I have recently upgraded the mail server to a new CentOS 7 server (from CentOS 6) that is doing nothing but email and DNS. The previous CentOS 6 server was also running several websites on Apache.
I'm not sure what I'm doing differently that is causing bayes to show up in the Mail Headers as a test that was run, but it appears I have Bayes fully configured. Here's how I'm doing it:
As before, I'm running Postfix with amavisd-new being used as the primary Virus and Spam scanner. amavisd-new then hands off to spamassassin.
Postfix is version 2.10.1 from the CentOS Plus repository, amavisd-new is version 2.10.1 from the EPEL repository, and spamassassin is version 3.4.0 from the base repository.
spamassassin's config file is as follows:
[root@mail ~]# cat /etc/mail/spamassassin/local.cf
required_hits 5
report_safe 0
rewrite_header Subject [SPAM]
razor_config /etc/mail/spamassassin/.razor/razor-agent.conf
use_bayes 1
bayes_path /var/spamassassin/bayes
bayes_file_mode 077
auto_learn 0
use_razor2 1
And now, my mail headers do indicate the bayes test is being run:
X-Virus-Scanned: amavisd-new at developcents.com
X-Spam-Flag: NO
X-Spam-Score: 5.129
X-Spam-Level: *****
X-Spam-Status: No, score=5.129 tagged_above=-999 required=6.2
tests=[BAYES_99=3.5, BAYES_999=0.2, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001,
MIME_HTML_ONLY=0.723, MIME_QP_LONG_LINE=0.001, RDNS_NONE=0.793,
SPF_PASS=-0.001, T_REMOTE_IMAGE=0.01, URIBL_BLOCKED=0.001]
autolearn=no autolearn_force=no
Unfortunately, I'm still trying to get a handle on the spam, as most of the messages are still coming in under the radar (with a score of 6.1 or lower), but I'm making a lot of progress.
For what it's worth, this is slightly off topic, but I recommend the following RBLs in Postfix main.cf as a part of the smtpd_recipient_restrictions definition (note that you'll need to register before you can use a couple of these lists):
reject_rbl_client zen.spamhaus.org,
reject_rbl_client bl.spamcop.net,
reject_rbl_client b.barracudacentral.org,
reject_rbl_client dnsbl.sorbs.net,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client dnsbl-1.uceprotect.net,
reject_rbl_client dnsbl-3.uceprotect.net,
Hope this helps someone.
With enormous gratitude to the knowledgeable guys on the Spamassassin users mailing list, I finally got to the bottom of this problem and sorted it out.
Through my mail server configuration process, I had ended up with a helper script /usr/bin/spamfilter.sh
That script was writing to a log file (/var/log/spamassassin/spamd.log) that wasn't included in the logrotate system. The logrotate.d directory contains a config file to rotate /var/log/spamd.log. This (typo?) meant that it was perpetually growing.
Each time a new message was processed by the system, all the content from that log file was getting read in and re-logged to both mail.log and syslog.
I have resolved the problem by fixing the reference in spamfilter.sh to use the /var/log/spamd.log file, which will be rotated on a daily basis, thus preventing a large build-up of messages for re-logging.
I hope this proves to be helpful to others, but I would like to thank the following users from the Spamassassin users mailing list specifically for their help and expert suggestions:
- Kevin McGrail
- John Hardin
- Dave Wreski
- ap-ml
- Tom Hendrikx
Fantastic work guys. Thank you so much.
Best Answer
Silly me. Just found out about this page:
http://www.postfix.org/addon.html
... and I quote:
Case solved. amavisd-new, it will be.
Thanks for everyone who have tried to answer!
Edit:
In the comments, @Spikolynn referred to http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfix:politics , which explains how Postfix now implements a 'holding' queue which should prevent queue corruption.
Many improvements have happened on the Postfix side since this question was asked; so if you happen upon this Q&A as a result of a search, please be aware that the situation might not be as clear cut as it was when I came upon the problem.