So, the problem seems not to be SQL-specific, as it occurs with SQL or flat-file DB.
Upon following Benny Pedersen's advice (to move SA configuration directives from /etc/spamassassin/local.cf to /var/lib/amavis/.spamassassin/user_prefs), I noticed something unusual: $ ls -lah /var/lib/amavis/.spamassassin/ total 7.6M drwx------ 2 amavis amavis 4.0K Apr 20 08:54 . drwxr-xr-x 7 amavis amavis 4.0K Apr 20 08:56 .. -rw------- 1 root root 8.0K Apr 20 08:33 bayes_journal -rw------- 1 root root 1.3M Apr 20 00:09 bayes_seen -rw------- 1 root root 4.8M Apr 20 08:29 bayes_toks -rw-r--r-- 1 root root 799 Jun 28 2004 gtube.txt -rw-r--r-- 1 amavis amavis 2.7K Apr 20 08:55 user_prefs Welp, that'll do it! How those four files were set to root:root ownership is beyond me, but that was certainly a factor. Maybe this was a result of executing my training script as root (even though I had hard-coded the bayes_path to use /var/lib/amavis/.spamassassin/bayes, and when using SQL, hard-coded bayes_sql_override_username to use amavis)? I changed ownership to amavis:amavis and now messages are being scored with Bayes (all of them, from what I can tell so far). Also, I looked into the fact that I was running the cron job that trains ham and spam as root. I did this only because the amavis user lacks access to /var/vmail, which is where mail is stored on this system. (As a corollary, I'm a bit curious as to how amavis is able to scan incoming mail, given this lack of access -- maybe it does so using a pipe or some other method that does not require access to /var/vmail.) I think the disconnect was in the fact that I placed my custom configuration directives in /etc/spamassassin/local.cf, when I should have placed them in /var/lib/amavis/.spamassassin/user_prefs (for message scoring) *and* /root/.spamassassin/user_prefs (for ham/spam training). (Thanks for pointing-out this mistake, Benny P.) Putting my custom SA configuration directives in both of these files was the only way I was able to train mail and score incoming messages using the same credentials "across-the-board". Once I did this, I was able to use SQL or flat-file DB with the same exact results. Is there a better way to achieve this consistency, aside from putting duplicate content into /var/lib/amavis/.spamassassin/user_prefs and /root/.spamassassin/user_prefs? Feels like I'm out of the woods here! Thanks for all the expert help, guys. -Ben
