> -----Original Message----- > From: centos-bounces@xxxxxxxxxx [mailto:centos-bounces@xxxxxxxxxx] On > Behalf Of James B. Byrne > Sent: Monday, June 27, 2005 11:56 AM > To: centos@xxxxxxxxxx > Subject: sendmail and spamassassin > > I have a problem getting spamd and sendmail (both stock CentOS4 rpms) > to work together on a couple of smtp relay machines. This is clearly > a configuration issue and no doubt revolves around my lack of > comprehension of how this is to work. > > Basically, the setup consists of two frontend public smtp transports > that redirect all email through a firewall to an internal imap server > for final delivery. The firewall and sendmail access map prohibit > connections to the imap server except for the local MX gateway. The > external MX gateway is a fallback mx server that routes everything it > queues through the primary gateway. > > So: > > MX 2 routes to MX 1 that routes to IMAP > > MX 2 and MX 1 are running spamd. > > the sendmail.m4 file has the following at its very end: > > dnl # > dnl # MAILERs are always last after all FEATURES are defined > MAILER(smtp)dnl > MAILER(procmail)dnl > > > The contents of /etc/procmailrc are: > > :0fw > | /usr/bin/spamassassin > > > Spamd is running on both. > > There is a local configuration rule set in > /etc/mail/spamassassin/local.cf > > Passing a test message through spamc on MX 1 or MX 2 does not seem to > pick up this rule even for messages constructed to trigger it. > Passing spam messages through spamc -R identifies messages that have > passed through the relays without any spam tags as being high scoring > spam. > > What am I doing wrong? Regardless of your test, your biggest problem is that procmail isn't, and won't, be run on your MX machines because they are not doing local delivery to the mailboxes as I understand your setup. Procmail only comes into play when the messages are being put into the user's mailboxes. You'll want to look at something like MailScanner if you want to do all your spam/virus filtering on your MX servers since that works directly with the queue files and re-injects them back into an outgoing queue for final delivery. There are some drawbacks to that, primarily being that you can't have per-user variation, but we did it quite successfully for several years for ~37,000 users with the same type of architecture you are trying to implement. We have since moved to using MailScanner on our MXs for virus checks, attachment stripping and general mal-ware removal only and our local delivery machines run spamd as a postfix filter so that we can have per-user spam settings. There are quite a few how-tos out there to help you, starting with the spamassassin wiki. -- Marc