On 16/06/16 18:46, Sebastian Arcus wrote:
I have a particular server running spamd which uses bayes every time I
test it by hand, but apparently never when it goes through exim/spamd.
I run everything (both the spamd daemon and the manual tests) as user
spamd. I checked the permissions on the bayes database. I use a global
bayes database in /var/spool/spamd/bayes/. I ran "spamassassin -D
--lint" - and I get no failures - both as root and as the user spamd.
In spite of all of the above, it looks pretty clear that bayes is only
used when I run an email manually through spamassassin, but not when it
goes from exim through spamd.
Here is the report when ran from the command line:
Content analysis details: (5.4 points, 5.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
2.0 BAYES_50 BODY: Bayes spam probability is 40 to 60%
[score: 0.5000]
0.0 HTML_IMAGE_RATIO_06 BODY: HTML has a low ratio of text to image
area
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or identical to
background
0.8 MPART_ALT_DIFF BODY: HTML and text parts are different
0.0 T_KAM_HTML_FONT_INVALID BODY: Test for Invalidly Named or Formatted
Colors in HTML
0.7 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not
necessarily valid
0.2 RDNS_NONE Delivered to internal network by a host with
no rDNS
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay
lines
0.0 LOTS_OF_MONEY Huge... sums of money
1.5 SUBJ_ILLEGAL_CHARS Subject: has too many raw illegal characters
0.0 MIME_HTML_ONLY_MULTI Multipart message only has text/html MIME parts
0.0 SUBJECT_NEEDS_ENCODING Subject is encoded but does not specify the
encoding
And here is the report included in the same email message when it comes
through exim:
Content analysis details: (1.9 points, 5.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
0.7 MPART_ALT_DIFF BODY: HTML and text parts are different
0.0 HTML_IMAGE_RATIO_06 BODY: HTML has a low ratio of text to image
area
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or identical to
background
0.0 T_KAM_HTML_FONT_INVALID BODY: Test for Invalidly Named or Formatted
Colors in HTML
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
-0.1 DKIM_VALID Message has at least one valid DKIM or DK
signature
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature
from author's
domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not
necessarily valid
0.0 LOTS_OF_MONEY Huge... sums of money
0.2 RDNS_NONE Delivered to internal network by a host
with no rDNS
0.0 UNPARSEABLE_RELAY Informational: message has unparseable
relay lines
0.0 MIME_HTML_ONLY_MULTI Multipart message only has text/html MIME
parts
Bayes is clearly not being used when it goes through spamd. Does anybody
know what could be causing this?
OK - thank you to everybody who helped with hints and info. Bayes is
finally working now. What I initially had in place is:
1. Site-wide bayes db in /var/spool/spamd/bayes/ and owned by spamd.spamd
2. Spamd socket owned by spamd.spamd - which turns out that didn't make
much sense
3. Spamd ran as root - for some reason I got confused and thought
setting the owner/group for the socket meant spamd was run as non-root user.
What I have now:
1. Spamd socket owned by exim.exim (as it is the only piece of software
which needs to talk to spamd) - and mode set to 0660.
2. Spamd runs as "spamd" user.
3. Bayes db still in the same place as above and with the same ownership
- but I've set them as 0660
In conclusion it would appear that running the spamd as root was the
cause of the problem - although root should have been able to access the
bayes database anyway. I'm a little lost on that point I'm afraid. But I
think it's been a good opportunity to straighten the setup both on the
server and in my head :-) Thank you again.
