# [CLOSED] alternatives to Spamassassin?

## trossachs

I am having difficulties with Spamassassin and in the same way that I lept forth from the Sendmail train in order to take up the last late night shuttle with Postfix, I am looking for an alternative to the proprietary Spam destroyer.

So pls can you any of you post your pro's and cons in order that all, myself included, can benefit from your vast experiences. 

It would probabaly be wise to note that I have various header_checks enabled with Postfix. The relevant section of my main.cf is noted below:

```

header_checks = regexp:/etc/postfix/filters/header_checks

body_checks = regexp:/etc/postfix/filters/body_checks

mime_header_checks = regexp:/etc/postfix/filters/mime_header_checks

```

And these do go some way to tackling the spam prob, esp for attachments of which NONE get thru and thus I have no virus issues and have not had for some yrs. But sometimes I look in my mail folders and find that they are still somewhat populated with UCE.

I can email the main filters for those interested for their own use.

JFLast edited by trossachs on Sun Mar 21, 2004 11:09 am; edited 1 time in total

----------

## Dr_Stein

What problems are you having with SpamAssassin? It's also not proprietary at all, and is quite flexable. 

I'd take a look at www.securitysage.com - lots of Postfix information and free *_checks files. Quite useful stuff. 

Also, you might want to check out http://www.exit0.us - the SpamAssassin Wiki. Additional rulesets can be found there.

----------

## trossachs

It is with securitysage.com that I have sorted out my header and mime checks. They do work quite well although, securitysage are now moving away from the header_check system and are now posting shorter versions.

I just can't seem to get SA to work even though I have emerged it. And also, I can find no easy config files or web pages that I can go to for easy documentation. Can you advise on this point?

----------

## Chris W

Without knowing what difficulty you are having we are unable to give specific assistance.  What do:

```
$ spamassassin < spam_mail_message

$ spamassassin < ham_mail_message
```

 do?  IIRC there was nothing to do regards config files to make it work after emerging unless you wanted to insert it into the Postfix processing as a global thing.

----------

## Dr_Stein

Oh, geez.. what would you like to do with it?  :Smile: 

What kind of hardware? 

How much mail will pass through it every day?

Lots of stuff you can do.. have procmail call "spamassassin," run the spamd daemon and pass mail through it, have the MTA (Postfix, whatever) pass the mail through SpamAssassin, all kinds of stuff. 

Let us know what you'd like to do with it, and perhaps we can help.

What problems did you have when trying to emerge spamassassin?

----------

## trossachs

OK. I have spamd working in the background, but Spamassassin does not identify any of the spam that gets thru to my maildir's.

For example, at the bottom of my .procmailrc file, I have the following entry for SA:

```

:0fw: spamassassin.lock

|/usr/bin/spamassassin

:0

*^X-Spam-Status: Yes

.SPAMMERS_BEWARE/

```

The code within my - /etc/mail/spamassassin/local.cf file:

```

required_hits           7.5

rewrite_subject         0

subject_tag             *****SPAM*****

report_safe             1

use_terse_report        0

use_bayes               1

auto_learn              1

skip_rbl_checks         0

use_razor2              1

use_dcc                 1

use_pyzor               1

ok_languages            en

ok_locales              en

```

But no mail get's written with this ***SPAM*** subject line. Perhaps the original line to this posting ought to have been, "where am I going wrong with SA?"

Is there any further information that you will need posted?

----------

## ivor_orrible

If you are running spamd you need to feed mail to spamc not spamassasin

spamassasin is a perl script and spamd and spamc are binaries that run faster

for systems with a high load.

Try feeding to spamc are stop spamd and try it.

Ivor Cave

----------

## trossachs

Thx for this Ivor, but I would I direct Postfix or Procmail to send all mail to be processed thru spamd before I see it and then to put all suspected spam mail into my .SPAMMERS_BEWARE maildir?

Also, where does Razor come into the equasion or does it not?

----------

## ivor_orrible

 *JulesF wrote:*   

> Thx for this Ivor, but I would I direct Postfix or Procmail to send all mail to be processed thru spamd before I see it and then to put all suspected spam mail into my .SPAMMERS_BEWARE maildir?
> 
> Also, where does Razor come into the equasion or does it not?

 

Use procmail to feed to spamc using the recipe in you post.

Send your self a mail and look at the header spamassasin should show

in the header.

Ivor Cave

----------

## trossachs

SA should mark up my subject with *****SPAM***** if it detects something, but this is not happening. So am I to assume that spamd does not work? The spamd daemon is currently active but not doing anything.

What is your own setup like and how does SA report the interception of mail?

----------

## ivor_orrible

 *JulesF wrote:*   

> SA should mark up my subject with *****SPAM***** if it detects something, but this is not happening. So am I to assume that spamd does not work? The spamd daemon is currently active but not doing anything.
> 
> What is your own setup like and how does SA report the interception of mail?

 

I feed mine to /usr/bin/spamassasin as I my server as low traffic

spamd only works with spamc feed mail to spamc

I use this in /etc/procmailrc

:0fw

| /usr/bin/spamassasin 

changing this to | /usr/bin/spamc should work is you procmailrc being read?

Are you using /etc/procmailrc or /home/user/.procmailrc?

The recipe has to be in /etc/procmailrc to work on all users mail and in your

/home/user/.procmailrc for just one users mail.

Ivor Cave

----------

## nevynxxx

As far as I know Jules you have to Train spam assasin to recognise spam. Though I have never used it. It should tag all messages it sees with some headers, but only ones it recognises will get the subject line tagged. Look for spamassasin stuff in the headers to see if it is processing.

As for not getting the tags in the subject, if you havn't trained it it wont think anything is spam, hence it wont tag the subject. I have some good docs on this at work, I will mail you a link tomorrow

----------

## Dr_Stein

7.5 is kind of high for a score, too.. try lowering that to 5.0 (default) and restart spamd. 

Also, the others are right.. you'd be better off piping it to spamc via procmailrc (system wide) 

Check www.spamassassin.org too - some sample procmailrc stuff there.

----------

## trossachs

OK cool. Have taken all of your very welcome advice on board, especially what was said about the global reference to .procmailrc. Guess we now have to wait and see what happens.

Does spamassassin need to 'get updates' on new spamming methods, or will the internal rules and recipes that were installed with it surfice for some considerable time? The reason I ask is that as with Virus software, new spamming methods are deployed all the time. How will SA keep up with this?

PS: Btw, on a completely separate note, by placing my .vimrc and .viminfo files in /etc, will this ensure that all usr's get the same settings for use with Vim?

----------

## Dr_Stein

Oh, I forgot to tell you one thing - bayes won't kick in until it's learned from 200 SPAM and 200 HAM. 

you can use "sa-learn" and teach it from your spam & ham.

ie: sa-learn --spam --showdots --dir /home/vmail/blah.com/spam/.maildir (or whatever directory your spam is sitting in)

Check www.exit0.us for "RulesDuJour" - the closest thing to automatic rule updates. Run it out of cron every week... it'll download updated rulesets that volunteers have contributed.

----------

## trossachs

I will have to check this out. I have placed the .procmailrc file in /etc, but when I return to my machine I find that no mail has been delivered for the last 2 hrs! The maillog shows lots of mail, but none in the maildirs; so I have had to put the .procmailrc file back into the $home directory.

Should I leave an empty .procmailrc file in the $home directory and place the correct file in /etc?

----------

## ivor_orrible

 *JulesF wrote:*   

> I will have to check this out. I have placed the .procmailrc file in /etc, but when I return to my machine I find that no mail has been delivered for the last 2 hrs! The maillog shows lots of mail, but none in the maildirs; so I have had to put the .procmailrc file back into the $home directory.
> 
> Should I leave an empty .procmailrc file in the $home directory and place the correct file in /etc?

 

One thing to note when in /etc leave the dot of the start of procmailrc

It shouldn't matter having two procmail files as the one in /etc is system wide and

the one in you home is just for your mail. So each user can further sort their own

mail.

Ivor Cave

----------

## en_jones

if you want it to add ****SPAM**** to your subject line then you might want to try changing the rewrite_subject 0 to a 1 (indicating a TRUE boolean value).

----------

## swimmer

 *en_jones wrote:*   

> if you want it to add ****SPAM**** to your subject line then you might want to try changing the rewrite_subject 0 to a 1 (indicating a TRUE boolean value).

 

Thx - just wanted to write the same  :Smile: 

swimmer

----------

## trossachs

Thx en_jones. I have made this change and restarted spamd. Will see in the morning if any spam comes printed with this text in the subject line.

What should I put in .procmailrc to ensure that all spam mail get's sent directly into a certain maildir; except to do the usual:

```

:0

*^Subject:.*-SPAM-

.Spam/

```

----------

## trossachs

Well, I have looked at my mail all day today and no mail has been identified as being spam mail. Spam still populates my INBOX as ever before. Any ideas as to why this could be? thanks.

----------

## Chris W

You have increased the spam threshold from the default 5 to 7.5, which is probably part of the problem.  Pick a spam message from your inbox and feed it to spamassassin thus: 

```
$ spamassassin < './maildir/cur/1079549052.17927_0.ptolemy:2'

----8<---- snip -----

Content analysis details:   (24.7 points, 5.0 required)

 pts rule name              description

---- ---------------------- --------------------------------------------------

 0.1 HTML_LINK_CLICK_HERE   BODY: HTML link text says "click here"

 0.1 HTML_FONTCOLOR_BLUE    BODY: HTML font color is blue

 0.1 HTML_MESSAGE           BODY: HTML included in message

 0.3 HTML_FONT_BIG          BODY: HTML has a big font

 5.4 BAYES_99               BODY: Bayesian spam probability is 99 to 100%

                            [score: 1.0000]

 0.3 MIME_HTML_ONLY         BODY: Message only has text/html MIME parts

 0.6 MIME_HTML_NO_CHARSET   RAW: Message text in HTML without charset

 0.1 BIZ_TLD                URI: Contains a URL in the BIZ top-level domain

 1.1 RCVD_IN_SORBS_HTTP     RBL: SORBS: sender is open HTTP proxy server

                            [219.133.167.190 listed in dnsbl.sorbs.net]

 1.0 RCVD_IN_OPM_HTTP       RBL: OPM: sender is open HTTP CONNECT proxy

                            [219.133.167.190 listed in opm.blitzed.org]

 2.7 RCVD_IN_OPM_WINGATE    RBL: OPM: sender is open WinGate proxy

                            [219.133.167.190 listed in opm.blitzed.org]

 1.0 RCVD_IN_OPM            RBL: Received via a relay in opm.blitzed.org

                            [219.133.167.190 listed in opm.blitzed.org]

 0.7 RCVD_IN_SORBS_MISC     RBL: SORBS: sender is open proxy server

                            [219.133.167.190 listed in dnsbl.sorbs.net]

 0.5 RCVD_IN_NJABL_PROXY    RBL: NJABL: sender is an open proxy

                            [219.133.167.190 listed in dnsbl.njabl.org]

 1.3 RCVD_IN_OPM_SOCKS      RBL: OPM: sender is open SOCKS proxy

                            [219.133.167.190 listed in opm.blitzed.org]

 1.0 RCVD_IN_OPM_HTTP_POST  RBL: OPM: sender is open HTTP POST proxy

                            [219.133.167.190 listed in opm.blitzed.org]

 0.1 RCVD_IN_SORBS          RBL: SORBS: sender is listed in SORBS

                            [219.133.167.190 listed in dnsbl.sorbs.net]

 0.1 RCVD_IN_NJABL          RBL: Received via a relay in dnsbl.njabl.org

                            [219.133.167.190 listed in dnsbl.njabl.org]

                            [144.135.24.78 listed in dnsbl.njabl.org]

 1.2 RCVD_IN_NJABL_SPAM     RBL: NJABL: sender is confirmed spam source

                            [144.135.24.78 listed in dnsbl.njabl.org]

 1.2 RCVD_IN_SORBS_SOCKS    RBL: SORBS: sender is open SOCKS proxy server

                            [219.133.167.190 listed in dnsbl.sorbs.net]

 0.7 RCVD_IN_DSBL           RBL: Received via a relay in list.dsbl.org

                            [<http://dsbl.org/listing?ip=219.133.167.190>]

 1.5 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net

             [Blocked - see <http://www.spamcop.net/bl.shtml?219.133.167.190>]

 0.1 RCVD_IN_RFCI           RBL: Sent via a relay in ipwhois.rfc-ignorant.org

                            [Inaccurate or missing WHOIS data]

 1.2 HTML_MIME_NO_HTML_TAG  HTML-only message, but there is no HTML tag

 0.1 CLICK_BELOW            Asks you to click below

 1.2 PRIORITY_NO_NAME       Message has priority setting, but no X-Mailer

 1.1 MIME_HTML_ONLY_MULTI   Multipart message only has text/html MIME parts

----8<---- snip -----

```

 Inspect the output, in my case a very spammy spam.  It contains a report of what rules were triggered and their weight.  This will probably reveal why the message was not treated as spam.  If you can't see a reason then post the report section here.

----------

## trossachs

Thanks for this Chris as I had no idea how to feed into into SA until your good example. The prob I have is that I have looked at the msg id of a particular spam message:

```

93591025209257.53885.14200891@incapacitate-q35.aol.com

```

But I cannot find this id within the maildir/cur of the directory itself. How do I marry the two together in order to input this info into SA?

----------

## trossachs

OK, I have isolated a spam msg in a separate maildir and put the id within /cur into SA as per your example. The output is simply gumpf and not the detailed SA report that your example demonstrated.

Such as:

```

Subject: Buy XÀnax now.

Date: Wed, 17 Mar 2004 23:45:36 +0100 EST

Message-ID: <93591025209257.53885.14200891@incapacitate-q35.aol.com>

Mime-Version: 1.0

Content-Type: multipart/alternative;

        boundary="--248666209424937962"

X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on

        mail.foo.co.uk

X-Spam-Level: ***

X-Spam-Status: No, hits=3.1 required=5.0 tests=BIZ_TLD,DATE_IN_PAST_06_12,

        HTML_60_70,HTML_FONTCOLOR_BLUE,HTML_IMAGE_RATIO_06,HTML_MESSAGE,

        PYZOR_CHECK,SUBJ_BUY autolearn=no version=2.60

----248666209424937962

Content-Type: text/plain;

<!--

mayoral angelo dictionary inveigle nowise thirst asexual keystone bema daydream usurious dandel

on lion raul towel countryman chatham bled duplex roomful relict conduit behest oblivious quadr

lateral skippy doctrinal  float polygon emboss bogging geneva maggie telekinesis hong rutledge

aston stochastic sacrament buckshot broad edwards motivate intrepid rune astronaut bucknell dec

mal carabao anion raid commissariat lest wells anita blush

!-->

```

SA is deffinately running but I am unable to replicate your own report. Spam threshold has already been reduced to 5.0.

----------

## Chris W

Hmm, I have a standard Spam Assassin 2.63 install from portage.   No changes in configuration files, no local config etc.  Perhaps you only get the detailed report on items identified as spam.

Try running with a -t option.

----------

## trossachs

OK results as follows:

```

Content analysis details:   (3.1 points, 5.0 required)

 pts rule name              description

---- ---------------------- --------------------------------------------------

 0.9 SUBJ_BUY               'Subject' starts with Buy, Buying

 0.3 HTML_IMAGE_RATIO_06    BODY: HTML has a low ratio of text to image area

 0.1 HTML_60_70             BODY: Message is 60% to 70% HTML

 0.1 HTML_FONTCOLOR_BLUE    BODY: HTML font color is blue

 0.0 HTML_MESSAGE           BODY: HTML included in message

 0.8 BIZ_TLD                URI: Contains a URL in the BIZ top-level domain

 0.3 PYZOR_CHECK            Listed in Pyzor (http://pyzor.sf.net/)

 0.6 DATE_IN_PAST_06_12     Date: is 6 to 12 hours before Received: date

```

----------

## Chris W

It's just not very spammy.   You can use it to train the Bayes filter though: 

```
sa-learn --spam spam_file
```

 or one of the variations for processing whole directory trees shown elsewhere in this thread.  When it has 200 spams and 200 non-spams learnt, the Bayes filter will kick in.

----------

## trossachs

OK, I have looked thru the entire thread but can find no mention of how to use an entire maildir as a "learning post" for SA. How would I go about this?

What I would like to do is to point SA to a Junk maildir and have it analyse everything within it so that it knows how to identify spam and what to leave as is.

----------

## Chris W

 *Dr_Stein wrote:*   

> ie: sa-learn --spam --showdots --dir /home/vmail/blah.com/spam/.maildir (or whatever directory your spam is sitting in) 

 

----------

## trossachs

Apologies for this because I was about to delete the earlier post as I have been looking up this info on the SA website! Something very strange is happening, because even though I run the command:

```

sa-learn --spam --showdots

```

on a particular directory, I get the following error msg:

```

illegal network address given: '='

illegal network address given: '/etc/postfix/databases/network_table'

interrupted at /usr/lib/perl5/vendor_perl/5.8.2/Mail/SpamAssassin/CmdLearn.pm line 249.

```

The last line is where I have to exit. My "network_table" is a list of hosts permitted to send mail thru my server for smtp purposes. But why would SA throw out a spam learn process due to this?

I have gone thru the network_table file and removed one no longer serving ip addr. But everything else with postfix works and so I am reluctant to edit this file further.

----------

## Chris W

You need to specify the directory or file that sa-learn is to scan otherwise it sits waiting for email messages on standard input until you break it.   The error message I got when I broke mine was similar to yours.

If you were in the /etc/postfix/databases directory when you ran it like 

```
sa-learn --spam --showdots .
```

you'll have scanned your database files.   These files won't make much sense as e-mails  :Smile: 

Incidently, the --dir option is no longer needed in SA 2.6.3 but it may be in 2.6.0.

----------

## trossachs

That's strange. Because I actually cd'd into the Spam directory and then ran the command. I have used your suggestion and it appears to have worked. 

With your own setup, does SA transfer Spam to a separate directory, or does it remove it from the mail syytem altogether before it enters your maildir's?

----------

## Chris W

SA just tags the spam with an extra set of headers.  It is delivered through to your mailbox.  I use procmail, setup as the local delivery agent for postfix, to move the mail to another directory on the basis of the tag.

----------

## trossachs

Yes I use Procmail also and will setup a recipe based on the subject line. 

Forgive me, but I may already have asked this question, but does SA update itself with new rule sets and are there net-wide black lists that SA will also reference itself against for new spam threats?

----------

## eztiger

http://wiki.apache.org/spamassassin/VirusScannerTypeUpdates

Spam Assassin rules are updated when Spam Assassin is...so you just need to keep your installed version of spam assassin up to date!

Kev

----------

## trossachs

Mmmmmmmmmmmm! SA must bring out regular revisions of near enough the same software then.

----------

## eztiger

Not really, from what I can see there is usually a substantial period of time between releases as they need to test any new rules / re weight the scores of the other rules accordingly.

As stated in the URL previously, it doesn't work in the same way as  Virus scanner...spam assassin uses rules to identify potential spam...rather than (for example) storing an md5 hash of every known spam email (in which case rule updates would probably work like a virus scanner....but its a terrible way to handle spam!) think of it more like the heuristics mode of a Virus Scanner.

Kev

----------

## trossachs

SA recommend that I should set my 'required_hits' to 5.0:

```

required_hits           5.0

rewrite_subject         1

subject_tag             [-SPAMMERS_ABOUT-]

report_safe             1

use_terse_report        0

use_bayes               1

auto_learn              1

skip_rbl_checks         0

use_razor2              1

use_dcc                 1

use_pyzor               1

ok_languages            en

ok_locales              en

```

The problem comes however when a lot of spam mail comes in at a lower figure:

```

x-spam-checker-version:   SpamAssassin 2.63 (2004-01-11) on localhost.foo.co.uk  

x-spam-level:   ***  

x-spam-status:   No, hits=3.9 required=5.0 tests=BAYES_70,BIZ_TLD, DATE_IN_PAST_06_12,HTML_MESSAGE,MANY_EXCLAMATIONS autolearn=no version=2.63  

```

At which point is SA triggered into action to start marking my mail with the flag listed above? I have been adjusting the 'required_hits' flag in either direction but nothing seems to happen. I have also 'learned' all my --spam and --ham mail and placed them in different maildirs. Have I left anything out?Last edited by trossachs on Fri Mar 19, 2004 11:02 am; edited 1 time in total

----------

## asimon

 *JulesF wrote:*   

> I have also 'learned' all my --spam and --ham mail and placed them in different maildirs. Have I left anything out?

 

With how many ham and spam mails did you train the bayesian filter? At the very least it should be 200 of each at a minimum or the filter will be not active at all. It's efficiency growth with your taining. The spam in you example only hits BAYES_70, which means that the Bayesian filter is only about 70% sure that the mail contains spam.

I have no idea why changing required_hits has no effect for you. Maybe you change the value in the system wide local.cf and the user still has required_hits 5.0 in his local user_prefs?

----------

## trossachs

Well the --spam filter has been trained with 329 messages, as below:

```

$ sa-learn --spam --showdots -D -- dir /home/usr/maildir/.SPAMMERS_BEWARE/cur

Learned from 2 message(s) (329 message(s) examined).

debug: bayes: 5095 untie-ing

debug: bayes: 5095 untie-ing db_toks

debug: bayes: 5095 untie-ing db_seen

debug: bayes: files locked, now unlocking lock

debug: unlock: 5095 unlink /home/usr/.spamassassin/bayes.lock

```

And the --ham filter has been trained with 1878 messages, as below:

```

$ sa-learn --ham --showdots -D -- dir /home/usr/maildir/.Romans/cur

Learned from 0 message(s) (1878 message(s) examined).

debug: bayes: 5105 untie-ing

debug: bayes: 5105 untie-ing db_toks

debug: bayes: 5105 untie-ing db_seen

debug: bayes: files locked, now unlocking lock

debug: unlock: 5105 unlink /home/usr/.spamassassin/bayes.lock

```

So as you can see, there have been ample instances for Bayes to learn about my setup. I have just taken your advice and corrected the local .spamassassin/user_prefs file which had most of the detail commented out including the 'required_hits.' This now sits at 5.

We will have to see in the next few hours what transpires. What difference does it make in my .procmailrc file if after the statement:

```

:0fw: spamassassin.lock

*<256000

```

SA references to:

```

|/usr/bin/spamassassin

```

or should it be

```

|/usr/bin/spamd - or - spamc

```

Is one method more efficient than the other?

----------

## trossachs

The actual Bayes score has increased overnight with this spam msg:

```

x-spam-checker-version:   SpamAssassin 2.63 (2004-01-11) on localhost.foo.co.uk  

x-spam-level:     

x-spam-status:   No, hits=-0.5 required=5.0 tests=BAYES_99,HABEAS_SWE, HTML_MIME_NO_HTML_TAG,MIME_HTML_NO_CHARSET,MIME_HTML_ONLY autolearn=no version=2.63  

```

How do I 'switch-on' the autolearn feature, I thought it was already activated?

----------

## asimon

 *JulesF wrote:*   

> 
> 
> How do I 'switch-on' the autolearn feature, I thought it was already activated?

 

According to perldoc Mail::SpamAssassin::Conf with

```
bayes_auto_learn 1
```

It's on per default. But also note

```
bayes_auto_learn_threshold_nonspam n.nn (default: 0.1)

     The score threshold below which a mail has to score, to be fed into SpamAssassin's learning systems automatically

     as a non-spam message.

bayes_auto_learn_threshold_spam n.nn    (default: 12.0)

     The score threshold above which a mail has to score, to be fed into SpamAssassin's learning systems automatically

     as a spam message.

```

Thus only messages with very high (>=12) or very low (<=0.1) scores will autolearn. Of course those thresholds can be changed.

I nearly never get spam messages with sorces as high as 12, most are around 8. Thus it nearly never happens here that a spam message will be autolearned. Only my ham messages get autolearned regulary. But because I run a daily sa-learn I never bothered to change the auto_learn_thresholds. At the end of the day all messages in my spam folder get learned anyway.

EDIT: Oops, I just saw that the actual score in your example was -0.5, thus it should have been autolearned as ham. Try putting "bayes_auto_learn 1" into your config file. Maybe the the documentation if wrong in regard to the default. I have bayes_auto_learn 1 in my config and messages with negative score get autolearned.Last edited by asimon on Fri Mar 19, 2004 11:59 am; edited 2 times in total

----------

## asimon

 *JulesF wrote:*   

> What difference does it make in my .procmailrc file if after the statement:
> 
> ```
> 
> :0fw: spamassassin.lock
> ...

 

```
|/usr/bin/spamd
```

 is wrong. Asside from /usr/bin/spamassasin only /usr/bin/spamc will work. spamc is a small client to connect to spamd. Thus if you use spamc in your procmailrc you should make sure that spamd is started (i.e. add /etc/init.d/spamd to you default runlevel). The difference is messured in system resources. Everytime /usr/bin/spamassassin is called an instance of perl is called and then closed again. This costs time, especially if you check many mails. spamd is a daemon which runs persitently and spamc is a small c program which connects to spamd. Thus with this client/server setup there is no need to constantly create a new perl instance for every single mail because spamd is already running. Thus is you want to save some processing time run spamd/spamc instead of spamassassin. But also note that spamd sits with around 20MB in memory. If you call spamc but no spamd is running the mail will get put through without being scanned, it will not get lost.

----------

## trossachs

Spamd running with spamc seems the most resource effective option. One thing I have just thought about. I always thought that SA would automatically use Bayes within its operation. Correct the stupid thought but, do I also need to emerge net-mail/spambayes to work in conunction with SA in order for this to work?

I say this because in your earlier post:

 *Quote:*   

> 
> 
> According to perldoc Mail::SpamAssassin::Conf with 
> 
> ```
> ...

 

I can find no such conf file other than the local.cf held under /etc/mail/spamassassin. And I have just emerge -s bayes and found this this is not loaded on my system.

----------

## asimon

 *JulesF wrote:*   

> Spamd running with spamc seems the most resource effective option.

 

If you run it on some small notebook with not much memory and only a couple of mails a day, /usr/bin/spamassassin can be more resource effective.   :Wink: 

 *Quote:*   

> Correct the stupid thought but, do I also need to emerge net-mail/spambayes to work in conunction with SA in order for this to work?

 

No spambayes has nothing to do with SpamAssassin. It's an other Bayesian filter, there are many other Byesian filters. SpamAssassin comes with it's own Bayesian filter, which is already included and installed if you emerged Mail-SpamAssassin.

 *Quote:*   

> 
> 
> According to perldoc Mail::SpamAssassin::Conf with 
> 
> ```
> ...

 

I can find no such conf file other than the local.cf held under /etc/mail/spamassassin. And I have just emerge -s bayes and found this this is not loaded on my system.[/quote]

SpamAssassin uses two configuration files: A system-wide on under /etc/mail/spamassassin/local.conf and every single user has a private one too under $HOME/.spamassassin/user_prefs. The second one is were I do my configuration. If a user calls spamassassin or spamc a $HOME/.spamassassin/user_prefs file should be created automatically if it doesn't already exist.

'perldoc Mail::SpamAssassin::Conf' shows you all the configuration possibilities. 'bayes_auto_learn' is just one such configuration option (to put the autolearn feature on/off) you can put into /etc/mail/spamassassin/local.conf or $HOME/.spamassassin/user_prefs.

----------

## trossachs

Well good news! SA seems to be working as it is marking 'learned' spam mail with the subject header that I printed. Thanks for all of your collective efforts and sugestions; they have been much appreciated.

----------

