I have the exact same question:
How is one supposed to train SpamAssassin, manually, using the "sa-learn" executable when using Dovecot + Amavis + SpamAssassin + ISPConfig?
The original poster's attempts to flag spam were failing because he was executing the "sa-learn" executable as the "root" user, so the Bayesian tokens were not being added to the effective user's (amavis's) database. (The tokens were being added to the "root" user's database.)
Not sure if things are related, but like that I can't figure out where ISPConfig tells amavis + sa to get the learned rules from.
As I'm with amavis integrated, the right folder seems to be /var/lib/amavis/.spamassassin
I have found this to be the case as well. How? By discovering that SpamAssassin's "bayes_path" directive is not defined anywhere on the system in question, and the relevant source code indicates that the default value is ~/.spamassassin/bayes
, which should translate to /var/lib/amavis/.spamassassin
in the normal course of events.
I tried the following:
# su amavis -c 'sa-learn --spam "/var/vmail/example.com/sa-training/Maildir/.INBOX.Spam"'
archive-iterator: no access to /var/vmail/example.com/user/Maildir/cur: 13 at /usr/share/perl5/Mail/SpamAssassin/ArchiveIterator.pm line 539.
archive-iterator: no access to /var/vmail/example.com/user/Maildir/cur: 13 at /usr/share/perl5/Mail/SpamAssassin/ArchiveIterator.pm line 771.
archive-iterator: unable to open /var/vmail/example.com/user/Maildir/cur: 13
This does not work because the permissions on each user's "mail directory" (e.g., Maildir
) are 700, with vmail:vmail ownership. Adding the "amavis" user to the "vmail" group will not solve the problem, due to the 700 permissions.
Am I missing something obvious?
Indeed I was missing something "obvious".
The solution is to include the --username switch to the 'sa-learn' executable, e.g.:
# sa-learn --username=amavis --spam /var/vmail/example.com/trainer/Maildir/.Spam/cur
This enables one to execute the command as "root" or "vmail", which provides for the necessary permissions, while at the same time adding the tokens to the "amavis" user's database.