# SpamAssassin 2.63

## brownowl

Since I upgraded to SpamAssassin 2.63, very little spam appears to be being caught, and my bayes database seems to be being bypassed (not that it's easy to tell either way...). As I get around 600 spams a day personally, this is a major pain. I've had a really good look around, and can't see anything obvious. Anyone else having the same experience?

Cheers, Laurie.

----------

## BackSeat

Have a look at the headers and see why Spamassassin thinks they are spam. Are there any consistent reasons?

BS

----------

## brownowl

I think you misunderstand: very little that is clearly spam is being detected as such, not the other way round... Much less, in fact. I've even added a whole loads of rules from the web (referenced in a topic herein somewhere) and still stuff gets through. It seems to me that the ebuild is incomplete or something. Prior to this version, and indeed prior to these additional rules which are catching spam, much less spam got through.

Cheers, Laurie.

----------

## georwell

hmmm I am using it and it seems to be working.

----------

## brownowl

I did notice that in order for any scanning to happen after the upgrade,  I needed to restart amavisd. I've also restarted all mail and related security/access daemons, and don't want to reboot. I can't see why it's failing to pick up what it did happily before, even with the new rules added. 

Said new rules are being used, BTW, and where matches occur, spams are detected and flagged. it's just some obvious spam is coming up clean (hit = 0.0).

It'd be nice to be able to see if the bayes stuff is working, or even being referenced... (local.cf says it should be).

Cheers, Laurie.

----------

## Dr_Stein

That could be an issue with amavis, too - amavisd-new uses the spamassassin perl libraries instead of spamassassin itself. 

Might be affecting things.

I would join the spamassassin mailing list (the one at incubator.apache.org) and keep up with it - there's a LOT of stuff that you can do.  :Smile: 

----------

## funkmankey

I seem to recall you may have to migrate the bayes db between different versions of sa...I know that when my school upgraded sa, my procmail logs were full of complaints about the bayes db format and gave basically zero hits against bayes, until I ran some incantation of sa-learn or some such...

----------

## opty

I had the same problem like this man has. Solved by installing (updateing) some perl modules:

Both amavisd-new and SpamAssassin are written in perl and have a number of other perl modules as dependencies. Fortunately perl has a built-in way to download and install these modules. To start the perl command environment use the command: 

# perl -MCPAN -e shell 

This command will popup a little cpan>  prompt where you can enter commands. To install a module, type install followed by the module name (ex. install MIME::Words ). If you need help, type help. 

Here is a list of the modules required. Note that same may return saying they are up to date, so just move on to the next one. 

MD5 

LWP 

Mail::Internet 

Archive::Tar 

Archive::Zip 

IO::Wrap 

IO::Stringy 

Unix::Syslog 

MIME::Words 

MIME::Head 

MIME::Body 

MIME::Entity 

MIME::Parser 

Net::SMTP 

Net::DNS (when prompted to enable tests, choose no) 

Net::Ping 

Net::Server 

Net::Server::PreForkSimple 

Convert::TNEF 

Convert::UUlib 

MIME::Decoder::Base64 

MIME::Decoder::Binary 

MIME::Decoder::Gzip64 

MIME::Decoder::NBit 

MIME::Decoder::QuotedPrint 

MIME::Decoder::UU 

Time::HiRes 

Digest::SHA1 

Digest::Nilsimsa 

Getopt::Long 

File::Copy 

Bit::Vector 

Date::Calc 

After that Run the perl shell to install it using the command: 

# perl -MCPAN -e shell 

then type: 

install Mail::SpamAssassin 

The problem was that Mail::SpamAssassin perl module was 2.60 version (seen in logs then restarting amavisd-new).

Finally reemerge SpamAssassin 2.63, restart amavisd-new and go ahead  :Smile: .

----------

## Cabec2

I've the same problem here : since the upgrade to SA 2.63, Bayesian filters are  no longer used, and a lot of spam go through SA without being caught :/

before the update, all my emails had an header like this one (not a spam) :

```
X-Spam-Status:  No, hits=-4.9 tagged_above=-10.0 required=5.5 tests=BAYES_00
```

just after the update, headers changed (still not a spam) :

```
X-Spam-Status:  No, hits=0.0 tagged_above=-10.0 required=5.5 tests=
```

As you can see, Bayesian DB is ignored.

Today, I checked my whole mail system : SA is up to date according to CPAN and the logs from amavis, the Bayesian db has enough mail (I rebuilt it today to be sure), amavis, clamav & postfix have been restarted.

So everything seems to be fine, and identical to the previous setup, but the Bayesian filter is still ignored. Spam filters natively included in SA are working, example :

```
X-Spam-Status:  No, hits=1.0 tagged_above=-10.0 required=5.5 tests=HTML_50_60, HTML_MESSAGE, HTML_TAG_EXISTS_TBODY
```

I simply can't understand what is wrong :/

----------

## AresTheImpaler

ok.. so from what I been reading.. the bayesian (sp?) thing is turn on automatically? or is there any configuration? 

thanks

----------

## Cabec2

edit: omg, I forgot the second part, I should sleep more :p

erhm no.

If you want to use the bayesian db, you've 2 things to do :

1/ edit your /etc/mail/spamassassin/local.cf and add the lines you need. here's mine :

```
# SpamAssassin config file for version 2.5x

# generated by http://www.yrex.com/spam/spamconfig.php (version 1.01)

 

# How many hits before a message is considered spam.

required_hits           5.0

 

# Whether to change the subject of suspected spam

rewrite_subject         1

 

# Text to prepend to subject if rewrite_subject is used

subject_tag             ***SPAM***

 

# Encapsulate spam in an attachment

report_safe             0

 

# Use terse version of the spam report

use_terse_report        0

 

# Enable the Bayes system

use_bayes               1

 

# Enable Bayes auto-learning

auto_learn              0

 

# Enable or disable network checks

skip_rbl_checks         1

use_razor2              0

use_dcc                 0

use_pyzor               0

 

# Mail using languages used in these country codes will not be marked

# as being possibly spam in a foreign language.

# - english french

ok_languages            en fr

 

# Mail using locales used in these country codes will not be marked

# as being possibly spam in a foreign language.

ok_locales              en fr

 

bayes_path /var/run/amavis/.spamassassin/bayes

```

Of coursse mine is customised to work with amavis, which explains the bayes_path.

Amavis also overrides some settings, like the required_hit score.

2/ You've to build the bayesian DB. in order to do so, put at least 200 unfiltered spam messages in one directory then do :

```
# cd spamdirectory

# sa-learn -D --spam *
```

SA will then learn from spam what to detect.

You can do the same with "ham" (normal authorized mails) :

```
# cd hamdirectory

# sa-learn -D --ham *

```

Once the db conains enough materials (at least 200 spams, and 200 hams too I think), SA will start to use it, according to use_bayes 1 in local.cf, and you'll begin to see BAYES_?? tests in the X-Spam-Status header of your mails (see my previuos message).

The problem is that since 2.63 upgrade, the whole bayesian thing seems to be ignored :/

This morning on 7 spams only one was detected :/

/me wants SA to work again :p

----------

## Dr_Stein

It has to learn - also, please see www.exit0.us and grab some additional rulesets. 

Pyzor & stuff can help too.. Check this out:

X-Spam-Flag: YES

X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on mailgate.pbp.net

X-Spam-Level: **************

X-Spam-Status: Yes, hits=14.4 required=4.5 tests=BAYES_99,FORGED_OUTLOOK_TAGS,

	HTML_50_60,HTML_IMAGE_ONLY_02,HTML_MESSAGE,J_CHICKENPOX_17,MRWIGGLY,

	PYZOR_CHECK autolearn=no version=2.63

X-Spam-Report: 

	*  0.6 J_CHICKENPOX_17 BODY: {1}Letter - punctuation - {7}Letter

	*  0.1 HTML_MESSAGE BODY: HTML included in message

	*  5.4 BAYES_99 BODY: Bayesian spam probability is 99 to 100%

	*      [score: 1.0000]

	*  0.1 HTML_50_60 BODY: Message is 50% to 60% HTML

	*  1.2 HTML_IMAGE_ONLY_02 BODY: HTML: images with 0-200 bytes of words

	*  3.5 PYZOR_CHECK Listed in Pyzor (http://pyzor.sf.net/)

	*  1.0 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format

	*  2.5 MRWIGGLY Mr. Wiggly enhance drug spam.

X-Virus-Scanned: by AMaViS 0.3.12

----------

## encieno

hmmm. i've used spamassassin for some time now... havent had any problems prior. i'm in the process of setting up my gentoo box to take over my current slack install... i've done everything listed here, and bayesian filtering is still not working. last time I had this problem during a spamassassin upgrade, had to upgrade DB_File as well. I've done that, as well as all the other modules, and have emerged spamassassin a few times now and its still not going. i migrated a fairly large bayes database to the new machine just to test, and have even tried from scratch, its not even touching the files.  anyone know of any other reason as to why it still isnt going?  will it only use the filtering once the database grows to a certain size? i had over 1000 or so emails fed through it.

thanks.

----------

## Cabec2

encieno : since it seems we are in the same situation, can you share your settings, so that we can compare them.. 

Ideally someone with a working SA would be welcome to do the same  :Smile: 

----------

## encieno

cabec2: oops, for some reason i thought you had yours solved, read again, nope, hehe. 

i'm actually running a fairly default setup. using libmilter in sendmail along with clamav also, both using milter. i've tried adding both the use_bayes and auto_learn in both local.cf and/or the individual user config. the only difference in this install, and my slack box, is that i'm now using spamd instead of the spamassassin binary... and my old install was just using a procmail and .forward to send it through spamassassin and sort it... hmmm.. im about to take the mitler stuff out and see if it'll use bayes that way. i really dont see why it would.. sort of lost, haha.

----------

## Cabec2

damn, no, my case isnt solved  :Smile: 

the whole bayesian part of SA is still ignored :p

----------

## encieno

hmmm, as much as a n00b i'd hate to say i'm not, i should have read the past few posts a little closer. running sa-learn -D is pretty  clear.

debug: bayes: Not available for scanning, only 0 ham(s) in Bayes DB < 200

sooo... i guess it needs to learn 200 hams as well, i had assumed that didnt matter for some reason. wonder why it continues to work on my other box... odd. time to go feed it some ham and see whats up next =]

----------

## encieno

hmmm, heh. i feel lame. it sure does wonders to read mailing lists and/or forums. after feeding madd amounts of spam and ham into the db, all works as planned. its odd though, im still curious as to how my slack box ran fine w/o adding so much ham to the db before hand. basically the same setup, except spamd running on my gentoo install, hmmm. oh well, fixed it so i dont really care =]

next time i WILL read stuff a tad closer, hehe.

----------

## Cabec2

erhm, happy to know that your problem was easy  :Smile: 

however I just checked my db (sa-learn -D --dump magic), and it contains 241 spams and 208 hams. According to those numbers, it should be used, but it's not :p

I've even no warnings telling me why it's ignored  :Smile: 

----------

## encieno

hmm, try adding a bit more maybe. i dumped about 800 or so in both of the db's... also make sure you restart spamd and spamass-milter<if your using milter, forgot>... i dont see why that would be required, but for some reason it took a restart for mine to kick in and start filtering.....hmmm., other than that, i really dont know what could be up with it. odd. when you run sa-learn -D --spam <whatever mail> is it giving any errors at the top? i noticed that line at the top of mine, saying that there werent enough ham available to do any type of scanning...

----------

## Cabec2

omg, I found the answer  :Smile: 

during the 2.60 > 2.63 upgrade, the db was destroyed for an obscure reason.

When I rebuilt it, I did it under root account, while spamassassin is called by amavis pseudo user in my mail circuit. a simple chown, and everything goes well :p

anyway thx encieno for suggestins :p

----------

## encieno

haha.. sweet. now all of us 'n00b's can go on about getting some massive posting done to get a new status =]

----------

