SpamAssassin (JAM Software) RSS

1

As anyone been able to get SpamAssassin working using SpamAssassin.exe or spamc?

Spamc just hangs and SpamAssassin.exe returns this error:
External Agent "SpamAssassin" hit with email file "sce-E675D4C159EF5BD10F1849C9602346E9.eml" (exit code 1, comment "Spam"). Agent output: "Jan 12 22:41:49.176 [14724] warn: archive-iterator: no access to Jan 12 22:41:49.176 [14724] warn: archive-iterator: unable to open
It seems like the file is remove too fast before SpamAssassin can read it. When I check the folder, the file is there for one second then it is remove but SpamAssassin hasn't even finish running yet.

I would also prefer to use Spamc because it is faster.

by coolgj 2 years ago
2

Hello coolgj,

This usually happens when the 'temporary email files' folder that is specified on the Blacklists > External Agents page in the ORF Administration Tool is not excluded from virus checking, and the resident anti-virus deletes or locks the .eml before the External Agent could scan it.

Please double-check your AV settings on the ORF server and make sure that the temporary email file folder is added to your AV's exclusion list.

Please let me know if this has solved the issue.

by Daniel Novak (Vamsoft) 2 years ago
3

I don't have any antivirus on this server. It is windows 2012.

by coolgj 2 years ago
4

@coolgj: How about the Windows Defender Real-Time protection (if it is installed/enabled)?

Based on the error message, this might also be a permission issue (i.e. SpamAssassin may have inadequate rights to access the file). To test this, try to run the spamassassin.exe from a command line and scan a test file in the 'temporary email files' folder you specified in the ORF settings (on the Blacklists > External Agents page). Make sure that you also enter the 'command-line parameters' you specified in External Agent Properties dialog for your External Agent (Blacklists > External Agents > [Agent Name] > Run tab). This way you can verify whether 1) the spamassassin executable can run with the extra switches, and 2) if it has permission to access the files saved in the selected 'temporary email files' folder.

For the test above, I would suggest using the EICAR standard anti-virus test file (http://www.eicar.org/85-0-Download.html). If there is any real-time malware protection on the system, it will remove it before you could scan test file with SpamAssassin.

by Daniel Novak (Vamsoft) 2 years ago
(in reply to this post)

5

@Daniel Novak (Vamsoft): Windows Defender is not installed. I use the EICAR test file and it is still in the directory. spamassassin can access it. I do not think it is a permission issue either, as I gave the ORF service admin rights to test also with the same results. It seems the file is being remove by ORF to fast.

by coolgj 2 years ago
(in reply to this post)

6

@Daniel Novak (Vamsoft): Also I am using the latest version of spamassassin (JAM Software) and ORF 5.4

by coolgj 2 years ago
(in reply to this post)

7

What is the entire error message that you receive when the scan fails. The one you posted seems to be only a fraction of it. Furthermore, what is the output of spamassassin.exe when you run it from the command-line to test the file in the temporary email file folder?

Could you post the full command that you enter, including the parameters you use in the ORF settings?

by Daniel Novak (Vamsoft) 2 years ago
8

Output from spamassassin:


C:\Program Files (x86)\JAM Software\SpamAssassin in a Box>spamassassin.exe -e <
C:\email\eicar.com.txt
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) * on
Exchange.DS.REAONIX.COM * at Fri, 13 Jan 2017 08:51:25 -0500
X-Spam-Status: Yes, score=8.0, hits=8.0, required=5.0, autolearn=no
autolearn_force=no, shortcircuit=no
X-Spam-Level: *******
X-Spam-Report:
* -0.0 NO_RELAYS Informational: message was not relayed via SMTP
* 1.0 MISSING_HEADERS Missing To: header
* 1.4 MISSING_DATE Missing Date: header
* 0.5 MISSING_MID Missing Message-Id: header
* 1.8 MISSING_SUBJECT Missing Subject: header
* 2.3 EMPTY_MESSAGE Message appears to have no textual parts and no
* Subject: text
* 1.0 MISSING_FROM Missing From: header
* -0.0 NO_RECEIVED Informational: message has no Received headers
* 0.0 NO_HEADERS_MESSAGE Message appears to be missing most RFC-822
* headers
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

by coolgj 2 years ago
9

@Daniel Novak (Vamsoft): output from ORF log viewer:
Email blacklisted. External Agent "SpamAssassin" hit with email file "sce-919351837C8C23D54D4AFC9F0B800B4A.eml" (exit code 1, comment "Spam"). Agent output: "Jan 13 09:03:29.336 [4956] warn: archive-iterator: no access to Jan 13 09:03:29.337 [4956] warn: archive-iterator: unable to open

by coolgj 2 years ago
(in reply to this post)

10

@Daniel Novak (Vamsoft): ORF command line arg:
-e <{EMAILFILESPEC}

If I put a space between < and {EMAILFILESPEC} then I get this error:
Email blacklisted. External Agent "SpamAssassin" hit with email file "sce-C1C385C8330C0C8CFE6E4CB878677467.eml" (exit code 22, comment "Spam"). Agent output: "archive-iterator: can't open '<' dir: Invalid argument at C:\Program Files (x86)\JAM Software\SpamAssassin in a Box\runtime\spamassassin line 422.".

by coolgj 2 years ago
(in reply to this post)

11

@Daniel Novak (Vamsoft): Any idea why it will not work?

I need something like this to catch the rest of the spam. ORF does a good job but without spamassassin I am still getting to much spam.

by coolgj 2 years ago
(in reply to this post)

12

I have yet to test the latest version of Spamassassin (and try to reproduce this issue), so I am not entirely sure what is causing the reported problem. However, if you are trying to connect SpamAssassin to ORF only because you find that ORF is unable to handle the incoming spam on its own, then I suggest a different approach instead i.e. we address the issue of the unsatisfactory filtering performance of ORF. Depending on how aggressive the filtering settings are, 97-99% of spam (that is 3-1 out of 100) should be caught by ORF. Any less than that indicates a technical or configuration issue. Our recommendations for a high filtering performance are summarized by our Best Practices Guide, available at http://vamsoft.com/support/docs/how-tos/best-practices-5.4.1 -- if you have not applied advice from this document before - and even if you have - I strongly suggest that you implement *all* of the "tips for higher performance" (both low and medium risk ones).

However, should you find that even with the recommended settings too much spam is allowed through, then please, send us an email to with a few recent ORF log files, your ORF configuration file (see „a few tips to get things fixed faster” at http://vamsoft.com/customer-service) and some spam samples, for analysis.

by Daniel Novak (Vamsoft) 2 years ago
13

@Daniel Novak (Vamsoft): I have most of them implemented which give me a spam catch ratio of 78% I cannot turn on all of them as it blocks some of my current and future customers. Spamassissan could catch the reminder spam emails very easy. You guys really should integrate into the product

by coolgj 2 years ago
(in reply to this post)

14

If you follow our Best Practices guide and assign the Auto Sender Whitelist test to both points (Before and On Arrival), ORF's false positive rate should be close to zero. Considering that the spam-catch rate of your ORF installation is just 78% and that legitimate emails are blacklisted when you enable certain tests (which tests exactly? - besides the GeoIP and Charset blacklist), I am confident that a technical and/or configuration problem is preventing ORF from functioning properly. If you were to send us the files mentioned in my previous post, I could review them and see if I can find any issues, as well as provide suggestions on how to improve the filtering performance of ORF.

As for JAM Software's SpamAssasin, I will try to reproduce the reported issue in our lab and get back to you as soon as possible.

by Daniel Novak (Vamsoft) 2 years ago
15

Hello coolgj,

Thank you for your patience. I believe I have found the solution to your problem. Apparently the issue seems to be with the pipe redirection '<' (STDIN) when used as a command-line parameter in ORF. The < and » pipes are features of the windows command prompt (cmd.exe), so the standard Windows process APIs that ORF uses do not understand them. The workaround to this issue is to create a batch file that calls the spamassasin.exe with the correct parameters, which in turn can be interpreted by cmd.exe. So, the correct settings are the following:

[ORF External Agent Properties]
Agent executable: C:\Windows\System32\cmd.exe
Command-line parameters: /Q /C ""C:\Program Files\JAM Software\SpamAssassin for Windows\sa.bat" {EMAILFILESPEC}"

[Batch file - sa.bat]
@echo off
"C:\Program Files\JAM Software\SpamAssassin for Windows\spamassassin.exe" -e < %1
exit %ERRORLEVEL%

Make sure that the double quotes are not omitted anywhere as they are required if the file path contains any whitespace characters.

Please let me know if this has helped.

by Daniel Novak (Vamsoft) 2 years ago
16

@Daniel Novak (Vamsoft): Actually, it's much simpler than that. You don't need the .bat file:
[Executable]
C:\Windows\System32\cmd.exe

[Parameters]
/Q /C ""C:\Program Files\JAM Software\SpamAssassin in a Box\spamc.EXE" -c < {EMAILFILESPEC}"

by Schmidtc63 1 year ago
(in reply to this post)

New comment

Fill in the form below to add a new comment. All fields are required. If you are a registered user on our site, please sign in first.

Nickname:
Email address (will not be published):
Your comment:

ORF Technical Support

Configuring, installing and troubleshooting ORF.

News & Announcements

Your dose of ORF-related news and announcements.

Everything but ORF

Discuss Exchange and system administration with fellow admins.

Feature Test Program

Feature Test Program discussion. Membership is required to visit this forum.

ORF Beta

Join the great bug hunt of the latest test release.

Customer Service

Stay Informed