BAYES database

Discussion in 'Installation/Configuration' started by MisterRichard, Nov 1, 2016.

  1. MisterRichard

    MisterRichard New Member

    Hi,
    Environment : Debian 7.11
    When I run this manually :
    spamassassin -t -D pyzor 1477959153.M833444P31889V0000000000000801I000000000006D6A4_0.transporter\,S\=12872
    Content analysis details: (5.0 points, 4.0 required)

    pts rule name description
    ---- ---------------------- --------------------------------------------------
    3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100%
    [score: 1.0000]
    1.2 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist
    [URIs: eyeblush.eu]
    0.2 BAYES_999 BODY: Bayes spam probability is 99.9 to 100%
    [score: 1.0000]
    0.0 HTML_MESSAGE BODY: HTML included in message

    It shows the BAYES database working, however the mail itself after passing through the system has an X-SPAM header of this :
    X-Spam-Status: No, score=1.051 tagged_above=-1000 required=2.4
    tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, URIBL_ABUSE_SURBL=1.25,
    URIBL_BLACK=1.7] autolearn=no

    Showing a BAYES_00= -1.9.

    I don't understand why ? Can somebody please help ?

    Thanks,

    Richard
     
  2. Jesse Norell

    Jesse Norell Active Member

    I'd guess you ran spamassassin from the commandline as one user (and hence one bayes database), but the user spamassassin runs as when actually delivering mail (ie. amavis) is different (and has a different bayes database).
     
  3. MisterRichard

    MisterRichard New Member

    Hi Jesse,
    Thanks for your input :)

    This was my line of thinking also, I believe amavisd-new is running as the amavis user :

    ps aux | grep amavis
    amavis 26118 0.4 0.7 85472 63028 ? S 06:26 0:03 /usr/sbin/amavisd-new (ch16-avail)
    amavis 26122 0.2 0.7 84396 61372 ? S 06:26 0:02 /usr/sbin/amavisd-new (ch16-avail)
    amavis 26179 0.4 0.7 86136 63224 ? S 06:27 0:03 /usr/sbin/amavisd-new (ch15-avail)
    amavis 26188 0.6 0.7 86688 64248 ? S 06:27 0:05 /usr/sbin/amavisd-new (ch14-avail)
    amavis 26320 0.3 0.7 86400 63884 ? S 06:28 0:02 /usr/sbin/amavisd-new (ch14-avail)
    amavis 26737 0.5 0.7 84824 62376 ? S 06:30 0:03 /usr/sbin/amavisd-new (ch10-avail)
    amavis 26831 0.3 0.7 84784 61740 ? S 06:31 0:01 /usr/sbin/amavisd-new (ch10-avail)
    amavis 26889 0.4 0.7 87084 64556 ? S 06:32 0:02 /usr/sbin/amavisd-new (ch8-avail)
    amavis 26898 0.3 0.7 84856 61796 ? S 06:32 0:01 /usr/sbin/amavisd-new (ch9-26898-09-idle)
    amavis 26990 0.3 0.7 84396 61360 ? S 06:32 0:01 /usr/sbin/amavisd-new (ch8-avail)
    amavis 27115 0.3 0.7 84252 61280 ? S 06:33 0:01 /usr/sbin/amavisd-new (ch6-avail)
    amavis 27176 0.3 0.7 84256 61244 ? S 06:34 0:01 /usr/sbin/amavisd-new (ch6-avail)
    root 27725 0.0 0.0 3572 776 pts/1 S+ 06:39 0:00 grep amavis

    So I did this :

    su amavais
    spamassassin -t -D pyzor 1478175128.M178828P13761V0000000000000801I000000000007420F_0.transporter\,S\=43088

    output :

    Content analysis details: (0.8 points, 4.0 required)

    pts rule name description
    ---- ---------------------- --------------------------------------------------
    0.0 DIET_1 BODY: Lose Weight Spam
    0.0 HTML_MESSAGE BODY: HTML included in message
    0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60%
    [score: 0.5000]

    However,
    the X-SPAM says this :

    X-Spam-Status: No, score=-1.898 tagged_above=-1001 required=2.4
    tests=[BAYES_00=-1.9, DIET_1=0.001, HTML_MESSAGE=0.001] autolearn=ham

    I am missing something, but I am not sure what it is.

    Thanks,

    Richard
     
  4. Jesse Norell

    Jesse Norell Active Member

    Is it getting spam scanned twice by chance, so a second invocation (maybe as a different user?) overwrites the first X-Spam-Status with other results?
     
  5. MisterRichard

    MisterRichard New Member

    hmmm, I think if this was the case, amavis would be running as a process twice with a different user ?

    Amavis calls the spamassin libraries when it is used, so anything spamassassin related would run as the user amavis is running as ?
     
  6. Jesse Norell

    Jesse Norell Active Member

    Right, I was wondering if that's what was happening (by mistake). But that's just a guess to try to explain different BAYES score for the same message. Assuming you do have the same database both times (ie. for amavis user), the difference is probably just what the message and the database contain at the times you're comparing. Eg. live delivery runs through and does poorly (including autolearn=ham training the db incorrectly). A little later you're looking in to the message and re-run manually, but now there are a few more headers in the message (so not identical messages being compared), and maybe a few other users have marked that message as spam in the mean time (so different bayes db contents as well).

    Correct.
     

Share This Page