Increase spamassassin bayes99 score

Kai Risku Kai.Risku at arrak.fi
Fri Oct 14 08:03:10 CEST 2016


Put this in your local.cf

score BAYES_99                6.0

Personally I think 6.0 is a bit high. There is significant risk of false positive if one single rule can give enough points to block the message.

Are you using network tests (RBL blocklists, etc.)? These are usually very effective.  See
                https://wiki.apache.org/spamassassin/UsingNetworkTests

--
Kai.Risku at arrak.fi<mailto:Kai.Risku at arrak.fi>     GSM  +358-40-767 8282
Oy Arrak Software Ab   http://www.arrak.fi



From: amavis-users [mailto:amavis-users-bounces+kai.risku=arrak.fi at amavis.org] On Behalf Of Nikolaos Milas
Sent: Friday, October 14, 2016 8:24 AM
To: amavis-users at amavis.org
Subject: Increase spamassassin bayes99 score


Hello,

After relatively long training of bayes filters, we are consistently getting bayes99 score of 3.5 (on spam mails).

It seems this is the max score assigned to bayes99. How/where can we increase this value?

Config files are at: /etc/amavisd.conf and at /etc/mail/spamassassin/local.cf

Spam mails still get through because a higher total score is needed for them to be auto designated as spam.

Here is a typical header of such a mail:

X-Spam-Flag: NO
X-Spam-Score: 5.153
X-Spam-Level: *****
X-Spam-Status: No, score=5.153 tagged_above=-999 required=5.5
    tests=[BAYES_99=3.5, BAYES_999=0.2, DATE_IN_PAST_12_24=1.049,
    DKIM_ADSP_CUSTOM_MED=0.001, FREEMAIL_FROM=0.001,
    HTML_IMAGE_RATIO_06=0.001, HTML_MESSAGE=0.001, IP_LINK_PLUS=0.012,
    NML_ADSP_CUSTOM_MED=0.9, NORMAL_HTTP_TO_IP=0.001,
    RP_MATCHES_RCVD=-0.313, SPF_HELO_PASS=-0.1, SPF_PASS=-0.1]
    autolearn=disabled

How should I best handle the issue? I think that raising max score from 3.5 to e.g. 6.0 might do the trick. Any other options?

Some additional data:

$ sa-learn --dbpath '/var/amavis/var/.spamassassin' --dump magic
0.000          0          3          0  non-token data: bayes db version
0.000          0       2063          0  non-token data: nspam
0.000          0       1010          0  non-token data: nham
0.000          0     217776          0  non-token data: ntokens
0.000          0 1219096335          0  non-token data: oldest atime
0.000          0 1476418883          0  non-token data: newest atime
0.000          0 1476418900          0  non-token data: last journal sync atime
0.000          0 1471602636          0  non-token data: last expiry atime
0.000          0          0          0  non-token data: last expire atime delta
0.000          0          0          0  non-token data: last expire reduction count

Please advise.

Thanks in advance,
Nick
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.amavis.org/pipermail/amavis-users/attachments/20161014/27439beb/attachment.html>


More information about the amavis-users mailing list