On 6/16/2016 1:46 PM, Sebastian Arcus wrote:
I have a particular server running spamd which uses bayes every time I
test it by hand, but apparently never when it goes through exim/spamd.
I run everything (both the spamd daemon and the manual tests) as user
spamd. I checked the permissions on the bayes database. I use a global
bayes database in /var/spool/spamd/bayes/. I ran "spamassassin -D
--lint" - and I get no failures - both as root and as the user spamd.
In spite of all of the above, it looks pretty clear that bayes is only
used when I run an email manually through spamassassin, but not when
it goes from exim through spamd.
Here is the report when ran from the command line:
Content analysis details: (5.4 points, 5.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
2.0 BAYES_50 BODY: Bayes spam probability is 40 to 60%
[score: 0.5000]
0.0 HTML_IMAGE_RATIO_06 BODY: HTML has a low ratio of text to
image area
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or identical to
background
0.8 MPART_ALT_DIFF BODY: HTML and text parts are different
0.0 T_KAM_HTML_FONT_INVALID BODY: Test for Invalidly Named or Formatted
Colors in HTML
0.7 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not
necessarily valid
0.2 RDNS_NONE Delivered to internal network by a host
with no rDNS
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
0.0 UNPARSEABLE_RELAY Informational: message has unparseable
relay lines
0.0 LOTS_OF_MONEY Huge... sums of money
1.5 SUBJ_ILLEGAL_CHARS Subject: has too many raw illegal characters
0.0 MIME_HTML_ONLY_MULTI Multipart message only has text/html MIME
parts
0.0 SUBJECT_NEEDS_ENCODING Subject is encoded but does not specify the
encoding
And here is the report included in the same email message when it
comes through exim:
Content analysis details: (1.9 points, 5.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
0.7 MPART_ALT_DIFF BODY: HTML and text parts are different
0.0 HTML_IMAGE_RATIO_06 BODY: HTML has a low ratio of text to
image area
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or
identical to
background
0.0 T_KAM_HTML_FONT_INVALID BODY: Test for Invalidly Named or Formatted
Colors in HTML
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
-0.1 DKIM_VALID Message has at least one valid DKIM or DK
signature
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature
from author's
domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not
necessarily valid
0.0 LOTS_OF_MONEY Huge... sums of money
0.2 RDNS_NONE Delivered to internal network by a host
with no rDNS
0.0 UNPARSEABLE_RELAY Informational: message has unparseable
relay lines
0.0 MIME_HTML_ONLY_MULTI Multipart message only has text/html MIME
parts
Bayes is clearly not being used when it goes through spamd. Does
anybody know what could be causing this?
When you test by hand, are you using "spamassassin" or "spamc"? You
should be using "spamc" to test as closely as possible to your normal
mailflow.
Add this to your local.cf to get more detail on Bayes (should be all one
line):
add_header all Bayes bayes=_BAYES_,
N=_BAYESTC_(_BAYESTCLEARNED_-_BAYESTCHAMMY_+_BAYESTCSPAMMY_),
ham=(_HAMMYTOKENS(5,short)_), spam=(_SPAMMYTOKENS(5,short)_)
This will add an X-Spam-Bayes header that may give you more information
about what Bayes is doing.
--
Bowie
