On Thu, 25 Feb 2016, Steve wrote:
Please keep the discussion on-list so others may help/benefit.
On 25/02/2016 01:14, John Hardin wrote:
The second one has autolearn=yes, so I would say that autolearn is
probably the cause of this behavior.
You're right... Manual training wasn't working - and autolearn became
self-reinforcing as a result. I had been misinterpreting my logs
(face-palm)! I now see that the training initiated by spamc (behind
dovecot antispam) was trying to train the bayes database in
~/.spamassassin/bayes* - but amavis was using the bayes database in
~ amavis/.spamassassin/bayes* - and was failing as a result (which I had
overlooked.)
Yeah, "are you training the right database?" is a standard initial
troubleshooting question; I apologize for not asking that up front.
I can now refine my question: Is there an easy way to:
a) Configure amavisd to use the spamassassin configuration
(~/.spamassassin/user_prefs and bayes_*) for the intended mailbox's account?
(As far as I can tell, this isn't supported...)
Not sure, I'm unfamiliar with the details of amavisd. Sorry.
b) Configure spamc -C report (run as any user) to initiate training of the
amavis bayes database (in ~amavis/.spamassassin) ?
That would probably be a code change, unless you want to write a wrapped
script that calls the real spamc and then sa-learn... Probably not a good
idea.
c) Configure everything to use a single site-wide database? (I've found
how-to documents suggesting that I set "bayes_path" and "bayes_file_mode" -
but when I try this, this part of the configuration seems to be ignored.)
That's probably the easiest to do.
https://wiki.apache.org/spamassassin/SiteWideBayesSetup
Also, if you are going to leave autolearn on, reduce the learn-as-ham
threshold!
Have you considered greylisting to give domains a chance to be added to
URIBLs before you see them?
I have - but I quickly lost patience with it. It is important to me that -
if I'm having a phone conversation with someone, and they send me an email
"there and then" - that I get to see it before hanging up. Greylisting is
incompatible with this wish.
It doesn't work for everyone.
I'm not comfortable increasing the URIBL_BLACK score (as you appear to have
done) as I don't want to risk any block-list ever being a single point of
failure for false positives.
URIBL_BLACK wouldn't become a poison pill by itself unless you score it
over 5. I don't necessarily recommend trusting it *that* much, but 3.0
seems reasonable to me.
I am, however, very curious about IXHASH -
which looks as if it is useful. How does this compare with (or relate to)
RAXOR/PYZOR/DCC? What's the best way to install it (on Ubuntu - if the
distro is relevant to the answer...)?
Dunno, maybe somebody else will chime in.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
A sword is never a killer, it is but a tool in the killer's hands.
-- Lucius Annaeus Seneca (Martial) 4BC-65AD
-----------------------------------------------------------------------
66 days since the first successful real return to launch site (SpaceX)
