1. USER_IN_WHITELIST is causing the low score. User has no whitelist, in fact has no custom user settings whatsoever.
Are you sure the message got processed as that user?
Question: Therefore the site-wide shared auto-whitelist.db is causing this flag, yes?
No.. the AWL shows up as a rule named AWL.
USER_IN_WHITELIST triggers in response to a whitelist_from statement.
<snip large quantity of stuff about the auto whitelist, since this has nothing to do with USER_IN_WHITELIST>
3. I turn on debugging (spamd -D) and tail the log. I find entries of "debug: auto-learning failed: lock: 2670 cannot create lockfile /var/ spool/spamassassin/bayes.mutex: Permission denied". This is because SpamAssassin "becomes" the receiving user to process mail and the lock- files (bayes.mutex and auto-whitelist.mutex) are owned by one user and trying to be overwritten by another. I tried turning off "lock_method flock" but that didn't make a difference.
Um, that part *needs* to fail. It's not a permissions problem or a bug. It's actualy a design feature that is intended to prevent database corruption. Don't try to circumvent this, as you'll corrupt your bayes database if you do. The mutex exists to prevent two SA processes from writing to the bayes DB at the same time.
If the lockfile exists, some SA process is currently writing the DB, and autolearning cannot occur. Since autolearning isn't a critical operation, SA skips autolearning, rather than logjaming your server waiting for the other process to finish with the database. Other processes, like manual calls of sa-learn, will intentionaly wait for the lock to free up, but autolearning won't.
Final question: is the USER_IN_WHITELIST false negative related to the auto-learn=failed?
No, that's bayes autolearning, and it means it got skipped due to lock contention.
