SpamAssassin bayesian score discrepancies
Posted
by
CaptSaltyJack
on Server Fault
See other posts from Server Fault
or by CaptSaltyJack
Published on 2014-08-20T02:58:12Z
Indexed on
2014/08/20
4:23 UTC
Read the original article
Hit count: 451
spamassassin
|amavis
This makes my brain hurt. For some reason, SpamAssassin is giving high scores to certain emails, but when I test them on the command line, they get a low score.
This one particular email has this in the header:
X-Spam-Flag: YES
X-Spam-Score: 8.521
X-Spam-Level: ********
X-Spam-Status: Yes, score=8.521 tagged_above=-9999 required=5
tests=[BAYES_99=3.5, BAYES_999=0.2, HTML_MESSAGE=0.001,
NO_RECEIVED=-0.001, NO_RELAYS=-0.001, RAZOR2_CF_RANGE_51_100=0.5,
RAZOR2_CF_RANGE_E8_51_100=1.886, RAZOR2_CHECK=0.922,
URIBL_RHS_DOB=1.514] autolearn=no
Yet when I dump the raw email into a file msg
and run sudo su amavis -c 'spamassassin -t msg'
, I get this output:
Content analysis details: (3.8 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.5 URIBL_RHS_DOB Contains an URI of a new domain (Day Old Bread)
[URIs: cliobeads.com]
-1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP
0.0 HTML_MESSAGE BODY: HTML included in message
-0.0 BAYES_20 BODY: Bayes spam probability is 5 to 20%
[score: 0.1855]
1.9 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
above 50%
[cf: 100]
0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
[cf: 100]
0.9 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
I'm really confused as to why when the email comes in, it gets a completely different score attached to it than when I run spamassassin -t
. Is there some other way I should be testing emails?
Also, my users have the ability to drag false positives into a folder called "False Positives," and every day a cron job fires off that runs this on every message in every user's folder:
sa-learn --dbpath=/var/lib/amavis/.spamassassin --ham /tmp/*-*.eml >/dev/null
I ran sudo locate bayes_toks
and there's definitely only one bayes DB on the system, in /var/lib/amavis/.spamassassin
. I'm clueless, any help would be great and may help restore my sanity!
© Server Fault or respective owner