On Wed, 2 Aug 2023, Thomas Cameron via users wrote:
Wow! What a charming response! You must be a LOT of fun at parties, and have lots of
friends! <eyeroll>
Please don't feed the troll. There's a reason that Reindl is blocked from this
list.
No, I did not get that response. I don't have any of those specific spam to
sample, as I have not gotten one today. But the last spam I got that
slipped through SA had this score:
X-Spam-Status: No, score=-5.1 required=5.0 tests=BAYES_00,DEAR_SOMETHING,
DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,
HTML_MESSAGE,RCVD_IN_DNSWL_HI,RCVD_IN_MSPIKE_H2,RCVD_IN_PBL,
SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE shortcircuit=no
So nothing about any tests not working, or queries being rejected. Nothing that
looks like misconfiguration on my end. I am not saying there are
no misconfigurations on my end, but if there are, it's not super obvious to me.
The fact that you're getting BAYES_00 on that message indicates that Bayes
-really- thinks it's ham.
Given that you've trained multiple instances of this kind of message to Bayes as
spam but it still gets BAYES_00 score means one of two things:
1) Either you've got thousands of instances of similar messages that were
learned as 'ham'
2) or the database that Bayes in your running SA instance is using is not the
same one that you were doing your training to.
This could be configuration issues or pilot error (using the wrong identity when
doing the training, training on the wrong machine, etc).
On your SA machine what does the output of "sa-learn --dump magic" show you?
(IE how many nspam & nham tokens, what is the newest "atime", etc).
If careful config & log inspection doesn't give clues, try this brute-force
test.
Shut down your SA, move the directory containing your Bayes database out of the
way and create a new empty one.
("sa-learn --dump magic" should now show 0 tokens).
Then train a few ham & spam messages (only a dozen or so), recheck the --dump
magic to see that there are now some tokens in the database but not too many.
Restart your SA and watch the log results. If there are fewer than 200 messages
(both ham & spam) in your Bayes database then SA won't use it, so make sure
that's the case, your new database should be too empty for SA to be willing to
use it.
So if you -are- getting Bayes scores then that indicates that SA is using some
database other than what you think it has.
Now start manually training more messages (spam & ham). When you hit the 200
count threashold Bayes scores should start showing up in your logs.
Good luck.
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center, 103 S Capitol St.
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
