e3e260) implements 'finish_parsing_end'
[18757] dbg: replacetags: replacing tags
[18757] dbg: replacetags: done replacing tags
[18757] dbg: bayes: no dbs present, cannot tie DB R/O: /private/var/root/.spamassassin/bayes_toks
[18757] dbg: config: score set 1 chosen.
[18757] dbg: message: ---- MIME PARSER START ----
[18757] dbg: message: main message type: text/plain
[18757] dbg: message: parsing normal part
[18757] dbg: message: added part, type: text/plain
[18757] dbg: message: ---- MIME PARSER END ----
[18757] dbg: bayes: no dbs present, cannot tie DB R/O: /private/var/root/.spamassassin/bayes_toks
[18757] dbg: dns: name server: 209.198.128.11, family: 2, ipv6: 0
[18757] dbg: dns: testing resolver nameservers: 209.198.128.11, 209.198.128.27
[18757] dbg: dns: trying (3) google.com...
[18757] dbg: dns: looking up NS for 'google.com'
[18757] dbg: dns: NS lookup of google.com using 209.198.128.11 succeeded => DNS available (set dns_available to override)
[18757] dbg: dns: is DNS available? 1
[18757] dbg: metadata: X-Spam-Relays-Trusted:
[18757] dbg: metadata: X-Spam-Relays-Untrusted:
[18757] dbg: metadata: X-Spam-Relays-Internal:
[18757] dbg: metadata: X-Spam-Relays-External:
[18757] dbg: message: no encoding detected
[18757] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x18796d0) implements 'parsed_metadata'
[18757] dbg: uridnsbl: domains to query:
[18757] dbg: dns: checking RBL sbl-xbl.spamhaus.org., set sblxbl-lastexternal
[18757] dbg: dns: checking RBL sa-accredit.habeas.com., set habeas-firsttrusted
[18757] dbg: dns: checking RBL sbl-xbl.spamhaus.org., set sblxbl
[18757] dbg: dns: checking RBL sa-other.bondedsender.org., set bsp-untrusted
[18757] dbg: dns: checking RBL combined.njabl.org., set njabl-lastexternal
[18757] dbg: dns: checking RBL combined.njabl.org., set njabl
[18757] dbg: dns: checking RBL combined-HIB.dnsiplists.completewhois.com., set whois
[18757] dbg: dns: checking RBL list.dsbl.org., set dsbl-lastexternal
[18757] dbg: dns: checking RBL bl.spamcop.net., set spamcop
[18757] dbg: dns: checking RBL sa-trusted.bondedsender.org., set bsp-firsttrusted
[18757] dbg: dns: checking RBL combined-HIB.dnsiplists.completewhois.com., set whois-lastexternal
[18757] dbg: dns: checking RBL dnsbl.sorbs.net., set sorbs-lastexternal
[18757] dbg: dns: checking RBL dnsbl.sorbs.net., set sorbs
[18757] dbg: dns: checking RBL iadb.isipp.com., set iadb-firsttrusted
[18757] dbg: check: running tests for priority: 0
[18757] dbg: rules: running header regexp tests; score so far=0
[18757] dbg: rules: ran header rule __HAS_MSGID ======> got hit: "<"@lint_rules>"
[18757] dbg: rules: ran header rule NO_REAL_NAME ======> got hit: "[email protected]
[18757] dbg: rules: "
[18757] dbg: rules: ran header rule __MSGID_OK_DIGITS ======> got hit: "1159381766"
[18757] dbg: spf: no suitable relay for spf use found, skipping SPF-helo check
[18757] dbg: eval: all '*From' addrs: [email protected]
[18757] dbg: eval: all '*To' addrs:
[18757] dbg: spf: no suitable relay for spf use found, skipping SPF check
[18757] dbg: rules: ran eval rule NO_RELAYS ======> got hit
[18757] dbg: spf: cannot get Envelope-From, cannot use SPF
[18757] dbg: spf: def_spf_whitelist_from: could not find useable envelope sender
[18757] dbg: rules: ran eval rule __UNUSABLE_MSGID ======> got hit
[18757] dbg: spf: spf_whitelist_from: could not find useable envelope sender
[18757] dbg: rules: ran eval rule MISSING_HEADERS ======> got hit
[18757] dbg: rules: running body-text per-line regexp tests; score so far=3.188
[18757] dbg: rules: ran body rule __NONEMPTY_BODY ======> got hit: "I"
[18757] dbg: uri: running uri tests; score so far=3.188
[18757] dbg: bayes: no dbs present, cannot tie DB R/O: /private/var/root/.spamassassin/bayes_toks
[18757] dbg: bayes: not scoring message, returning undef
[18757] dbg: bayes: opportunistic call attempt failed, DB not readable
[18757] dbg: rules: running raw-body-text per-line regexp tests; score so far=3.188
[18757] dbg: rules: running full-text regexp tests; score so far=3.188
[18757] dbg: info: entering helper-app run mode
[18757] dbg: info: leaving helper-app run mode
[18757] dbg: razor2: part=0 engine=4 contested=0 confidence=0
[18757] dbg: razor2: results: spam? 0
[18757] dbg: razor2: results: engine 8, highest cf score: 0
[18757] dbg: razor2: results: engine 4, highest cf score: 0
[18757] dbg: util: current PATH is: /bin:/sbin:/usr/bin:/usr/sbin
[18757] dbg: pyzor: pyzor is not available: no pyzor executable found
[18757] dbg: pyzor: no pyzor found, disabling Pyzor
[18757] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x18796d0) implements 'check_tick'
[18757] dbg: check: running tests for priority: 500
[18757] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x18796d0) implements 'check_post_dnsbl'
[18757] dbg: rules: running meta tests; score so far=3.188
[18757] info: rules: meta test DIGEST_MULTIPLE has undefined dependency 'DCC_CHECK'
[18757] info: rules: meta test SARE_OBFU_CIALIS has undefined dependency 'SARE_OBFU_CIALIS2'
[18757] info: rules: meta test FP_MIXED_****3 has undefined dependency 'FP_PENETRATION'
[18757] dbg: rules: running header regexp tests; score so far=4.666
[18757] dbg: rules: running body-text per-line regexp tests; score so far=4.666
[18757] dbg: uri: running uri tests; score so far=4.666
[18757] dbg: rules: running raw-body-text per-line regexp tests; score so far=4.666
[18757] dbg: rules: running full-text regexp tests; score so far=4.666
[18757] dbg: check: running tests for priority: 1000
[18757] dbg: rules: running meta tests; score so far=4.666
[18757] dbg: rules: running header regexp tests; score so far=4.666
[18757] dbg: config: using "/private/var/root/.spamassassin" for user state dir
[18757] dbg: locker: safe_lock: created /private/var/root/.spamassassin/auto-whitelist.lock.xserve1.topequip.com.18757
[18757] dbg: locker: safe_lock: trying to get lock on /private/var/root/.spamassassin/auto-whitelist with 0 retries
[18757] dbg: locker: safe_lock: link to /private/var/root/.spamassassin/auto-whitelist.lock: link ok
[18757] dbg: auto-whitelist: tie-ing to DB file of type DB_File R/W in /private/var/root/.spamassassin/auto-whitelist
[18757] dbg: auto-whitelist: db-based [email protected]|ip=none scores 0/0
[18757] dbg: auto-whitelist: AWL active, pre-score: 4.666, autolearn score: 4.666, mean: undef, IP: undef
[18757] dbg: auto-whitelist: DB addr list: untie-ing and unlocking
[18757] dbg: auto-whitelist: DB addr list: file locked, breaking lock
[18757] dbg: locker: safe_unlock: unlink /private/var/root/.spamassassin/auto-whitelist.lock
[18757] dbg: auto-whitelist: post auto-whitelist score: 4.666
[18757] dbg: rules: running body-text per-line regexp tests; score so far=4.666
[18757] dbg: uri: running uri tests; score so far=4.666
[18757] dbg: rules: running raw-body-text per-line regexp tests; score so far=4.666
[18757] dbg: rules: running full-text regexp tests; score so far=4.666
[18757] dbg: check: is spam? score=4.666 required=2
[18757] dbg: check: tests=MISSING_HEADERS,MISSING_SUBJECT,NO_REAL_NAME,NO_RECEIVED,NO_RELAYS,TO_CC_ NONE
[18757] dbg: check: subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__NONEMPTY_BODY,__SANE_M SGID,__UNUSABLE_MSGID
[18757] warn: lint: 1 issues detected, please rerun with debug enabled for more information
I am concerned with the following -
[18757] dbg: bayes: no dbs present, cannot tie DB R/O: /private/var/root/.spamassassin/bayes_toks
[18757] dbg: bayes: not scoring message, returning undef
[18757] dbg: bayes: opportunistic call attempt failed, DB not readable
I know that I have a failure with the IO::Socket::INET6 also.
I am also not getting (never have gotten) the BAYES tag when I look at the Raw Source on Spam Emails. I am assuming that error above could be the issue.
Any help on this would be greatly appreciated. I love this discussion group and it has helped me out of a bind more than once!
Thanks in advance for your time.
G5 Power Mac Mac OS X (10.4.7)

Latest news!
I just looked at a spam email and I see that it is tagged here is the info
X-Spam-Status: No, hits=-1.827 tagged_above=-999 required=2 tests=BAYES_00,
DIET_1
Now I am still concerned about the error I listed above about the Bayes DB. Any help would be great.

Issue with spamassassin, now mail not working

Hi ! I installed spamtrainer almost two months ago. Been feeding the [email protected] for several weeks now , 700 emails each day at least .
There was very little improvement if none at all. Tried to add "@local_domains_maps = (1)" to amavisd.conf last night thinking it might be the problem , though no virtual domain exist. This was one of the issue on the default Amavisd config. The other one is adding the symbolic link which I already done.
Computer froze while adding the parameter "@local_domains_maps = (1)", so I manually turn off the Power Mac, then mail stopped altogether. The mails are filing up but the clients couldn't send or receive since this incidence .
FF is the maincf. and amavis.conf
All help are greatly appreciated.
mail:/Users/sysadmin root# postconf -n
alias_maps = hash:/etc/aliases,hash:/var/mailman/data/aliases
always_bcc =
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
enable_server_options = yes
html_directory = no
inet_interfaces = all
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
luser_relay =
mail_owner = postfix
mailbox_size_limit = 0
mailbox_transport = cyrus
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
maps_rbl_domains =
message_size_limit = 31457280
mydestination = $myhostname,localhost.$mydomain,localhost,mail.cpplaw.com,cpplaw.com
mydomain = cpplaw.com
mydomain_fallback = localhost
myhostname = mail.cpplaw.com
mynetworks = 127.0.0.1/32,192.168.1.0/24,127.0.0.1
mynetworks_style = host
newaliases_path = /usr/bin/newaliases
owner_request_special = no
queue_directory = /private/var/spool/postfix
readme_directory = /usr/share/doc/postfix
recipient_delimiter = +
relayhost =
sample_directory = /usr/share/doc/postfix/examples
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpd_client_restrictions = permit_mynetworks permit
smtpd_tls_key_file =
unknown_local_recipient_reject_code = 550
virtual_mailbox_domains =
virtual_transport = virtual
mail:/Users/sysadmin root# postconf -n
alias_maps = hash:/etc/aliases,hash:/var/mailman/data/aliases
always_bcc =
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
enable_server_options = yes
html_directory = no
inet_interfaces = all
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
luser_relay =
mail_owner = postfix
mailbox_size_limit = 0
mailbox_transport = cyrus
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
maps_rbl_domains =
message_size_limit = 31457280
mydestination = $myhostname,localhost.$mydomain,localhost,mail.cpplaw.com,cpplaw.com
mydomain = cpplaw.com
mydomain_fallback = localhost
myhostname = mail.cpplaw.com
mynetworks = 127.0.0.1/32,192.168.1.0/24,127.0.0.1
mynetworks_style = host
newaliases_path = /usr/bin/newaliases
owner_request_special = no
queue_directory = /private/var/spool/postfix
readme_directory = /usr/share/doc/postfix
recipient_delimiter = +
relayhost =
sample_directory = /usr/share/doc/postfix/examples
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpd_client_restrictions = permit_mynetworks permit
smtpd_tls_key_file =
unknown_local_recipient_reject_code = 550
virtual_mailbox_domains =
virtual_transport = virtual
mail:/Users/sysadmin root#
_______________________Amavisd.cof_________________________
use strict;
# Configuration file for amavisd-new
# This software is licensed under the GNU General Public License (GPL).
# See comments at the start of amavisd-new for the whole license text.
#Sections:
# Section I - Essential daemon and MTA settings
# Section II - MTA specific
# Section III - Logging
# Section IV - Notifications/DSN, BOUNCE/REJECT/DROP/PASS destiny, quarantine
# Section V - Per-recipient and per-sender handling, whitelisting, etc.
# Section VI - Resource limits
# Section VII - External programs, virus scanners, SpamAssassin
# Section VIII - Debugging
#GENERAL NOTES:
# This file is a normal Perl code, interpreted by Perl itself.
# - make sure this file (or directory where it resides) is NOT WRITABLE
# by mere mortals, otherwise it represents a severe security risk!
# - for values which are interpreted as booleans, it is recommended
# to use 1 for true, and 0 or undef or '' for false.
# THIS IS DIFFERENT FROM OLDER AMAVIS VERSIONS where "no" also meant false,
# now it means true, like any nonempty string does!
# - Perl syntax applies. Most notably: strings in "" may include variables
# (which start with $ or @); to include characters @ and $ in double
# quoted strings, precede them by a backslash; in single-quoted strings
# the $ and @ lose their special meaning, so it is usually easier to use
# single quoted strings. Still, in both cases a backslash need to be doubled
# - variables with names starting with a '@' are lists, the values assigned
# to them should be lists as well, e.g. ('one@foo', $mydomain, "three");
# note the comma-separation and parenthesis. If strings in the list
# do not contain spaces nor variables, a Perl operator qw() may be used
# as a shorthand to split its argument on whitespace and produce a list
# of strings, e.g. qw( one@foo example.com three ); Note that the argument
# to qw is quoted implicitly and no variable interpretation is done within
# (no '$' variable evaluations). The #-initiated comments can not be used
# within the string. In other words, $ and # lose their special meaning
# withing a qw argument, just like within '...' strings.
# - all e-mail addresses in this file and as used internally by the daemon
# are in their raw (rfc2821-unquoted and nonbracketed) form, i.e.
# Bob "Funny" [email protected], not: "Bob \"Funny\" Dude"@example.com
# and not <"@example.com>; also: '' and not ''.
# Section I - Essential daemon and MTA settings
# $MYHOME serves as a quick default for some other configuration settings.
# More refined control is available with each individual setting further down.
# $MYHOME is not used directly by the program. No trailing slash!
#$MYHOME = '/var/lib/amavis'; # (default is '/var/amavis')
# : $mydomain serves as a quick default for some other configuration settings.
# : More refined control is available with each individual setting further down.
# : $mydomain is never used directly by the program.
$mydomain = 'cpplaw.com'; aol.com'; # (no useful default)
# Set the user and group to which the daemon will change if started as root
# (otherwise just keep the UID unchanged, and these settings have no effect):
$daemon_user = 'clamav'; # (no default; customary: vscan or amavis)
$daemon_group = 'clamav'; # (no default; customary: vscan or amavis)
# Runtime working directory (cwd), and a place where
# temporary directories for unpacking mail are created.
# (no trailing slash, may be a scratch file system)
$TEMPBASE = $MYHOME; # (must be set if other config vars use is)
#$TEMPBASE = "$MYHOME/tmp"; # prefer to keep home dir /var/amavis clean?
# $helpers_home sets environment variable HOME, and is passed as option
# 'home_dir_for_helpers' to Mail::SpamAssassin::new. It should be a directory
# on a normal persistent file system, not a scratch or temporary file system
#$helpers_home = $MYHOME; # (defaults to $MYHOME)
#$daemon_chroot_dir = $MYHOME; # (default is undef, meaning: do not chroot)
#$pid_file = "$MYHOME/amavisd.pid"; # (default is "$MYHOME/amavisd.pid")
#$lock_file = "$MYHOME/amavisd.lock"; # (default is "$MYHOME/amavisd.lock")
# set environment variables if you want (no defaults):
$ENV{TMPDIR} = $TEMPBASE; # wise, but usually not necessary
# MTA SETTINGS, UNCOMMENT AS APPROPRIATE,
# both $forward_method and $notify_method default to 'smtp:127.0.0.1:10025'
# POSTFIX, or SENDMAIL in dual-MTA setup, or EXIM V4
# (set host and port number as required; host can be specified
# as IP address or DNS name (A or CNAME, but MX is ignored)
#$forward_method = 'smtp:127.0.0.1:10025'; # where to forward checked mail
#$notify_method = $forward_method; # where to submit notifications
# NOTE: The defaults (above) are good for Postfix or dual-sendmail. You MUST
# uncomment the approprate settings below if using other setups!
# SENDMAIL MILTER, using amavis-milter.c helper program:
#$forward_method = undef; # no explicit forwarding, sendmail does it by itself
# milter; option -odd is needed to avoid deadlocks
#$notify_method = 'pipe:flags=q argv=/usr/sbin/sendmail -Ac -i -odd -f ${sender} -- ${recipient}';
# just a thought: can we use use -Am instead of -odd ?
# SENDMAIL (old non-milter setup, as relay):
#$forward_method = 'pipe:flags=q argv=/usr/sbin/sendmail -C/etc/sendmail.orig.cf -i -f ${sender} -- ${recipient}';
#$notify_method = $forward_method;
# SENDMAIL (old non-milter setup, amavis.c calls local delivery agent):
#$forward_method = undef; # no explicit forwarding, amavis.c will call LDA
#$notify_method = 'pipe:flags=q argv=/usr/sbin/sendmail -Ac -i -f ${sender} -- ${recipient}';
# EXIM v3 (not recommended with v4 or later, which can use SMTP setup instead):
#$forward_method = 'pipe:flags=q argv=/usr/sbin/exim -oMr scanned-ok -i -f ${sender} -- ${recipient}';
#$notify_method = $forward_method;
# prefer to collect mail for forwarding as BSMTP files?
#$forward_method = "bsmtp:$MYHOME/out-%i-%n.bsmtp";
#$notify_method = $forward_method;
# Net::Server pre-forking settings
# You may want $max_servers to match the width of your MTA pipe
# feeding amavisd, e.g. with Postfix the 'Max procs' field in the
# master.cf file, like the '2' in the: smtp-amavis unix - - n - 2 smtp
$max_servers = 2; # number of pre-forked children (default 2)
$max_requests = 10; # retire a child after that many accepts (default 10)
$child_timeout=5*60; # abort child if it does not complete each task in n sec
# (default: 8*60 seconds)
# Check also the settings of @av_scanners at the end if you want to use
# virus scanners. If not, you may want to delete the whole long assignment
# to the variable @av_scanners, which will also remove the virus checking
# code (e.g. if you only want to do spam scanning).
# Here is a QUICK WAY to completely DISABLE some sections of code
# that WE DO NOT WANT (it won't even be compiled-in).
# For more refined controls leave the following two lines commented out,
# and see further down what these two lookup lists really mean.
#@bypass_virus_checks_acl = qw( . ); # uncomment to DISABLE anti-virus code
#@bypass_spam_checks_acl = qw( . ); # uncomment to DISABLE anti-spam code
# Any setting can be changed with a new assignment, so make sure
# you do not unintentionally override these settings further down!
# Lookup list of local domains (see README.lookups for syntax details)
# NOTE:
# For backwards compatibility the variable names @local_domains (old) and
# @local_domains_acl (new) are synonyms. For consistency with other lookups
# the name @local_domains_acl is now preferred. It also makes it more
# obviously distinct from the new %local_domains hash lookup table.
# local_domains* lookup tables are used in deciding whether a recipient
# is local or not, or in other words, if the message is outgoing or not.
# This affects inserting spam-related headers for local recipients,
# limiting recipient virus notifications (if enabled) to local recipients,
# in deciding if address extension may be appended, and in SQL lookups
# for non-fqdn addresses. Set it up correctly if you need features
# that rely on this setting (or just leave empty otherwise).
# With Postfix (2.0) a quick reminder on what local domains normally are:
# a union of domains spacified in: $mydestination, $virtual_alias_domains,
# $virtual_mailbox_domains, and $relay_domains.
@local_domains_acl = ( ".$mydomain" ); # $mydomain and its subdomains
# @local_domains_acl = qw(); # default is empty, no recipient treated as local
# @local_domains_acl = qw( .example.com );
# @local_domains_acl = qw( .example.com !host.sub.example.net .sub.example.net );
# @local_domains_acl = ( ".$mydomain", '.example.com', 'sub.example.net' );
# or alternatively(A), using a Perl hash lookup table, which may be assigned
# directly, or read from a file, one domain per line; comments and empty lines
# are ignored, a dot before a domain name implies its subdomains:
#read_hash(\%local_domains, '/var/amavis/local_domains');
#or alternatively(B), using a list of regular expressions:
# $local_domains_re = new_RE( qr'[@.]example\.com$'i );
# see README.lookups for syntax and semantics
# Section II - MTA specific (defaults should be ok)
# if $relayhost_is_client is true, IP address in $notify_method and
# $forward_method is dynamically overridden with SMTP client peer address
# if available, which makes possible for several hosts to share one daemon
#$relayhost_is_client = 1; # (defaults to false)
#$insert_received_line = 1; # behave like MTA: insert 'Received:' header
# (does not apply to sendmail/milter)
# (default is true)
# AMAVIS-CLIENT PROTOCOL INPUT SETTINGS (e.g. with sendmail milter)
# (used with amavis helper clients like amavis-milter.c and amavis.c,
# NOT needed for Postfix and Exim)
$unix_socketname = "$MYHOME/amavisd.sock"; # amavis helper protocol socket
#$unix_socketname = undef; # disable listening on a unix socket
# (default is undef, i.e. disabled)
# (usual setting is $MYHOME/amavisd.sock)
# Do we receive quoted or raw addresses from the helper program?
# (does not apply to SMTP; defaults to true)
#$gets_addr_in_quoted_form = 1; # "Bob \"Funny\" Dude"@example.com
#$gets_addr_in_quoted_form = 0; # Bob "Funny" [email protected]
# SMTP SERVER (INPUT) PROTOCOL SETTINGS (e.g. with Postfix, Exim v4, ...)
# (used when MTA is configured to pass mail to amavisd via SMTP or LMTP)
$inet_socket_port = 10024; # accept SMTP on this local TCP port
# (default is undef, i.e. disabled)
# multiple ports may be provided: $inet_socket_port = [10024, 10026, 10028];
# SMTP SERVER (INPUT) access control
# - do not allow free access to the amavisd SMTP port !!!
# when MTA is at the same host, use the following (one or the other or both):
#$inet_socket_bind = '127.0.0.1'; # limit socket bind to loopback interface
# (default is '127.0.0.1')
@inet_acl = qw( 127.0.0.1 ); # allow SMTP access only from localhost IP
# (default is qw( 127.0.0.1 ) )
# when MTA (one or more) is on a different host, use the following:
#@inet_acl = qw(127/8 10.1.0.1 10.1.0.2); # adjust the list as appropriate
#$inet_socket_bind = undef; # bind to all IP interfaces
# Example1:
# @inet_acl = qw( 127/8 10/8 172.16/12 192.168/16 );
# permit only SMTP access from loopback and rfc1918 private address space
# Example2:
# @inet_acl = qw( !192.168.1.12 172.16.3.3 !172.16.3/255.255.255.0
# 127.0.0.1 10/8 172.16/12 192.168/16 );
# matches loopback and rfc1918 private address space except host 192.168.1.12
# and net 172.16.3/24 (but host 172.16.3.3 within 172.16.3/24 still matches)
# Example3:
# @inet_acl = qw( 127/8
# !172.16.3.0 !172.16.3.127 172.16.3.0/25
# !172.16.3.128 !172.16.3.255 172.16.3.128/25 );
# matches loopback and both halves of the 172.16.3/24 C-class,
# split into two subnets, except all four broadcast addresses
# for these subnets
# See README.lookups for details on specifying access control lists.
# Section III - Logging
# true (e.g. 1) => syslog; false (e.g. 0) => logging to file
$DO_SYSLOG = 0; # (defaults to false)
#$SYSLOG_LEVEL = 'user.info'; # (defaults to 'mail.info')
# Log file (if not using syslog)
$LOGFILE = "/var/log/amavis.log"; # (defaults to empty, no log)
#NOTE: levels are not strictly observed and are somewhat arbitrary
# 0: startup/exit/failure messages, viruses detected
# 1: args passed from client, some more interesting messages
# 2: virus scanner output, timing
# 3: server, client
# 4: decompose parts
# 5: more debug details
$log_level = 4; # (defaults to 0)
# Customizeable template for the most interesting log file entry (e.g. with
# $log_level=0) (take care to properly quote Perl special characters like '\')
# For a list of available macros see README.customize .
# only log infected messages (useful with log level 0):
# $log_templ = '[? %#V |[? %#F ||banned filename ([%F|,])]|infected ([%V|,])]#
# [? %#V |[? %#F ||, from=<%o>, to=[<%R>|,][? %i ||, quarantine %i]]#
# |, from=<%o>, to=[<%R>|,][? %i ||, quarantine %i]]';
# log both infected and noninfected messages (default):
$log_templ = '[? %#V |[? %#F |[?%#D|Not-Delivered|Passed]|BANNED name/type (%F)]|INFECTED (%V)], #
<%o> -> [<%R>|,][? %i ||, quarantine %i], Message-ID: %m, Hits: %c';
# Section IV - Notifications/DSN, BOUNCE/REJECT/DROP/PASS destiny, quarantine
# Select notifications text encoding when Unicode-aware Perl is converting
# text from internal character representation to external encoding (charset
# in MIME terminology)
# to be used in RFC 2047-encoded header field bodies, e.g. in Subject:
#$hdr_encoding = 'iso-8859-1'; # (default: 'iso-8859-1')
# to be used in notification body text: its encoding and Content-type.charset
#$bdy_encoding = 'iso-8859-1'; # (default: 'iso-8859-1')
# Default template texts for notifications may be overruled by directly
# assigning new text to template variables, or by reading template text
# from files. A second argument may be specified in a call to read_text(),
# specifying character encoding layer to be used when reading from the
# external file, e.g. 'utf8', 'iso-8859-1', or often just $bdy_encoding.
# Text will be converted to internal character representation by Perl 5.8.0
# or later; second argument is ignored otherwise. See PerlIO::encoding,
# Encode::PerlIO and perluniintro man pages.
# $notify_sender_templ = read_text('/var/amavis/notify_sender.txt');
# $notify_virus_sender_templ= read_text('/var/amavis/notify_virus_sender.txt');
# $notify_virus_admin_templ = read_text('/var/amavis/notify_virus_admin.txt');
# $notify_virus_recips_templ= read_text('/var/amavis/notify_virus_recips.txt');
# $notify_spam_sender_templ = read_text('/var/amavis/notify_spam_sender.txt');
# $notify_spam_admin_templ = read_text('/var/amavis/notify_spam_admin.txt');
# If notification template files are collectively available in some directory,
# use read_l10n_templates which calls read_text for each known template.
# read_l10n_templates('/etc/amavis/en_US');
# Here is an overall picture (sequence of events) of how pieces fit together
# (only virus controls are shown, spam controls work the same way):
# bypass_virus_checks set for all recipients? ==> PASS
# no viruses? ==> PASS
# log virus if $log_templ is nonempty
# quarantine if $virus_quarantine_to is nonempty
# notify admin if $virus_admin (lookup) nonempty
# notify recips if $warnvirusrecip and (recipient is local or $warn_offsite)
# add address extensions for local recipients (when enabled)
# send (non-)delivery notifications
# to sender if DSN needed (BOUNCE) or ($warnvirussender and D_PASS)
# virus_lovers or final_destiny==D_PASS ==> PASS
# DISCARD (2xx) or REJECT (5xx) (depending on final_*_destiny)
# Equivalent flow diagram applies for spam checks.
# If a virus is detected, spam checking is skipped entirely.
# The following symbolic constants can be used in *destiny settings:
# D_PASS mail will pass to recipients, regardless of bad contents;
# D_DISCARD mail will not be delivered to its recipients, sender will NOT be
# notified. Effectively we lose mail (but will be quarantined
# unless disabled). Not a decent thing to do for a mailer.
# D_BOUNCE mail will not be delivered to its recipients, a non-delivery
# notification (bounce) will be sent to the sender by amavisd-new;
# Exception: bounce (DSN) will not be sent if a virus name matches
# $viruses_that_fake_sender_re, or to messages from mailing lists
# (Precedence: bulk|list|junk);
# D_REJECT mail will not be delivered to its recipients, sender should
# preferably get a reject, e.g. SMTP permanent reject response
# (e.g. with milter), or non-delivery notification from MTA
# (e.g. Postfix). If this is not possible (e.g. different recipients
# have different tolerances to bad mail contents and not using LMTP)
# amavisd-new sends a bounce by itself (same as D_BOUNCE).
# Notes:
# D_REJECT and D_BOUNCE are similar, the difference is in who is responsible
# for informing the sender about non-delivery, and how informative
# the notification can be (amavisd-new knows more than MTA);
# With D_REJECT, MTA may reject original SMTP, or send DSN (delivery status
# notification, colloquially called 'bounce') - depending on MTA;
# Best suited for sendmail milter, especially for spam.
# With D_BOUNCE, amavisd-new (not MTA) sends DSN (can better explain the
# reason for mail non-delivery, but unable to reject the original
# SMTP session). Best suited to reporting viruses, and for Postfix
# and other dual-MTA setups, which can't reject original client SMTP
# session, as the mail has already been enqueued.
$final_virus_destiny = D_BOUNCE; # (defaults to D_BOUNCE)
$final_banned_destiny = D_BOUNCE; # (defaults to D_BOUNCE)
$final_spam_destiny = D_PASS; # (defaults to D_REJECT)
$final_bad_header_destiny = D_PASS; # (defaults to D_PASS), D_BOUNCE suggested
# Alternatives to consider for spam:
# - use D_PASS if clients will do filtering based on inserted mail headers;
# - use D_DISCARD, if kill_level is set safely high;
# - use D_BOUNCE instead of D_REJECT if not using milter;
# There are no sensible alternatives to D_BOUNCE for viruses, but consider:
# - use D_PASS (or virus_lovers) and $warnvirussender=1 to deliver viruses;
# - use D_REJECT instead of D_BOUNCE if using milter and under heavy
# virus storm;
# Don't bother to set both D_DISCARD and $warn*sender=1, it will get mapped
# to D_BOUNCE.
# The separation of *_destiny values into D_BOUNCE, D_REJECT, D_DISCARD
# and D_PASS made settings $warnvirussender and $warnspamsender only still
# useful with D_PASS.
# The following $warn*sender settings are ONLY used when mail is
# actually passed to recipients ($final_*_destiny=D_PASS, or *_lovers*).
# Bounces or rejects produce non-delivery status notification anyway.
# Notify virus sender?
#$warnvirussender = 1; # (defaults to false (undef))
# Notify spam sender?
#$warnspamsender = 1; # (defaults to false (undef))
# Notify sender of banned files?
#$warnbannedsender = 1; # (defaults to false (undef))
# Notify sender of syntactically invalid header containing non-ASCII characters?
#$warnbadhsender = 1; # (defaults to false (undef))
# Notify virus (or banned files) RECIPIENT?
# (not very useful, but some policies demand it)
#$warnvirusrecip = 1; # (defaults to false (undef))
#$warnbannedrecip = 1; # (defaults to false (undef))
# Notify also non-local virus/banned recipients if $warn*recip is true?
# (including those not matching local_domains*)
#$warn_offsite = 1; # (defaults to false (undef), i.e. only notify locals)
# Treat envelope sender address as unreliable and don't send sender
# notification / bounces if name(s) of detected virus(es) match the list.
# Note that virus names are supplied by external virus scanner(s) and are
# not standardized, so virus names may need to be adjusted.
# See README.lookups for syntax.
$viruses_that_fake_sender_re = new_RE(
qr'nimda|hybris|klez|bugbear|yaha|braid|sobig|fizzer|palyh|peido|holar'i );
# where to send ADMIN VIRUS NOTIFICATIONS (should be a fully qualified address)
# - the administrator address may be a simple fixed e-mail address (a scalar),
# or may depend on the SENDER address (e.g. its domain), in which case
# a ref to a hash table can be specified (specify lower-cased keys,
# dot is a catchall, see README.lookups).
# Empty or undef lookup disables virus admin notifications.
$virus_admin = '[email protected]';
# $virus_admin = undef; # do not send virus admin notifications (default)
# $virus_admin = {'not.example.com' => '', '.' => '[email protected]'};
# $virus_admin = '[email protected]';
# equivalent to $virus_admin, but for spam admin notifications:
#$spam_admin = '[email protected]';# $spam_admin = undef; # do not send spam admin notifications (default)
# $spam_admin = {'not.example.com' => '', '.' => '[email protected]'};
#advanced example, using a hash lookup table:
# - $virus_admin = {
# '[email protected]' => '[email protected]',
# '.sub1.example.com' => '[email protected]',
# '.sub2.example.com' => '', # don't send admin notifications
# 'a.sub3.example.com' => '[email protected]',
# '.sub3.example.com' => '[email protected]',
# '.example.com' => '[email protected]', # catchall for our virus senders
# '.' => '[email protected]', # catchall for the rest
# whom notification reports are sent from (ENVELOPE SENDER);
# may be a null reverse path, or a fully qualified address:
# (admin and recip sender addresses default to $mailfrom
# for compatibility, which in turn defaults to undef (empty) )
# If using strings in double quotes, don't forget to quote @, i.e. \@
$mailfrom_notify_admin = "virusalert\@$mydomain";
$mailfrom_notify_recip = "virusalert\@$mydomain";
$mailfrom_notify_spamadmin = "spam.police\@$mydomain";
# 'From' HEADER FIELD for sender and admin notifications.
# This should be a replyable address, see rfc1894. Not to be confused
# with $mailfrom_notify_sender, which is the envelope address and
# should be empty (null reverse path) according to rfc2821.
# $hdrfrom_notify_sender = "amavisd-new <postmaster\@$mydomain>";
# $hdrfrom_notify_sender = 'amavisd-new <[email protected]>';
# (defaults to: "amavisd-new <postmaster\@$myhostname>")
# $hdrfrom_notify_admin = $mailfrom_notify_admin;
# (defaults to: $mailfrom_notify_admin)
# $hdrfrom_notify_spamadmin = $mailfrom_notify_spamadmin;
# (defaults to: $mailfrom_notify_spamadmin)
# whom quarantined messages appear to be sent from (envelope sender)
$mailfrom_to_quarantine = undef; # original sender if undef, or set explicitly
# (default is undef)
# Location to put infected mail into: (applies to 'local:' quarantine method)
# empty for not quarantining, may be a file (mailbox),
# or a directory (no trailing slash)
# (the default value is undef, meaning no quarantine)
$QUARANTINEDIR = '/var/virusmails';
#$virus_quarantine_method = "local:virus-%i-%n"; # default
#$spam_quarantine_method = "local:spam-%b-%i-%n"; # default
#use the new 'bsmtp:' method as an alternative to the default 'local:'
#$virus_quarantine_method = "bsmtp:$QUARANTINEDIR/virus-%i-%n.bsmtp";
#$spam_quarantine_method = "bsmtp:$QUARANTINEDIR/spam-%b-%i-%n.bsmtp";
# When using the 'local:' quarantine method (default), the following applies:
# A finer control of quarantining is available through variable
# $virus_quarantine_to/$spam_quarantine_to. It may be a simple scalar string,
# or a ref to a hash lookup table, or a regexp lookup table object,
# which makes possible to set up per-recipient quarantine addresses.
# The value of scalar $virus_quarantine_to/$spam_quarantine_to (or a
# per-recipient lookup result from the hash table %$virus_quarantine_to)
# is/are interpreted as follows:
# VARIANT 1:
# empty or undef disables quarantine;
# VARIANT 2:
# a string NOT containg an '@';
# amavisd will behave as a local delivery agent (LDA) and will quarantine
# viruses to local files according to hash %local_delivery_aliases (pseudo
# aliases map) - see subroutine mail_to_local_mailbox() for details.
# Some of the predefined aliases are 'virus-quarantine' and 'spam-quarantine'.
# Setting $virus_quarantine_to ($spam_quarantine_to) to this string will:
# * if $QUARANTINEDIR is a directory, each quarantined virus will go
# to a separate file in the $QUARANTINEDIR directory (traditional
# amavis style, similar to maildir mailbox format);
# * otherwise $QUARANTINEDIR is treated as a file name of a Unix-style
# mailbox. All quarantined messages will be appended to this file.
# Amavisd child process must obtain an exclusive lock on the file during
# delivery, so this may be less efficient than using individual files
# or forwarding to MTA, and it may not work across NFS or other non-local
# file systems (but may be handy for pickup of quarantined files via IMAP
# for example);
# VARIANT 3:
# any email address (must contain '@').
# The e-mail messages to be quarantined will be handed to MTA
# for delivery to the specified address. If a recipient address local to MTA
# is desired, you may leave the domain part empty, e.g. 'infected@', but the
# '@' character must nevertheless be included to distinguish it from variant 2.
# This method enables more refined delivery control made available by MTA
# (e.g. its aliases file, other local delivery agents, dealing with
# privileges and file locking when delivering to user's mailbox, nonlocal
# delivery and forwarding, fan-out lists). Make sure the mail-to-be-quarantined
# will not be handed back to amavisd for checking, as this will cause a loop
# (hopefully broken at some stage)! If this can be assured, notifications
# will benefit too from not being unecessarily virus-scanned.
# By default this is safe to do with Postfix and Exim v4 and dual-sendmail
# setup, but probably not safe with sendmail milter interface without
# precaution.
# (the default value is undef, meaning no quarantine)
#$virus_quarantine_to = '[email protected]'; # traditional local quarantine
#$virus_quarantine_to = 'infected@'; # forward to MTA for delivery
#$virus_quarantine_to = "virus-quarantine\@$mydomain"; # similar
#$virus_quarantine_to = '[email protected]'; # similar
#$virus_quarantine_to = undef; # no quarantine
#$virus_quarantine_to = new_RE( # per-recip multiple quarantines
# [qr'^user@example\.com$'i => 'infected@'],
# [qr'^(.*)@example\.com$'i => 'virus-${1}@example.com'],
# [qr'^(.*)(@[^@])?$'i => 'virus-${1}${2}'],
# [qr/.*/ => 'virus-quarantine'] );
# similar for spam
# (the default value is undef, meaning no quarantine)
#$spam_quarantine_to = '[email protected]';
#$spam_quarantine_to = "spam-quarantine\@$mydomain";
#$spam_quarantine_to = new_RE( # per-recip multiple quarantines
# [qr'^(.*)@example\.com$'i => 'spam-${1}@example.com'],
# [qr/.*/ => 'spam-quarantine'] );
# In addition to per-recip quarantine, a by-sender lookup is possible. It is
# similar to $spam_quarantine_to, but the lookup key is the sender address:
#$spam_quarantine_bysender_to = undef; # dflt: no by-sender spam quarantine
# Add X-Virus-Scanned header field to mail?
$X_HEADER_TAG = 'X-Virus-Scanned'; # (default: undef)
# Leave empty to add no header field # (default: undef)
$X_HEADER_LINE = "by amavisd-new at $mydomain";
$remove_existing_x_scanned_headers = 0; # leave existing X-Virus-Scanned alone
#$remove_existing_x_scanned_headers= 1; # remove existing headers
# (defaults to false)
$remove_existing_spam_headers = 0; # leave existing X-Spam* headers alone
#$remove_existing_spam_headers = 1; # remove existing spam headers if
# spam scanning is enabled (default)
# set $bypass_decode_parts to true if you only do spam scanning, or if you
# have a good virus scanner that can deal with compression and recursively
# unpacking archives by itself, and save amavisd the trouble.
# Disabling decoding also causes banned_files checking to only see
# MIME names and MIME content types, not the content classification types
# as provided by the file(1) utility.
# It is a double-edged sword, make sure you know what you are doing!
#$bypass_decode_parts = 1; # (defaults to false)
# don't trust this file type or corresponding unpacker for this file type,
# keep both the original and the unpacked file
# (lookup key is what file(1) utility returned):
$keep_decoded_original_re = new_RE(
qr'^(ASCII|text|uuencoded|xxencoded|binhex)'i,
# Checking for banned MIME types and names. If any mail part matches,
# the whole mail is rejected, much like the way viruses are handled.
# A list in object $banned_filename_re can be defined to provide a list
# of Perl regular expressions to be matched against each part's:
# * Content-Type value (both declared and effective mime-type),
# including the possible security risk content types
# message/partial and message/external-body, as specified by rfc2046;
# * declared (recommended) file names as specified by MIME subfields
# Content-Disposition.filename and Content-Type.name, both in their
# raw (encoded) form and in rfc2047-decoded form if applicable;
# * file content type as guessed by 'file(1)' utility, both the raw result
# from file(1), as well as short type name, classified into names such as
# .asc, .txt, .html, .doc, .jpg, .pdf, .zip, .exe, ..., which is always
# beginning with a dot - see subroutine determine_file_types().
# This step is done only if $bypass_decode_parts is not true.
# * leave $banned_filename_re undefined to disable these checks
# (giving an empty list to new_RE() will also always return false)
$banned_filename_re = new_RE(
qr'\.[a-zA-Z][a-zA-Z0-9]{0,3}\.(vbs|pif|scr|bat|com|exe|dll)$'i, # double extension
# qr'.\.(exe|vbs|pif|scr|bat|com)$'i, # banned extension - basic
# qr'.\.(ade|adp|bas|bat|chm|cmd|com|cpl|crt|exe|hlp|hta|inf|ins|isp|js|
# jse|lnk|mdb|mde|msc|msi|msp|mst|pcd|pif|reg|scr|sct|shs|shb|vb|
# vbe|vbs|wsc|wsf|wsh)$'ix, # banned extension - long
# qr'^\.(exe|zip|lha|tnef)$'i, # banned file(1) types
# qr'^application/x-msdownload$'i, # banned MIME types
# qr'^message/partial$'i, qr'^message/external-body$'i, # rfc2046
# See http://support.microsoft.com/default.aspx?scid=kb;EN-US;q262631
# and http://www.cknow.com/vtutor/vtextensions.htm
# A little trick: a pattern qr'\.exe$' matches both a short type name '.exe',
# as well as any file name which happens to end with .exe. If only matching
# a file name is desired, but not the short name, a pattern qr'.\.exe$'i
# or similar may be used, which requires that at least one character preceeds
# the '.exe', and so it will never match short file types, which always start
# with a dot.
# Section V - Per-recipient and per-sender handling, whitelisting, etc.
# %virus_lovers, @virus_lovers_acl and $virus_lovers_re lookup tables:
# (these should be considered policy options, they do not disable checks,
# see bypas*checks for that!)
# Exclude certain RECIPIENTS from virus filtering by adding their lower-cased
# envelope e-mail address (or domain only) to the hash %virus_lovers, or to
# the access list @virus_lovers_acl - see README.lookups and examples.
# Make sure the appropriate form (e.g. external/internal) of address
# is used in case of virtual domains, or when mapping external to internal
# addresses, etc. - this is MTA-specific.
# Notifications would still be generated however (see the overall
# picture above), and infected mail (if passed) gets additional header:
# X-AMaViS-Alert: INFECTED, message contains virus: ...
# (header not inserted with milter interface!)
# NOTE (milter interface only): in case of multiple recipients,
# it is only possible to drop or accept the message in its entirety - for all
# recipients. If all of them are virus lovers, we'll accept mail, but if
# at least one recipient is not a virus lover, we'll discard the message.
# %bypass_virus_checks, @bypass_virus_checks_acl and $bypass_virus_checks_re
# lookup tables:
# (this is mainly a time-saving option, unlike virus_lovers* !)
# Similar in concept to %virus_lovers, a hash %bypass_virus_checks,
# access list @bypass_virus_checks_acl and regexp list $bypass_virus_checks_re
# are used to skip entirely the decoding, unpacking and virus checking,
# but only if ALL recipients match the lookup.
# %bypass_virus_checks/@bypass_virus_checks_acl/$bypass_virus_checks_re
# do NOT GUARANTEE the message will NOT be checked for viruses - this may
# still happen when there is more than one recipient for a message, and
# not all of them match these lookup tables. To guarantee virus delivery,
# a recipient must also match %virus_lovers/@virus_lovers_acl lookups
# (but see milter limitations above),
# NOTE: it would not be clever to base virus checks on SENDER address,
# since there are no guarantees that it is genuine. Many viruses
# and spam messages fake sender address. To achieve selective filtering
# based on the source of the mail (e.g. IP address, MTA port number, ...),
# use mechanisms provided by MTA if available.
# Similar to lookup tables controlling virus checking, there exist
# spam scanning, banned names/types, and headers_checks control counterparts:
# %spam_lovers, @spam_lovers_acl, $spam_lovers_re
# %banned_files_lovers, @banned_files_lovers_acl, $banned_files_lovers_re
# %bad_header_lovers, @bad_header_lovers_acl, $bad_header_lovers_re
# and:
# %bypass_spam_checks/@bypass_spam_checks_acl/$bypass_spam_checks_re
# %bypass_banned_checks/@bypass_banned_checks_acl/$bypass_banned_checks_re
# %bypass_header_checks/@bypass_header_checks_acl/$bypass_header_checks_re
# See README.lookups for details about the syntax.
# The following example disables spam checking altogether,
# since it matches any recipient e-mail address (any address
# is a subdomain of the top-level root DNS domain):
# @bypass_spam_checks_acl = qw( . );
# @bypass_header_checks_acl = qw( [email protected] );
# @bad_header_lovers_acl = qw( [email protected] );
# See README.lookups for further detail, and examples below.
# $virus_lovers{lc("postmaster\@$mydomain")} = 1;
# $virus_lovers{lc('[email protected]')} = 1;
# $virus_lovers{lc('[email protected]')} = 1;
# $virus_lovers{lc('some.user@')} = 1; # this recipient, regardless of domain
# $virus_lovers{lc('[email protected]')} = 0; # never, even if domain matches
# $virus_lovers{lc('example.com')} = 1; # this domain, but not its subdomains
# $virus_lovers{lc('.example.com')}= 1; # this domain, including its subdomains
#or:
# @virus_lovers_acl = qw( [email protected] !lab.xxx.com .xxx.com yyy.org );
# $bypass_virus_checks{lc('[email protected]')} = 1;
# @bypass_virus_checks_acl = qw( some.ddd !butnot.example.com .example.com );
# @virus_lovers_acl = qw( [email protected] );
# $virus_lovers_re = new_RE( qr'(helpdesk|postmaster)@example\.com$'i );
# $spam_lovers{lc("postmaster\@$mydomain")} = 1;
# $spam_lovers{lc('[email protected]')} = 1;
# $spam_lovers{lc('[email protected]')} = 1;
# @spam_lovers_acl = qw( !.example.com );
# $spam_lovers_re = new_RE( qr'^user@example\.com$'i );
# don't run spam check for these RECIPIENT domains:
# @bypass_spam_checks_acl = qw( d1.com .d2.com a.d3.com );
# or the other way around (bypass check for all BUT these):
# @bypass_spam_checks_acl = qw( !d1.com !.d2.com !a.d3.com . );
# a practical application: don't check outgoing mail for spam:
# @bypass_spam_checks_acl = ( "!.$mydomain", "." );
# (a downside of which is that such mail will not count as ham in SA bayes db)
# Where to find SQL server(s) and database to support SQL lookups?
# A list of triples: (dsn,user,passw). (dsn = data source name)
# Specify more than one for multiple (backup) SQL servers.
# See 'man DBI', 'man DBD::mysql', 'DBD::Pg', ... for details.
# @lookup_sql_dsn =
# ( ['DBI:mysql:mail:host1', 'some-username1', 'some-password1'],
# ['DBI:mysql:mail:host2', 'some-username2', 'some-password2'] );
# ('mail' in the example is the database name, choose what you like)
# With PostgreSQL the dsn (first element of the triple) may look like:
# 'DBI:Pg:host=host1;dbname=mail'
# The SQL select clause to fetch per-recipient policy settings.
# The %k will be replaced by a comma-separated list of query addresses
# (e.g. full address, domain only, catchall). Use ORDER, if there
# is a chance that multiple records will match - the first match wins.
# If field names are not unique (e.g. 'id'), the later field overwrites the
# earlier in a hash returned by lookup, which is why we use '*,users.id'.
# No need to uncomment the following assignment if the default is ok.
# $sql_select_policy = 'SELECT *,users.id FROM users,policy'.
# ' WHERE (users.policy_id=policy.id) AND (users.email IN (%k))'.
# ' ORDER BY users.priority DESC';
# The SQL select clause to check sender in per-recipient whitelist/blacklist
# The first SELECT argument '?' will be users.id from recipient SQL lookup,
# the %k will be sender addresses (e.g. full address, domain only, catchall).
# The default value is:
# $sql_select_white_black_list = 'SELECT wb FROM wblist,mailaddr'.
# ' WHERE (rid=?) AND (sid=mailaddr.id) AND (mailaddr.email IN (%k))'.
# ' ORDER BY mailaddr.priority DESC';
# To disable SQL white/black list, set to undef (otherwise comment-out
# the following statement, leaving it at the default value):
$sql_select_white_black_list = undef; # undef disables SQL white/blacklisting
# If you decide to pass viruses (or spam) to certain recipients using the
# above lookup tables or using $final_virus_destiny=1, you can set
# the variable $addr_extension_virus ($addr_extension_spam) to some
# string, and the recipient address will have this string appended
# as an address extension to the local-part of the address. This extension
# can be used by final local delivery agent to place such mail in different
# folders. Leave these two variables undefined or empty strings to prevent
# appending address extensions. Setting has no effect on recipient which will
# not be receiving viruses/spam. Recipients who do not match lookup tables
# local_domains* are not affected.
# LDAs usually default to stripping away address extension if no special
# handling is specified, so having this option enabled normally does no harm,
# provided the $recipients_delimiter matches the setting on the final
# MTA's LDA.
# $addr_extension_virus = 'virus'; # (default is undef, same as empty)
# $addr_extension_spam = 'spam'; # (default is undef, same as empty)
# $addr_extension_banned = 'banned'; # (default is undef, same as empty)
# Delimiter between local part of the recipient address and address extension
# (which can optionally be added, see variables $addr_extension_virus and
# $addr_extension_spam). E.g. recipient address <[email protected]> gets changed
# to <[email protected]>.
# Delimiter should match equivalent (final) MTA delimiter setting.
# (e.g. for Postfix add 'recipient_delimiter = +' to main.cf)
# Setting it to an empty string or to undef disables this feature
# regardless of $addr_extension_virus and $addr_extension_spam settings.
$recipient_delimiter = '+'; # (default is '+')
# true: replace extension; false: append extension
# $replace_existing_extension = 1; # (default is false)
# Affects matching of localpart of e-mail addresses (left of '@')
# in lookups: true = case sensitive, false = case insensitive
$localpart_is_case_sensitive = 0; # (default is false)
# ENVELOPE SENDER WHITELISTING / BLACKLISTING - GLOBAL (RECIPIENT-INDEPENDENT)
# WHITELISTING: use ENVELOPE SENDER lookups to ENSURE DELIVERY from whitelisted
# senders even if the message is recognized as spam. Effectively, for the
# specified senders, message RECIPIENTS temporarily become 'spam_lovers', with
# further processing being the same as otherwise specified for spam lovers.
# It does not turn off inserting spam-related headers, if they are enabled.
# BLACKLISTING: messages from specified SENDERS are DECLARED SPAM.
# Effectively, for messages from blacklisted senders, spam level
# is artificially pushed high, and the normal spam processing applies,
# resulting in 'X-Spam-Flag: YES', high 'X-Spam-Level' bar and other usual
# reactions to spam, including possible rejection. If the message nevertheless
# still passes (e.g. for spam loving recipients), it is tagged as BLACKLISTED
# in the 'X-Spam-Status' header field, but the reported spam value and
# set of tests in this report header field (if available from SpamAssassin,
# which may have not been called) is not adjusted.
# A sender may be both white- and blacklisted at the same time,
# settings are independent. For example, being both white- and blacklisted,
# message is delivered to recipients, but is tagged as spam.
# If ALL recipients of the message either white- or blacklist the sender,
# spam scanning (calling the SpamAssassin) is bypassed, saving on time.
# The following variables (lookup tables) are available, with the semantics
# and syntax as specified in README.lookups:
# %whitelist_sender, @whitelist_sender_acl, $whitelist_sender_re
# %blacklist_sender, @blacklist_sender_acl, $blacklist_sender_re
# SOME EXAMPLES:
#ACL:
# @whitelist_sender_acl = qw( .example.com );
# @whitelist_sender_acl = ( ".$mydomain" ); # $mydomain and its subdomains
# NOTE: This is not a reliable way of turning off spam checks for
# locally-originating mail, as sender address can easily be faked.
# To reliably avoid spam-scanning outgoing mail,
# use @bypass_spam_checks_acl .
#RE:
# $whitelist_sender_re = new_RE(
# qr'^postmaster@.*\bexample\.com$'i,
# qr'^owner-[^@]*@'i, qr'-request@'i,
# qr'\.example\.com$'i );
$blacklist_sender_re = new_RE(
qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou|greatcasino)@'i,
qr'^(investments|lose_weight_today|market.alert|money2you|MyGreenCard)@'i,
qr'^(new\.tld\.registry|opt-out|opt-in|optin|saveonlsmoking2002k)@'i,
qr'^(specialoffer|specialoffers|stockalert|stopsnoring|wantsome)@'i,
qr'^(workathome|yesitsfree|your_friend|greatoffers)@'i,
qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i,
#HASH lookup variant:
# NOTE: Perl operator qw splits its argument string by whitespace
# and produces a list. This means that addresses can not contain
# whitespace, and there is no provision for comments within the string.
# You can use the normal Perl list syntax if you have special requirements,
# e.g. map {...} ('one user@bla', '.second.com'), or use read_hash to read
# addresses from a file.
# a hash lookup table can be read from a file,
# one address per line, comments and empty lines are permitted:
# read_hash(\%whitelist_sender, '/var/amavis/whitelist_sender');
# ... or set directly:
# $whitelist_sender{''} = 1; # don't spam-check MTA bounces
map { $whitelist_sender{lc($_)}=1 } (qw(
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
returns.groups.yahoo.com
# ENVELOPE SENDER WHITELISTING / BLACKLISTING - PER-RECIPIENT
# The same semantics as for global white/blacklisting applies, but this
# time each recipient (or its domain, or subdomain, ...) can be given
# an individual lookup table for matching senders. The per-recipient lookups
# override the global lookups, which serve as a fallback default.
# Specify a two-level lookup table: the key for the outer table is recipient,
# and the result should be an inner lookup table (hash or ACL or RE),
# where the key used will be the sender.
#$per_recip_blacklist_sender_lookup_tables = {
# '[email protected]'=>new_RE(qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i),
# '[email protected]'=>[qw( [email protected],org .d2.example,org )],
#$per_recip_whitelist_sender_lookup_tables = {
# '[email protected]' => [qw( [email protected] .other.example.org )],
# '.my1.example.com' => [qw( !foe.other.example,org .other.example,org )],
# '.my2.example.com' => read_hash('/var/amavis/my2-wl.dat'),
# 'abuse@' => { 'postmaster@'=>1,
# '[email protected]'=>1, '[email protected]'=>1 },
# Section VI - Resource limits
# Sanity limit to the number of allowed recipients per SMTP transaction
# $smtpd_recipient_limit = 1000; # (default is 1000)
# Resource limitations to protect against mail bombs (e.g. 42.zip)
# Maximum recursion level for extraction/decoding (0 or undef disables limit)
$MAXLEVELS = 14; # (default is undef, no limit)
# Maximum number of extracted files (0 or undef disables the limit)
$MAXFILES = 1500; # (default is undef, no limit)
# For the cumulative total of all decoded mail parts we set max storage size
# to defend against mail bombs. Even though parts may be deleted (replaced
# by decoded text) during decoding, the size they occupied is _not_ returned
# to the quota pool.
# Parameters to storage quota formula for unpacking/decoding/decompressing
# Formula:
# quota = max($MIN_EXPANSION_QUOTA,
# $mail_size*$MIN_EXPANSION_FACTOR,
# min($MAX_EXPANSION_QUOTA, $mail_size*$MAX_EXPANSION_FACTOR))
# In plain words (later condition overrules previous ones):
# allow MAX_EXPANSION_FACTOR times initial mail size,
# but not more than MAX_EXPANSION_QUOTA,
# but not less than MIN_EXPANSION_FACTOR times initial mail size,
# but never less than MIN_EXPANSION_QUOTA
$MIN_EXPANSION_QUOTA = 100*1024; # bytes (default undef, not enforced)
$MAX_EXPANSION_QUOTA = 300*1024*1024; # bytes (default undef, not enforced)
$MIN_EXPANSION_FACTOR = 5; # times original mail size (must be specified)
$MAX_EXPANSION_FACTOR = 500; # times original mail size (must be specified)
# Section VII - External programs, virus scanners
# Specify a path string, which is a colon-separated string of directories
# (no trailing slashes!) to be assigned to the environment variable PATH
# and to serve for locating external programs below.
# NOTE: if $daemon_chroot_dir is nonempty, the directories will be
# relative to the chroot directory specified;
$path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin';
# Specify one string or a search list of strings (first match wins).
# The string (or: each string in a list) may be an absolute path,
# or just a program name, to be located via $path;
# Empty string or undef (=default) disables the use of that external program.
# Optionally command arguments may be specified - only the first substring
# up to the whitespace is used for file searching.
$file = 'file'; # file(1) utility; use 3.41 or later to avoid vulnerability
$gzip = 'gzip';
$bzip2 = 'bzip2';
$lzop = 'lzop';
$uncompress = ['uncompress', 'gzip -d', 'zcat'];
$unfreeze = ['unfreeze', 'freeze -d', 'melt', 'fcat'];
$arc = ['nomarch', 'arc'];
$unarj = ['arj', 'unarj']; # both can extract, same options
$unrar = ['rar', 'unrar']; # both can extract, same options
$zoo = 'zoo';
$lha = 'lha';
$cpio = 'cpio';
# SpamAssassin settings
# $sa_local_tests_only is passed to Mail::SpamAssassin::new as a value
# of the option local_tests_only. See Mail::SpamAssassin man page.
# If set to 1, no tests that require internet access will be performed.
$sa_local_tests_only = 1; # (default: false)
#$sa_auto_whitelist = 1; # turn on AWL (default: false)
$sa_mail_body_size_limit = 64*1024; # don't waste time on SA if mail is larger
# (less than 1% of spam is > 64k)
# default: undef, no limitations
# default values, can be overridden by more specific lookups, e.g. SQL
$sa_tag_level_deflt = -999; # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 3.0; # add 'spam detected' headers at that level
$sa_kill_level_deflt = 22.0;
#$sa_kill_level_deflt = $sa_tag2_level_deflt; # triggers spam evasive actions
# at or above that level: bounce/reject/drop,
# quarantine, and adding mail address extension
# The $sa_tag_level_deflt, $sa_tag2_level_deflt and $sa_kill_level_deflt
# may also be hashrefs to hash lookup tables, to make static per-recipient
# settings possible without having to resort to SQL or LDAP lookups.
# a quick reference:
# tag_level controls adding the X-Spam-Status and X-Spam-Level headers,
# tag2_level controls adding 'X-Spam-Flag: YES', and editing Subject,
# kill_level controls 'evasive actions' (reject, quarantine, extensions);
# it only makes sense to maintain the relationship:
# tag_level <= tag2_level <= kill_level
# string to prepend to Subject header field when message exceeds tag2 level
$sa_spam_subject_tag = '*** JUNK MAIL ***'; # (defaults to undef, disables)
# (only seen when spam is not to be rejected
# and recipient is in local_domains*)
$sa_spam_modifies_subj = 1; # may be a ref to a lookup table, default is true
# Example: modify Subject for all local recipients except [email protected]
#$sa_spam_modifies_subj = [qw( [email protected] . )];
# @av_scanners is a list of n-tuples, where fields semantics is:
# 1. av scanner plain name, to be used in log and reports;
# 2. scanner program name; this string will be submitted to subroutine
# find_external_programs(), which will try to find the full program
# path name; if program is not found, this scanner is disabled.
# Besides a simple string (full program path name or just the basename
# to be looked for in PATH), this may be an array ref of alternative
# program names or full paths - the first match in the list will be used;
# As a special case for more complex scanners, this field may be
# a subroutine reference, and the whole n-tuple is passed to it as args.
# 3. command arguments to be given to the scanner program;
# a substring {} will be replaced by the directory name to be scanned,
# i.e. "$tempdir/parts"
# 4. an array ref of av scanner exit status values, or a regexp (to be
# matched against scanner output), indicating NO VIRUSES found;
# 5. an array ref of av scanner exit status values, or a regexp (to be
# matched against scanner output), indicating VIRUSES WERE FOUND;
# Note: the virus match prevails over a 'not found' match, so it is safe
# even if 4. matches for viruses too;
# 6. a regexp (to be matched against scanner output), returning a list
# of virus names found.
# 7. and 8.: (optional) subroutines to be executed before and after scanner
# (e.g. to set environment or current directory);
# see examples for these at KasperskyLab AVP and Sophos sweep.
# NOTES:
# - NOT DEFINING @av_scanners (e.g. setting it to empty list, or deleting the
# whole assignment) TURNS OFF LOADING AND COMPILING OF THE ANTIVIRUS CODE
# (which can be handy if all you want to do is spam scanning);
# - the order matters: although _all_ available entries from the list are
# always tried regardless of their verdict, scanners are run in the order
# specified: the report from the first one detecting a virus will be used
# (providing virus names and scanner output); REARRANGE THE ORDER TO WILL;
# - it doesn't hurt to keep an unused command line scanner entry in the list
# if the program can not be found; the path search is only performed once
# during the program startup;
# CORROLARY: to disable a scanner that _does_ exist on your system,
# comment out its entry or use undef or '' as its program name/path
# (second parameter). An example where this is almost a must: disable
# Sophos 'sweep' if you have its daemonized version Sophie or SAVI-Perl
# (same for Trophie/vscan, and clamd/clamscan), or if another unrelated
# program happens to have a name matching one of the entries ('sweep'
# again comes to mind);
# - it DOES HURT to keep unwanted entries which use INTERNAL SUBROUTINES
# for interfacing (where the second parameter starts with \&).
# Keeping such entry and not having a corresponding virus scanner daemon
# causes an unnecessary connection attempt (which eventually times out,
# but it wastes precious time). For this reason the daemonized entries
# are commented in the distribution - just remove the '#' where needed.
@av_scanners = (
# ### http://www.vanja.com/tools/sophie/
# ['Sophie',
# \&ask_daemon, ["{}/\n", '/var/run/sophie'],
# qr/(?x)^ 0+ ( : | [\000\r\n]* $)/, qr/(?x)^ 1 ( : | [\000\r\n]* $)/,
# qr/(?x)^ [-+]? \d+ : (.*?) [\000\r\n]* $/ ],
# ### http://www.csupomona.edu/~henson/www/projects/SAVI-Perl/
# ['Sophos SAVI', \&sophos_savi ],
# ### http://clamav.elektrapro.com/
# ['Clam Antivirus-clamd',
# \&ask_daemon, ["CONTSCAN {}\n", '/var/amavis/clamd'],
# qr/\bOK$/, qr/\bFOUND$/,
# qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
# # NOTE: run clamd under the same user as amavisd,
# # match the socket name in clamav.conf to the socket name in this entry
# ### http://www.openantivirus.org/
# ['OpenAntiVirus ScannerDaemon (OAV)',
# \&ask_daemon, ["SCAN {}\n", '127.0.0.1:8127'],
# qr/^OK/, qr/^FOUND: /, qr/^FOUND: (.+)/ ],
# ### http://www.vanja.com/tools/trophie/
# ['Trophie',
# \&ask_daemon, ["{}/\n", '/var/run/trophie'],
# qr/(?x)^ 0+ ( : | [\000\r\n]* $)/, qr/(?x)^ 1 ( : | [\000\r\n]* $)/,
# qr/(?x)^ [-+]? \d+ : (.*?) [\000\r\n]* $/ ],
# ### http://www.f-prot.com/
# ['FRISK F-Prot Daemon',
# \&ask_daemon,
# ["GET {}/*?-dumb%20-archive HTTP/1.0\r\n\r\n",
# ['127.0.0.1:10200','127.0.0.1:10201','127.0.0.1:10202',
# '127.0.0.1:10203','127.0.0.1:10204'] ],
# qr/(?i)<summary[^>]*>clean<\/summary>/,
# qr/(?i)<summary[^>]*>infected<\/summary>/,
# qr/(?i)<name>(.+)<\/name>/ ],
['KasperskyLab AntiViral Toolkit Pro (AVP)', ['avp','kavscanner'],
"-* -P -B -Y -O- {}", [0,3,8], [2,4], # any use for -A -K ?
qr/infected: (.+)/,
sub {chdir('/opt/AVP') or die "Can't chdir to AVP: $!"},
sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"},
['KasperskyLab AVPDaemonClient',
[ '/opt/AVP/kavdaemon', 'kavdaemon',
'/opt/AVP/AvpDaemonClient', 'AvpDaemonClient',
'/opt/AVP/AvpTeamDream', 'AvpTeamDream',
'/opt/AVP/avpdc', 'avpdc' ],
'{}', [0,8], [3,4,5,6], qr/infected: ([^\r\n]+)/ ],
# change the startup-script in /etc/init.d/kavd to:
# DPARMS="-I0 -Y -* /var/amavis"
# adjusting /var/amavis above to match your $TEMPBASE.
# NOTE: cd /opt/AVP/DaemonClients; configure; cd Sample; make
# cp AvpDaemonClient /opt/AVP/
### http://www.hbedv.com/ or http://www.centralcommand.com/
['H+BEDV AntiVir or CentralCommand Vexira Antivirus',
['antivir','vexira'],
'--allfiles -noboot -nombr -rs -s -z {}', [0], qr/ALERT:|VIRUS:/,
qr/(?x)^\s* (?: ALERT: \s* (?: \[ | [^']* ' ) |
(?i) VIRUS:\ .*?\ virus\ '?) ( [^\]\s']+ )/ ],
# NOTE: remove the -z if you only have a demo version
### http://www.commandsoftware.com/
['Command AntiVirus for Linux', 'csav',
'-all -archive -packed {}', [50], [51,52,53],
qr/Infection: (.+)/ ],
### http://www.symantec.com/
['Symantec CarrierScan via Symantec CommandLineScanner',
['cscmdline','savsecls'],
'-a scan -i 1 -v -s 127.0.0.1:7777 {}',
qr/Files Infected: 0/, qr/^Infected: /,
qr/Info:\s+(.+)/ ],
### http://drweb.imshop.de/
['DrWeb Antivirus for Linux/FreeBSD/Solaris', 'drweb',
'-al -ar -fm -go -ha -ml -ot -sd -up {}',
[0], [1], sub {('no-name')} ],
### http://www.f-secure.com/products/anti-virus/
['F-Secure Antivirus', 'fsav',
'--dumb --archive {}', [0], [3,8],
qr/(?:infection|Infected): (.+)/ ],
['CAI InoculateIT', 'inocucmd',
'-sec -nex {}', [0], [100],
qr/was infected by virus (.+)/ ],
['MkS_Vir for Linux (beta)', ['mks32','mks'],
'-s {}/*', [0], [1,2],
qr/--[ \t]*(.+)/ ],
['MkS_Vir daemon',
'mksscan', '-s -q {}', [0], [1..7],
qr/^... (\S+)/ ],
### http://www.nod32.com/
['ESET Software NOD32', 'nod32',
'-all -subdir+ {}', [0], [1,2],
qr/^.+? - (.+?)\s*(?:backdoor|joke|trojan|virus|worm)/ ],
### http://www.nod32.com/
['ESET Software NOD32 - Client/Server Version', 'nod32cli',
'-a -r -d recurse --heur standard {}', [0], [10,11],
qr/^\S+\s+infected:\s+(.+)/ ],
### http://www.norman.com/products_nvc.shtml
['Norman Virus Control v5 / Linux', 'nvccmd',
'-c -l:0 -s -u {}', [0], [1],
qr/(?i).* virus in .* -> \'(.+)\'/ ],
### http://www.pandasoftware.com/
['Panda Antivirus for Linux', ['pavcl','pavc'],
'-aut -aex -heu -cmp -nor -nso -eng {}',
qr/Number of files infected\.*: 0(?!\d)/,
qr/Number of files infected\.*: 0*[1-9]/,
qr/Found virus :\s*(\S+)/ ],
# Check your RAV license terms before fiddling with the following two lines!
# ['GeCAD RAV AntiVirus 8', 'ravav',
# '--all --archive --mail {}', [1], [2,3,4,

You are welcome. I'm glad you got it back up.
(1) You say you did the symbolic link. I will assume this is set correctly; it's very important that it is.
(2) I don't know what you mean by "Been feeding the [email protected] for several weeks now, 700 emails each day at least." After the initial training period, SpamAssassin doesn't learn from mail it has already processed correctly. At this point, you only need to teach SpamAssassin when it is wrong. [email protected] should only be getting spam that is being passed as clean. Likewise, [email protected] should only be getting legitimate mail that is being flagged as junk. You are redirecting mail to both [email protected] and [email protected] ... right? SpamAssassin needs both.
(3) Next, as I said before, you need to implement those "Frontline spam defense for Mac OS X Server." Once you have that done and issue "postfix reload" you can look at your SMTP log in Server Admin and watch as Postfix blocks one piece of junk mail after another. It's kind of cool.
(4) Add some SARE rules:
Visit http://www.rulesemporium.com/rules.htm and download the following rules:
70sareadult.cf
70saregenlsubj0.cf
70sareheader0.cf
70sarehtml0.cf
70sareobfu0.cf
70sareoem.cf
70sarespoof.cf
70sarestocks.cf
70sareunsub.cf
72sare_redirectpost
Visit http://www.rulesemporium.com/other-rules.htm and download the following rules:
backhair.cf
bogus-virus-warnings.cf
chickenpox.cf
weeds.cf
Copy these rules to /etc/mail/spamassassin/
Then stop and restart mail services.
There are other things you can do, and you'll find differing opinions about such things. In general, I think implementing the "Frontline spam defense for Mac OS X Server" and adding the SARE rules will help a lot. Good luck!

Migrating Spamassassin Bayes DB

Similar Messages

Maybe you are looking for