different spamassassin behaviours

Gabriele Bulfon gabriele.bulfon at sonicle.com
Tue Jun 27 08:36:35 CEST 2017 

Hi, thanks for your response.
There are a lot of things rising the score manually:
X-Spam-Status: Yes, score=18.1 required=5.0 tests=BAYES_50,CUSTOM_MANY_BL,
HTML_FONT_LOW_CONTRAST,HTML_MESSAGE,MIME_HTML_ONLY,RCVD_IN_DNSBL_INPS_DE,
RCVD_IN_HOSTKARMA_BL,RCVD_IN_MSPIKE_H2,RCVD_IN_UCEPROTECT2,
RCVD_IN_UCEPROTECT3,RCVD_IN_WPBL,SPF_HELO_PASS,TVD_RCVD_SPACE_BRACKET,
T_REMOTE_IMAGE,UNPARSEABLE_RELAY,URIBL_ABUSE_SURBL,URIBL_DBL_SPAM
autolearn=spam autolearn_force=no version=3.4.1
All the files are taken from /sonicle/etc/mail/spamassassin and /sonicle/share/spamassassin, and they looks to be read both manually and during postfix run, as many of the mails are caught and contains X-Spam-Status with tags taken from there (sare cf files, kam file, fili_br file etc).
Also, many of the auto-learnt mails get spammed after being trained.
The bayes is configured as :
use_bayes 1
bayes_auto_learn 1
bayes_path /sonicle/var/spamassassin/bayes_db/bayes
bayes_file_mode 0777
and here are the files:
sonicle at www:~$ ls -l /sonicle/var/spamassassin/bayes_db
total 12699
-rw-rw-rw- 1 snclamav snclamav 25680 Jun 27 08:28 bayes_journal
-rw-rw-rw- 1 snclamav snclamav 10567680 Jun 27 07:58 bayes_seen
-rw-rw-rw- 1 snclamav snclamav 5128192 Jun 27 07:58 bayes_toks
here are the amavis processes:
sonicle at www:~$ ps -ef | grep amavisd
snclamav 23517 20393 0 07:43:58 ? 0:04 /sonicle/bin/perl -T /sonicle/sbin/amavisd -u snclamav -c /sonicle/etc/amavis/a...
snclamav 20393 6278 0 May 12 ? 0:49 /sonicle/bin/perl -T /sonicle/sbin/amavisd -u snclamav -c /sonicle/etc/amavis/a...
snclamav 29614 20393 0 08:28:49 ? 0:00 /sonicle/bin/perl -T /sonicle/sbin/amavisd -u snclamav -c /sonicle/etc/amavis/a...
is there any way I can run amavisd manually exactly as postfix would do during an incoming email?
I bet I need debugging output, but enabling it live may fill my mail logs, and I would have to wait for some spam to get in.
Thanks again,
Gabriele
------------------------------------------------------------------------------------------
Sonicle S.r.l.
:
http://www.sonicle.com
Music:
http://www.gabrielebulfon.com
Quantum Mechanics :
http://www.cdbaby.com/cd/gabrielebulfon
Da:
Dino Edwards
A:
amavis-users at amavis.org
Data:
26 giugno 2017 19.08.11 CEST
Oggetto:
RE: different spamassassin behaviours
Do you know for a fact that the bayes database is making those scores get higher when you run it in debug? If so, where is your bayes database stored and who is the owner of that path? Do you know for a fact that Amavis calls Spamassassin to scan emails?
----------------
Hermes Secure Email Gateway
Hermes Secure Email Gateway is a Free Open Source (Hermes SEG Community Only) Email Gateway that provides Spam, Virus and Malware protection, full in-transit and at-rest email encryption as well as email archiving. Hermes Secure Email Gateway combines Open Source technologies such as Postfix, Apache SpamAssassin, ClamAV, Amavisd-new and CipherMail under one unified web based Web GUI for easy administration and management of your incoming and ougoing email for your organization. It can be deployed to protect your in-house email solution as well as cloud email solutions such as Google Mail and Microsoft Office 365.
Learn More &Download the free open-source appliance at:
https://www.deeztek.com/hermes-secure-email-gateway/
From:
amavis-users [mailto:amavis-users-bounces+dino.edwards=mydirectmail.net at amavis.org]
On Behalf Of
Gabriele Bulfon
Sent:
Monday, June 26, 2017 11:57 AM
To:
amavis-users at amavis.org
Subject:
different spamassassin behaviours
Hi,
I have some installation of amavis+postfix, where I discovered that some spam is coming in with a very low score, but if I run spamassassin in debug mode on the same emails they get a very high score.
On my installations, amavisd runs under the "snclamav" user, while the smtp-amavis postfix daemons run under the "snclmail" user.
I run the bayes learn using the snclamav user, and also run spamassassin debug mode using the same user, that stores the bayes database in a specific path.
Any idea what may happen in amavisd spawn spamassassin that does not happen in manual debug mode?
Thanks for any help
Gabriele
------------------------------------------------------------------------------------------
Sonicle S.r.l.
:
http://www.sonicle.com
Music:
http://www.gabrielebulfon.com
Quantum Mechanics :
http://www.cdbaby.com/cd/gabrielebulfon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.amavis.org/pipermail/amavis-users/attachments/20170627/99407944/attachment.html>

More information about the amavis-users mailing list