Hi all, Well it took a while for me to figure it out, but apparently my logwatch no longer can be mailed locally on my computer as I believe spamassassin is eating it. I can send it out to an email address outside my server though. So spamassassin is only checking incoming I guess. My question is....how do I...or should I.... Make all local mail go straight to the boxes and skip spamasassin entirely.. Or.. Whitelist logwatch. Apparently, I am guessing, all those nifty log reports are so full of blacklisted urls and ips...well, you get the picure. Best ways to make this work so I can get it delivered to root again? Thanks
Bob Hoffman wrote:> Best ways to make this work so I can get it delivered to root again?Please, don't give out too much information when asking questions, all of us here really like to go on a wild goose chase now and then. IOW: Show logs. Ralph -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: <http://lists.centos.org/pipermail/centos/attachments/20080911/73fd1913/attachment-0002.sig>
So.. To answer my own question... so I edited the file /etc/mail/spamassassin/local.cf whitelist_from logwatch at localhost.localdomain Where localhost.localdomain is your hostname.servername And it worked. However, I am concerned about spoofing. I would think that mail agent and spamassassin would have an 'okay, it's a local user' thing going on. They do not. On the internet there are 1000s of posts like mine, asking questions about this and getting no answers. I hope this helps. Centos 5.2... -----Original Message----- From: Bob Hoffman [mailto:bob at bobhoffman.com] Sent: Thursday, September 11, 2008 4:54 AM To: 'centos at centos.org' Subject: Logwatch / spamassassin Hi all, Well it took a while for me to figure it out, but apparently my logwatch no longer can be mailed locally on my computer as I believe spamassassin is eating it. I can send it out to an email address outside my server though. So spamassassin is only checking incoming I guess. My question is....how do I...or should I.... Make all local mail go straight to the boxes and skip spamasassin entirely.. Or.. Whitelist logwatch. Apparently, I am guessing, all those nifty log reports are so full of blacklisted urls and ips...well, you get the picure. Best ways to make this work so I can get it delivered to root again? Thanks
Bob Hoffman wrote:> > Hi all, > > Well it took a while for me to figure it out, but apparently my logwatch no > longer can be mailed locally on my computer as I believe spamassassin is > eating it. > > I can send it out to an email address outside my server though. So > spamassassin is only checking incoming I guess. > > My question is....how do I...or should I.... Make all local mail go straight > to the boxes and skip spamasassin entirely.. >Try adding a whitelist entry to /etc/mail/spamassassin/local.cf. To whitelist all mail from your domain: whitelist_from *@example.com> Or.. Whitelist logwatch.or try: whitelist_from logwatch at example.com for a single address. This will add -100 to the score for spamassassin.
Bob Hoffman wrote:> So.. > > To answer my own question... > > so I edited the file /etc/mail/spamassassin/local.cf > > whitelist_from logwatch at localhost.localdomain > > Where localhost.localdomain is your hostname.servername > > And it worked. > > However, I am concerned about spoofing. I would think that mail agent > and spamassassin would have an 'okay, it's a local user' thing going > on.Generally, using 'whitelist_from' is a bad idea due to spoofing. The address you are using will probably not cause too many problems, but you should still fix it if possible. Use 'whitelist_from_rcvd' instead. This will whitelist the address only if the mail comes from a specified domain. Try this (untested): whitelist_from_rcvd logwatch at localhost.localdomain localhost.localdomain Note that this will require your DNS server to resolve localhost.localdomain (forward and reverse). Another option is to configure your mail server to bypass SA entirely for local mail. -- Bowie
Ned, Thanks for the letters. Yes, I added the whitelist, but think that is not right either. No matter what I add in there, it will allow someone to use it and come in. The postmaster not getting tagged is just as scary actually. The weird part is the mail will go to another server via smtp and not be tagged as SPAM. How strange is that. I can only assume I should be changing something in the logwatch file to make it not be from 'logwatch' but to instead be 'root' or some other local user. Since logwatch has no local user in my mail setups...maybe that is the problem. So it might be that matter that makes it get killed by procmail or by spamassassin. Strange. But a very obvious problem across the net. I will work on this more tonight and see if I can get it to run better without whitelisting.