On Tue, 8 Aug 2017 13:06:26 -0500 Scott Techlist wrote: > Centos7 > Postfix 3.2.2 > Amavisd-new 2.11.0 > Spamassassin 3.4.0 > Site-wide configuration > > This is a new box and I've configured some conservative values for > auto-learn. I've enabled it properly AFAIK, but I can't see any sign > of it working. > > I have these set in local.cf > use_bayes 1 > bayes_auto_learn 1 > bayes_auto_learn_threshold_nonspam -1.7 > bayes_auto_learn_threshold_spam 10.0 > # this is a filename prefix, not a directory per se > bayes_path /etc/mail/bayes/bayes > bayes_file_mode 0666 > > -------------bayes prep ---------------- > Start fresh for troubleshooting: > su amavis -c 'sa-learn --clear' > > Add one spam manually and check tokens: > > [root@tn2 mail]# su amavis -c 'sa-learn --dump magic' > 0.000 0 3 0 non-token data: bayes db > version 0.000 0 1 0 non-token data: nspam > 0.000 0 0 0 non-token data: nham > 0.000 0 2157 0 non-token data: ntokens > > ---------amavisd prep---------------- > > Restart amavisd/spamassassin just to be sure all configs read.. > > ------- ready to process ------------- > > The next high scoring spam arrives, it was sent to my spam mailbox. > It did NOT autolearn. Nor did several others. > > To troubleshoot, I took one that did not autolearn, and learned it > manually by: su amavis -c 'sa-learn -D --spam --showdots > --mbox /home/mail/onespam > > even though this message was slightly over the threshold, the log > says it learned anyway: -D log snippet: > --------------------- > Aug 8 12:37:27.216 [13198] info: archive-iterator: skipping large > message: 858 lines, 262203 bytes, limit 262144 bytes > > Learned tokens from 1 message(s) (1 message(s) examined) > --------------------- > > Verified it learned: > > [root@tn2 mail]# su amavis -c 'sa-learn --dump magic' > 0.000 0 3 0 non-token data: bayes db > version 0.000 0 2 0 non-token data: nspam > > > Partial header from that message: > > X-Spam-Flag: YES > X-Spam-Score: 17.374 > X-Spam-Level: ***************** > X-Spam-Status: Yes, score=17.374 tag=-9999 tag2=5 kill=6.31 > tests=[RCVD_IN_BRBL_LASTEXT=1.644, RCVD_IN_DNSWL_NONE=-0.0001, > RCVD_IN_RP_RNBL=1.284, RCVD_IN_SBL_CSS=3.558, > RCVD_IN_SORBS_WEB=1.5, RP_MATCHES_RCVD=-0.001, > SUSPICIOUS_RECIPS=2.497, URIBL_ABUSE_SURBL=1.948, URIBL_BLACK=1.7, > URIBL_DBL_SPAM=2.5, URIBL_SBL=0.644, URIBL_SBL_A=0.1] autolearn=no > autolearn_force=no > > Why aren't my spams getting auto-learned? If sa-learn "ate" it, > shouldn't auto-learn too?
To autolearn spam you need 3 points from the body and 3 from headers.
