Nice easy Spamassassin question

2 views
Skip to first unread message

Frank Leonhardt

unread,
Sep 15, 2025, 4:53:27 PMSep 15
to questions
Apparently someone's decided to drop sendmail from the base system in
15. True or otherwise, I'm planning ahead.

So I'm setting up the sendmail external package in a jail, configured
thus (apart from it having a proper IPv4 address)

mail { ip4.addr = 1.2.3.4;  allow.raw_sockets = 1; enforce_statfs=1 ;
allow.mount ; allow.mount.fdescfs ; allow.mount.linsysfs ;
allow.mount.linprocfs ; allow.mount.tmpfs ; allow.mount.devfs ; }

I don't know if all these options are needed. There's mount.devfs and
mount.procfs for good measure.

I've installed the sendmail PACKAGE instead of the base system. It's
compiled with SASL support anyway, which is better because you kinda
need that!

But spamassassin is causing me trouble.

<hostname>.cf has the correct(?) runes:

Xspamassassin, S=local:/var/run/spamass-milter.sock,
F=T,T=C:15m;S:4m;R:4m;E:10m

But you'll be please to know it's not the mc or cf file, or even
sendmail, that's the the real problem. I've isolated it outside of that
nightmare.

The socket exists while it's running:

srw-r--r--  1 root wheel 0 Sep 15 19:12 /var/run/spamass-milter.sock

And the service IS running.

root@mail:/ # service sa-spamd status
spamd is running as pid 9934.
root@mail:/ # service spamass-milter status
spamass_milter is running as pid 13169.

But for whatever reason, sendmail can't connect to it using spamc.
Possibly because it's owned by root - but isn't it always on FreeBSD?
Anyway, it tries to pass it to the public IP address, which spamc
rejects as unauthorised in the log files. Well and good but I want it to
go through a local socket like normal. But that won't even won't even
work if I test it outside sendmail.

I try the SA test message, guaranteed to upset it (at least at one time):

echo "<GTUBE pattern>" | spamc -R -U /var/run/spamass-milter.sock

The I get back 0/0 - which indicates to me that spamc couldn't connect.

If I try it to spamassassin -t I get the appropriately processed message.

So what's going on? I'm thinking it's something to do with sockets and
jails but I'm running out of ideas.

Does anyone know how to run spamassassin in a jail successfully with the
milter? Probably just a nice simple option I've missed :-)

Never mind sendmail - I'll deal with that later if I need. This is
isolated to "echo <stuff> | spamc -R" not working.

Thanks, Frank.





Lexi Winter

unread,
Sep 15, 2025, 5:37:30 PMSep 15
to Frank Leonhardt, questions
Frank Leonhardt:
> Apparently someone's decided to drop sendmail from the base system in 15.

this is not true, sendmail is still shipped in base in 15.0 and there
are no plans to remove it in any future release. in fact, i just
committed a couple of sendmail fixes in the last few days.

please tell whoever told you this that they are misinformed.

> But spamassassin is causing me trouble.

sorry, no idea about that, but i wanted to correct the above.
signature.asc

Frank Leonhardt

unread,
Sep 16, 2025, 4:40:32 AMSep 16
to questions
On 15/09/2025 22:37, Lexi Winter wrote:
Frank Leonhardt:

Apparently someone's decided to drop sendmail from the base system in 15.

 
this is not true, sendmail is still shipped in base in 15.0 and there
are no plans to remove it in any future release.  in fact, i just
committed a couple of sendmail fixes in the last few days.

please tell whoever told you this that they are misinformed.

SirDice, 11th July, 2024:

https://forums.freebsd.org/threads/upgrading-to-release-14-from-13.91161/

"And if you are actively using sendmail(8) I suggest switching to mail/sendmail instead. In 15 sendmail will be completely removed from the base."

If this is not the case then I'm pleased to hear it, but after the Berkeley Internet Name Domain daemon (and most importantly tools) was removed from BSD; and /etc/motd was replaced by something incompatible; and DMA has been the default since 14.0, it sounded quite plausible. SirDice is very well informed so I assume it was correct a year ago, and movements such as this tend to keep going until they get their way. Do you know what's going on in the background? 

But spamassassin is causing me trouble.

sorry, no idea about that, but i wanted to correct the above.
Yeah, it should be a fairly straightforward thing but the documentation is lacking and I'm trying to do something about that. If you're running a an actual mail server you're going want sendmail+SASL+spamassassin+DKIM, and these days in a jail, and it's a bit of a pain. The handbook now covers SASL, but only the ports version and requires the base sendmail to be recompiled. (Cue Exim and Postfix aficionados, who may have a point).

Regards, Frank.


Sad Clouds

unread,
Sep 16, 2025, 9:28:02 AMSep 16
to Frank Leonhardt, questions
On Tue, 16 Sep 2025 09:40:08 +0100
Frank Leonhardt <freeb...@fjl.co.uk> wrote:

> sendmail+SASL+spamassassin+DKIM, and these days in a jail
>
None of this needs to be in the base system. If you like sendmail,
postfix or something else, then this should be available via packages.
The first thing I do when building FreeBSD is disable in src.conf:
sendmail, telnet, unbound and various other bits of bloat I will never
need or use.

I vaguely remember NetBSD people proposing basepkg framework, but
after 8 years it is still in the experimental stage.

Frank Leonhardt

unread,
Sep 17, 2025, 11:29:34 AMSep 17
to ques...@freebsd.org

This was a problem due to named pipes appearing but not working inside a jail. I can probably get around it using a different tweaked devfs ruleset, but I opted to have SA components communicate through ports instead, which had its own interesting problems.

So it does now work. I'll document this stuff on my blog later.

Reply all
Reply to author
Forward
0 new messages