I work for a company that has lots of mail users. We use Exim with Spamassassin. My job is to track down this problem.
We are getting complaints of too much spam and have tracked it down, using Google, to our bayes files not working correctly. I do not know if they are poisoned or just not working. When bad spam gets through it is always the same, BAYES_00 -1.9 in the headers. According to what I have googled there is only one thing we can do and that is to clear the bayes filters and either allow it to start again and possibly retrain. Each individual has their own bayes filters, /home/user/.spamassassin/bayes_*. Exim version 4.82 #2 built 17-Jul-2014 13:21:53 SpamAssassin Server version 3.3.2 CentOS 6.5 64bit But we are getting a lot of it, not all accounts, so I think this means we are getting poisoned or something they are doing is rendering the bayes filters non functional. Here is from one of them from a week or 2 ago: sa-learn --dump magic 0.000 0 3 0 non-token data: bayes db version 0.000 0 476 0 non-token data: nspam 0.000 0 40270 0 non-token data: nham 0.000 0 178749 0 non-token data: ntokens 0.000 0 1203387778 0 non-token data: oldest atime 0.000 0 1408472415 0 non-token data: newest atime 0.000 0 1409168326 0 non-token data: last journal sync atime 0.000 0 1408444279 0 non-token data: last expiry atime 0.000 0 22118400 0 non-token data: last expire atime delta 0.000 0 3617 0 non-token data: last expire reduction count I don't know the significance of the above readout, but all the discussions talk about this. What I was hoping to do, is there a programmatic way such as with a script, I could do something to an accounts files and voila know that it is in this corrupt state? If so I could automate this clear and possibly retrain. Thank you Julian
