Dmitry Leskov
 

Forcing SpamAssassin To Add The X-Spam-Status Header To Ham For Debugging

In some circumstances, you may need to find out why certain messages are not being marked as spam by SpamAssassin (or, for that matter, any other junk mail filtering solution). I had such a need today and it turned out to be less trivial than I had expected.

If you have a typical SpamAssassin setup, you may notice that the X-Spam-Status header such as

X-Spam-Status: Yes, score=6.343 tagged_above=2.0 required=6.31 tests=[BAYES_50=0.8, DOS_HIGHBIT_HDRS_BODY=1, FROM_MISSP_MSFT=1, RCVD_IN_BL_SPAMCOP_NET=1.347, STOX_REPLY_TYPE=0.439,	STOX_REPLY_TYPE_WITHOUT_QUOTES=1.757] autolearn=no

gets added to spam messages, but the messages classified as ham do not (always) contain it.

Today I needed to confirm a user report stating that outgoing messages from a certain system trigger a couple of specific SpamAssassin rules. So I sent a message from that system to my private server that is running SpamAssassin. No X-Spam-Status header. After some searching and experimenting, I have found that there are three solutions: one obsolete, one not working for me and others with similar setup, and the right one. (Now guess which I have found last. :( )

In the hope to save you some time, I am putting my findings below. Please note that all commands and config file locations are valid for Ubuntu 10.04 LTS.

The Obsolete Solution

First, it seems that most Web pages and forum/blog posts devoted to SpamAssassin troubleshooting say that you need to add

always_add_headers 1

to SpamAssassin’s local.cf and restart spamd. However, that line did not pass the syntax check on my system:

$ spamassassin 2>&1 --lint
Aug 31 15:18:12.225 [4796] warn: config: failed to parse line, skipping, in "/etc/spamassassin/local.cf": always_add_headers 1
Aug 31 15:18:12.846 [4796] warn: lint: 1 issues detected, please rerun with debug enabled for more information

The reason is that the always_add_headers option is obsolete as of SpamAssassin 3. If you are still using version 2.x, it may work for you.

Solution That Only Works For Some

From version 3 onwards, SpamAssassin lets you add any custom X-Spam- header to messages it has classified as ham, spam, or both. That is more flexible than always_add_headers, which was therefore removed, and the usual suggestion to those who follow up on outdated forum posts is to add this to local.cf instead:

add_header all Report _REPORT_

Following that advice, I started to get detailed X-Spam-Report headers, but only in messages classified as spam or having some spam score. No single X-Spam- header in pure ham.

Solution that worked

And the solution that finally worked was changing amavisd-new configuration! Let me quote the amavisd-new FAQ:

It is the amavisd that is editing the message by itself. Header and body rewriting options in SA have no external effect, as amavisd does not use the modified message as prepared by SA.

In other words, in configurations where SpamAssasin is controlled by amavisd-new, the X-Spam- headers are actually added by the latter, and it is amavisd-new that decides whether to add them.

Let’s now have a closer look at the above header sample:

X-Spam-Status: Yes, score=6.343 tagged_above=2.0 required=6.31 tests=[BAYES_50=0.8, DOS_HIGHBIT_HDRS_BODY=1, FROM_MISSP_MSFT=1, RCVD_IN_BL_SPAMCOP_NET=1.347, STOX_REPLY_TYPE=0.439,	STOX_REPLY_TYPE_WITHOUT_QUOTES=1.757] autolearn=no

These two values (tagged_above and required) match the settings in /etc/amavis/conf.d/50-user:

# $sa_tag_level_deflt = 2.0; # add spam info headers if at, or above that level
# $sa_tag2_level_deflt = 6.31; # add 'spam detected' headers at that level

Eureka! Uncommenting and changing the first line to

$sa_tag_level_deflt = -9999; # always add spam info headers

and restarting amavis

sudo service amavis restart

has resulted in all messages getting the X-Spam- headers:

   .  .  .
X-Spam-Flag: NO
X-Spam-Score: -0.696
X-Spam-Status: No, score=-0.696 tagged_above=-9999 required=6.31 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_NEUTRAL=0.779, URIBL_GREY=0.424] autolearn=no
   .  .  .

P.S. In addition to the amavisd-new FAQ quoted above, you may wish to read the “SpamAssassin Integration with Postfix, using Amavis” page of the official SpamAssassin wiki.

Tags: , ,

« | »

Talkback

  1. Phil
    27-Apr-2015
    7:55 pm
    1

    I know this was written at least 4 years ago, but you just saved me the worlds biggest headache checking if SpamAssasin was checking all mail.

    Thanks!

  2. Kervinou
    17-Oct-2015
    8:32 pm
    2

    Hi !

    Thanks for that.
    So i think there’s no other solution for always have X-Spam Header but for me, even with the 2 params (spamd + amavis) ham mail have not any X-Spam header ! ;-(

    I dont understand why !?
    Surely another config file, but ?

  3. Carl
    29-Jan-2016
    7:26 am
    3

    Hi Dimitry,
    Just wanted to say thanks. Very well written and presented. It was exactly what I needed.
    Regards,
    Carl

  4. Chris Hirst
    13-Feb-2016
    12:52 am
    4

    Just to add;

    amavis configuration file location is /etc/amavis.conf in my Centos 6.5 install

    and is running as a daemon so should be.
    sudo service amavisd restart|start|stop

  5. billy noah
    18-Feb-2016
    7:48 pm
    5

    Really appreciate this. I wish I could upvote this but it’s not on stackoverflow ;-)

  6. maxd
    23-Sep-2016
    6:42 pm
    6

    good one. worked as a charm. Thanks pal.

* Copy This Password *

* Type Or Paste Password Here *