Is my Bayes working?
Matus UHLAR - fantomas
uhlar at fantomas.sk
Sat May 23 18:07:18 CEST 2020
On 23.05.20 10:35, sse450 wrote:
>I setup amavisd (2.12.0), spamassassin (3.4.2), postfix, dovecot on
>CentOS8 about one month ago and run sa-learn every night as a crontab
>entry. There are considerable data accumulated on the database. But,
>still, I get BAYES_00=-1.9 for a very spammy mail:
>
>X-Spam-Flag: YES
>X-Spam-Score: 29.813
>X-Spam-Level: *****************************
>X-Spam-Status: Yes, score=29.813 tagged_above=-999 required=3
>tests=[AXB_XMAILER_MIMEOLE_OL_024C2=0.001, BAYES_00=-1.9,
>CUSTOM_DMARC_FAIL=2, DCC_CHECK=1.1, DCC_REPUT_70_89=0.1,
>DIGEST_MULTIPLE=0.293, DKIM_ADSP_CUSTOM_MED=0.001, DMARC_NONE=0.1,
>FORGED_GMAIL_RCVD=2.5, FORGED_MUA_OUTLOOK=1.927, FORM_FRAUD_5=0.001,
>FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001,
>FREEMAIL_REPLYTO=1, FREEMAIL_REPLYTO_END_DIGIT=0.25,
>FROM_MISSPACED=0.001, FROM_MISSP_EH_MATCH=0.001,
>FROM_MISSP_FREEMAIL=2.01,
>FROM_MISSP_MSFT=0.001,FROM_MISSP_REPLYTO=1.717,
>FROM_MISSP_XPRIO=0.001, FROM_NOT_REPLYTO=2, FSL_BULK_SIG=0.001,
>FSL_CTYPE_WIN1251=0.001, FSL_NEW_HELO_USER=0.001, HK_SCAM=0.001,
>KAM_DMARC_NONE=0.25, KAM_DMARC_STATUS=0.01, MALFORMED_FREEMAIL=1.142,
>MISSING_HEADERS=1.021, MISSING_MID=0.497, NML_ADSP_CUSTOM_MED=0.9,
>NSL_RCVD_HELO_USER=0.001, PYZOR_CHECK=1.392,RCVD_IN_MSPIKE_BL=0.001,
>RCVD_IN_MSPIKE_L4=0.001, RCVD_IN_RP_RNBL=1.31, RCVD_IN_SBL_CSS=3.335,
>REPLYTO_WITHOUT_TO_CC=1.552, SPF_HELO_PASS=-0.001,
>SPF_SOFTFAIL=0.665,SPOOFED_FREEMAIL=1.999, SPOOFED_FREEM_REPTO=0.693,
>TO_NO_BRKTS_FROM_MSSP=1.655, TO_NO_BRKTS_MSFT=0.001,
>T_DEAR_BENEFICIARY=0.01, T_FILL_THIS_FORM_SHORT=0.01,
>T_HK_NAME_FM_MR_MRS=0.01] autolearn=no autolearn_force=no
>root at winsvr:/# sa-learn -D --dump magic
root's bayes is not used here.
>root at winsvr:~# su amavis -c 'sa-learn -D --dump magic'
>
>plugin: failed to parse plugin (from @INC): Can't locate
>Mail/SpamAssassin/Plugin/SpamCop.pm:
>lib/Mail/SpamAssassin/Plugin/SpamCop.pm: Permission denied at (eval
>50) line 1.
you must change to directory readable by user amavis to avoid this error.
>chown -R amavis.amavis /usr/share/perl5/vendor_perl/Mail/SpamAssassin
you can easily mess your system up this way.
I believe you should chown back to root.
(I hope it's owned by root on centos)
>root at winsvr:/# su amavis -c 'sa-learn -D --dump magic'
here you are in root directory so you won't get that problem
>Interestingly, even after chown, su amavis -c 'sa-learn -D --dump
>magic' still gives permission denied error sometimes.
because of the problem I described above
>Is the BAYES_00=-1.9 normal for the sample spam email? Perhaps, I need
>to accumulate more training data. Or, is something look wrong with my
>setup?
this can happen ocasionally. Unfortunately, most of negative scoring rules
whitelists, so it's quite common that unwanted mail from e.g. google gets
whitelisted.
You need to train more spam.
--
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Windows found: (R)emove, (E)rase, (D)elete
More information about the amavis-users
mailing list