On 01/04/2018 10:58 AM, Alex wrote:
Hi,
I am seeing this problem on my MailScanner filters as well:
# grep BAYES_999 maillog-20171231 | wc -l
9172
# grep BAYES_999 maillog-20171231 | grep -v "BAYES_99 " | wc -l
4
# rpm -q amavisd-new
amavisd-new-2.11.0-4.fc25.noarch
# rpm -q perl
perl-5.24.3-389.fc25.x86_64
This is with the JSON logging enabled so my grep is a bit different.
This is also with an SVN spamassassin snapshot from about two weeks
ago. This is also with bayes stored in mysql.
# bzcat /var/log/maillog-201801??.bz2|grep timestamp|grep BAYES_999|wc
6508 247134 16925929
# bzcat /var/log/maillog-201801??.bz2|grep timestamp|grep
BAYES_999|grep BAYES_99\"|wc
6508 247134 16925929
You need that last grep for BAYES_99 to be a "grep -v" and it needs some
delimiter after the "99" to disinguish it from "999" like an equals sign
since that is how amavis outputs it's rule hits and score.
Jan 4 06:41:59 mail02 amavis[15124]: (15124-14) Passed SPAM
{RelayedTaggedInbound}, [203.246.167.14]:63669 [203.246.167.14]
<zeil...@zeilcar.net> -> <postmas...@sa.ena.net>, Queue-ID:
C193E4A5F78C, Message-ID:
<9d14f53b-e8f9-186d-339d-aece00029...@zeilcar.net>, mail_id:
pDEMud2MEZKg, Hits: 55.731, size: 9691, queued_as: 9C5CD4A5F795, 1328
ms, Tests: [BAYES_999=0.2,...
Note the "BAYES_999=0.2" above would make your grep look like this:
# bzcat /var/log/maillog-201801??.bz2|grep timestamp|grep BAYES_999|grep
-v BAYES_99=|wc
Please let me know if there's anything further I can do to help.
--
David Jones
