Hi, I'm setting up a central, company wide antivirus / antispam filter. For that purpose I have two machines - one is relay server with postfix, RBLs and greylisting, the other is amavisd-new server that uses clamav to catch viruses and a combination of spamassassin and dspam to catch spam. Postfix has the 'content_filter' option to send mail to amavisd-new. After all that is done, the mail is sent to the Zimbra mail server.
I've setup spamassassin so that DSPAM results produce substantial score. For training, I've setup two aliases on the 'amavisd-new' server: - spam-training: "|sudo -u vscan /usr/sbin/dspam --mode=teft --source=corpus --class=spam --user vscan" - ham-training: "|sudo -u vscan /usr/sbin/dspam --mode=teft --source=corpus --class=innocent --user vscan" So I'm redirecting 'false-negatives' to '[EMAIL PROTECTED]' and 'false-positives' to '[EMAIL PROTECTED]'. However, sometimes a spam mail comes through dspam as 'Innocent': > X-DSPAM-Result: Innocent > X-DSPAM-Confidence: 0.9899 > X-DSPAM-Probability: 0.0000 > > X-DSPAM-Factors: 27, I redirect this mail to 'spam-training' and I can see it gets there and the training command is executed. But when I check the 'dspam_stats' the 'false-negatives' count doesn't change... I've setup the LocalMX option to include all machines involved (Zimbra, relay, amavisd-new), I also added several 'IgnoreHeaders' directives as these headers are added first by SA and then some when the mail is redirected: > IgnoreHeader Received > IgnoreHeader X-Greylist > IgnoreHeader X-Virus-Scanned > IgnoreHeader X-Spam-Status > IgnoreHeader X-Spam-Score > IgnoreHeader X-Spam-Level > IgnoreHeader X-Spam-Flag > IgnoreHeader X-Spam-Scanned > IgnoreHeader X-Virus-Scanner-Result > IgnoreHeader X-Quarantine-Id > IgnoreHeader Resent-From > IgnoreHeader Resent-To > IgnoreHeader Resent-Date > IgnoreHeader Resent-Message-Id > IgnoreHeader Resent-User-Agent > IgnoreHeader Resent > IgnoreHeader Return-Path > IgnoreHeader X-Original-To > IgnoreHeader Delivered-To > IgnoreHeader From But still - 'false-negatives' count doesn't change... Though it seems to work sometimes as the 'false-negatives' count is not zero (256 currently). Obviously I'm missing something - can someone point me to it? Thanks, Danilo !DSPAM:1011,493e286c150921989221192!
