Dear fellow SpamAssassin users, I’ve read everything I could find on scoring and autolearning before posting here, and yet cannot figure why autolearn triggers properly in the presence of ham but never triggers when SpamAssassin is fed spam.
My global settings for SpamAssassin 3.4.2 launched from procmail on Gentoo Linux (x86_64) are (in |/etc/spamassassin/local.cf|) |bayes_auto_learn_on_error 1 | which should be irrelevant here, with plugins RelayCountry, URIDNSBL, SPF and TxRep in addition to the default config (the [mis-?]behaviour was identical before I activated those plugins). Plugins all have default parameters. My user settings (in |~/.spamassassin/user_prefs|): |bayes_auto_learn_threshold_spam 8.0 use_txrep 1 txrep_autolearn 2 | However, even with heavy spam, autolearn does not seem to engage in spam mode. The rule of “minimum score of 3 for the headers and 3 for the body” seems ok with this one, excluding Bayes rules (body should be 2.6 for DEAR_FRIEND + 1.4 for MONEY_FORM_SHORT + 1.0 for FORM_FRAUD + 2.0 for ADVANCE_FEE_2_NEW_MONEY): |X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on […] X-Spam-Flag: YES X-Spam-Level: ******************************** X-Spam-Status: Yes, score=32.3 required=5.0 tests=ADVANCE_FEE_2_NEW_MONEY, BAYES_99,BAYES_999,DATE_IN_FUTURE_03_06,DEAR_FRIEND,FORGED_MUA_OUTLOOK, FORM_FRAUD,FREEMAIL_FORGED_REPLYTO,FREEMAIL_REPLYTO_END_DIGIT, FROM_MISSPACED,FROM_MISSP_EH_MATCH,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO, FROM_MISSP_USER,FROM_MISSP_XPRIO,FSL_NEW_HELO_USER,KHOP_DYNAMIC, LOTS_OF_MONEY,MISSING_HEADERS,MISSING_MID,MONEY_FORM_SHORT, MONEY_FROM_MISSP,NSL_RCVD_FROM_USER,RCVD_IN_BL_SPAMCOP_NET, RCVD_IN_RP_RNBL,RCVD_IN_SBL_CSS,REPLYTO_WITHOUT_TO_CC,STATIC_XPRIO_OLE, TO_NO_BRKTS_FROM_MSSP,TO_NO_BRKTS_MSFT,TXREP,T_FILL_THIS_FORM_SHORT shortcircuit=no autolearn=no autolearn_force=no version=3.4.2 […] Content analysis details: (32.3 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.2 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% [score: 1.0000] 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% [score: 1.0000] 0.0 NSL_RCVD_FROM_USER Received from User 3.3 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS [65.29.9.30 listed in zen.spamhaus.org] 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL, https://senderscore.org/blacklistlookup/ [81.83.3.92 listed in bl.score.senderscore.com] 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net [Blocked - see <https://www.spamcop.net/bl.shtml?65.29.9.30>] 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit (mariaroberts427[at]gmail.com) 3.0 DATE_IN_FUTURE_03_06 Date: is 3 to 6 hours after Received: date 1.0 MISSING_HEADERS Missing To: header 2.6 DEAR_FRIEND BODY: Dear Friend? That's not very dear! 0.0 FROM_MISSP_MSFT >From misspaced + supposed Microsoft tool 0.5 MISSING_MID Missing Message-Id: header 1.3 KHOP_DYNAMIC Relay looks like a dynamic address 0.0 LOTS_OF_MONEY Huge... sums of money 0.0 FROM_MISSP_XPRIO Misspaced FROM + X-Priority 0.0 FSL_NEW_HELO_USER Spam's using Helo and User 1.6 REPLYTO_WITHOUT_TO_CC No description available. 0.0 FROM_MISSP_USER From misspaced, from "User" 2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From 0.0 MONEY_FROM_MISSP Lots of money and misspaced From 2.0 STATIC_XPRIO_OLE Static RDNS + X-Priority + MIMEOLE 0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To 0.0 FROM_MISSPACED From: missing whitespace 2.1 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems 1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook 0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope 0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool 0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal information 1.4 MONEY_FORM_SHORT Lots of money if you fill out a short form 1.0 FORM_FRAUD Fill a form and a fraud phrase 2.0 ADVANCE_FEE_2_NEW_MONEY Advance Fee fraud and lots of money -0.1 TXREP TXREP: Score normalizing based on sender's reputation | What did I do wrong? What (probably trivial) bit did I miss? Thanks in advance. Sam
