SpamAssassin 2.63

[brownowl]

Since I upgraded to SpamAssassin 2.63, very little spam appears to be being caught, and my bayes database seems to be being bypassed (not that it's easy to tell either way...). As I get around 600 spams a day personally, this is a major pain. I've had a really good look around, and can't see anything obvious. Anyone else having the same experience?

Cheers, Laurie.

[BackSeat]

Have a look at the headers and see why Spamassassin thinks they are spam. Are there any consistent reasons?

BS

[brownowl]

I think you misunderstand: very little that is clearly spam is being detected as such, not the other way round... Much less, in fact. I've even added a whole loads of rules from the web (referenced in a topic herein somewhere) and still stuff gets through. It seems to me that the ebuild is incomplete or something. Prior to this version, and indeed prior to these additional rules which are catching spam, much less spam got through.

Cheers, Laurie.

[georwell]

hmmm I am using it and it seems to be working.

[brownowl]

I did notice that in order for any scanning to happen after the upgrade, I needed to restart amavisd. I've also restarted all mail and related security/access daemons, and don't want to reboot. I can't see why it's failing to pick up what it did happily before, even with the new rules added.

Said new rules are being used, BTW, and where matches occur, spams are detected and flagged. it's just some obvious spam is coming up clean (hit = 0.0).

It'd be nice to be able to see if the bayes stuff is working, or even being referenced... (local.cf says it should be).

Cheers, Laurie.

[Dr_Stein]

That could be an issue with amavis, too - amavisd-new uses the spamassassin perl libraries instead of spamassassin itself.

Might be affecting things.

I would join the spamassassin mailing list (the one at incubator.apache.org) and keep up with it - there's a LOT of stuff that you can do.

[funkmankey]

I seem to recall you may have to migrate the bayes db between different versions of sa...I know that when my school upgraded sa, my procmail logs were full of complaints about the bayes db format and gave basically zero hits against bayes, until I ran some incantation of sa-learn or some such...
_________________
I've got the brain, I'm insane, you can't stop the power

[opty]

I had the same problem like this man has. Solved by installing (updateing) some perl modules:

Both amavisd-new and SpamAssassin are written in perl and have a number of other perl modules as dependencies. Fortunately perl has a built-in way to download and install these modules. To start the perl command environment use the command:

# perl -MCPAN -e shell

This command will popup a little cpan> prompt where you can enter commands. To install a module, type install followed by the module name (ex. install MIME::Words ). If you need help, type help.

Here is a list of the modules required. Note that same may return saying they are up to date, so just move on to the next one.

MD5
LWP
Mail::Internet
Archive::Tar
Archive::Zip
IO::Wrap
IO::Stringy
Unix::Syslog
MIME::Words
MIME::Head
MIME::Body
MIME::Entity
MIME::Parser
Net::SMTP
Net::DNS (when prompted to enable tests, choose no)
Net::Ping
Net::Server
Net::Server::PreForkSimple
Convert::TNEF
Convert::UUlib
MIME::Decoder::Base64
MIME::Decoder::Binary
MIME::Decoder::Gzip64
MIME::Decoder::NBit
MIME::Decoder::QuotedPrint
MIME::Decoder::UU
Time::HiRes
Digest::SHA1
Digest::Nilsimsa
Getopt::Long
File::Copy
Bit::Vector
Date::Calc


After that Run the perl shell to install it using the command:
# perl -MCPAN -e shell

then type:

install Mail::SpamAssassin

The problem was that Mail::SpamAssassin perl module was 2.60 version (seen in logs then restarting amavisd-new).

Finally reemerge SpamAssassin 2.63, restart amavisd-new and go ahead .

[Cabec2]

I've the same problem here : since the upgrade to SA 2.63, Bayesian filters are no longer used, and a lot of spam go through SA without being caught :/

before the update, all my emails had an header like this one (not a spam) :

[AresTheImpaler]

ok.. so from what I been reading.. the bayesian (sp?) thing is turn on automatically? or is there any configuration?

thanks

[Cabec2]

edit: omg, I forgot the second part, I should sleep more :p

erhm no.

If you want to use the bayesian db, you've 2 things to do :

1/ edit your /etc/mail/spamassassin/local.cf and add the lines you need. here's mine :

[Dr_Stein]

It has to learn - also, please see www.exit0.us and grab some additional rulesets.

Pyzor & stuff can help too.. Check this out:

X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on mailgate.pbp.net
X-Spam-Level: **************
X-Spam-Status: Yes, hits=14.4 required=4.5 tests=BAYES_99,FORGED_OUTLOOK_TAGS,
HTML_50_60,HTML_IMAGE_ONLY_02,HTML_MESSAGE,J_CHICKENPOX_17,MRWIGGLY,
PYZOR_CHECK autolearn=no version=2.63
X-Spam-Report:
* 0.6 J_CHICKENPOX_17 BODY: {1}Letter - punctuation - {7}Letter
* 0.1 HTML_MESSAGE BODY: HTML included in message
* 5.4 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
* [score: 1.0000]
* 0.1 HTML_50_60 BODY: Message is 50% to 60% HTML
* 1.2 HTML_IMAGE_ONLY_02 BODY: HTML: images with 0-200 bytes of words
* 3.5 PYZOR_CHECK Listed in Pyzor (http://pyzor.sf.net/)
* 1.0 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format
* 2.5 MRWIGGLY Mr. Wiggly enhance drug spam.
X-Virus-Scanned: by AMaViS 0.3.12

[encieno]

hmmm. i've used spamassassin for some time now... havent had any problems prior. i'm in the process of setting up my gentoo box to take over my current slack install... i've done everything listed here, and bayesian filtering is still not working. last time I had this problem during a spamassassin upgrade, had to upgrade DB_File as well. I've done that, as well as all the other modules, and have emerged spamassassin a few times now and its still not going. i migrated a fairly large bayes database to the new machine just to test, and have even tried from scratch, its not even touching the files. anyone know of any other reason as to why it still isnt going? will it only use the filtering once the database grows to a certain size? i had over 1000 or so emails fed through it.

thanks.

[Cabec2]

encieno : since it seems we are in the same situation, can you share your settings, so that we can compare them..
Ideally someone with a working SA would be welcome to do the same

[encieno]

cabec2: oops, for some reason i thought you had yours solved, read again, nope, hehe.

i'm actually running a fairly default setup. using libmilter in sendmail along with clamav also, both using milter. i've tried adding both the use_bayes and auto_learn in both local.cf and/or the individual user config. the only difference in this install, and my slack box, is that i'm now using spamd instead of the spamassassin binary... and my old install was just using a procmail and .forward to send it through spamassassin and sort it... hmmm.. im about to take the mitler stuff out and see if it'll use bayes that way. i really dont see why it would.. sort of lost, haha.

[Cabec2]

damn, no, my case isnt solved

the whole bayesian part of SA is still ignored :p

[encieno]

hmmm, as much as a n00b i'd hate to say i'm not, i should have read the past few posts a little closer. running sa-learn -D is pretty clear.

debug: bayes: Not available for scanning, only 0 ham(s) in Bayes DB < 200


sooo... i guess it needs to learn 200 hams as well, i had assumed that didnt matter for some reason. wonder why it continues to work on my other box... odd. time to go feed it some ham and see whats up next =]

[encieno]

hmmm, heh. i feel lame. it sure does wonders to read mailing lists and/or forums. after feeding madd amounts of spam and ham into the db, all works as planned. its odd though, im still curious as to how my slack box ran fine w/o adding so much ham to the db before hand. basically the same setup, except spamd running on my gentoo install, hmmm. oh well, fixed it so i dont really care =]
next time i WILL read stuff a tad closer, hehe.

[Cabec2]

erhm, happy to know that your problem was easy

however I just checked my db (sa-learn -D --dump magic), and it contains 241 spams and 208 hams. According to those numbers, it should be used, but it's not :p
I've even no warnings telling me why it's ignored

[encieno]

hmm, try adding a bit more maybe. i dumped about 800 or so in both of the db's... also make sure you restart spamd and spamass-milter<if your using milter, forgot>... i dont see why that would be required, but for some reason it took a restart for mine to kick in and start filtering.....hmmm., other than that, i really dont know what could be up with it. odd. when you run sa-learn -D --spam <whatever mail> is it giving any errors at the top? i noticed that line at the top of mine, saying that there werent enough ham available to do any type of scanning...

[Cabec2]

omg, I found the answer

during the 2.60 > 2.63 upgrade, the db was destroyed for an obscure reason.
When I rebuilt it, I did it under root account, while spamassassin is called by amavis pseudo user in my mail circuit. a simple chown, and everything goes well :p

anyway thx encieno for suggestins :p

[encieno]

haha.. sweet. now all of us 'n00b's can go on about getting some massive posting done to get a new status =]