So, in doing the first part of the below (adding use_bayes_rules) I spotted 
that in the debugs there was a tainting error in an eval of Spamassassin Logger 
module shortly after the bayes module initialised.

I removed -T from the beginning of amavisd and now I’m getting BAYES headers 
when amavisd runs spamassassin…

When I have a bit more time I’ll revert my change and try and track down what’s 
going on with the taint error since its less than ideal from a security 
perspective to just disable tainting!

> On 24 Nov 2016, at 16:09, Dino Edwards <dino.edwa...@mydirectmail.net> wrote:
> 
> Why don't you do the following.:
>  
> Edit your SA local.cf file and make sure the following lines are in it. NOTE 
> the bayes_path, set that to a directory of your choice. Please also note that 
> the last bayes of that path is NOT a directory but it’s simply the prefix of 
> that files in that directory (bayes_journal, bayes_seen, bayes_toks) but it 
> has to be set that way in local.cf in order for this to work. So, if you were 
> to use the path in my example, you would simply create the directory 
> /opt/sa-bayes/
>  
> #bayes
> bayes_path /opt/sa-bayes/bayes
> bayes_file_mode 0777
> use_bayes 1
> use_bayes_rules 1
> bayes_auto_learn 0
>  
>  
> What I would do next, is take the bayes files from your current bayes 
> directory and move them to that new directory you created. The new directory 
> should look like below. NOTE the amavis user is the owner of that directory, 
> you usually do that with chown -R amavis:amavis /opt/sa-bayes/
>  
> pwd
> /opt/sa-bayes
>  
> -------------------
>  
> ls -l
> total 4664
> -rw-rw-rw- 1 amavis amavis   36216 Nov 24 11:00 bayes_journal
> -rw-rw-rw- 1 amavis amavis  651264 Nov 16 09:15 bayes_seen
> -rw-rw-rw- 1 amavis amavis 5197824 Nov 24 10:33 bayes_toks
> -rw-r--r-- 1 amavis amavis    1869 Oct 30  2014 user_prefs
>  
> Hope it helps
>  
> Thanks
>  
>  
> --
>  
> Hermes Secure Email Gateway
> Hermes Secure Email Gateway combines Open Source technologies such as 
> Postfix, Apache SpamAssassin, ClamAV, Amavisd-new, MySQL and CipherMail under 
> one unified web based Web GUI for easy administration and management of your 
> incoming and ougoing email for your organization. Anti-spam, anti-virus and 
> anti-malware protection, encrypted S/MIME, encrypted PDF and SMTP TLS 
> support, built-in email archiving, end-user self-service web gui.
>  
> Download the free open-source appliance at:
> http://www.deeztek.com/hermes-secure-email-gateway/ 
> <http://www.deeztek.com/hermes-secure-email-gateway/>
>  
>  
> > -----Original Message-----
> > From: amavis-users [mailto:amavis-users-
> > bounces+dino.edwards=mydirectmail....@amavis.org 
> > <mailto:bounces+dino.edwards=mydirectmail....@amavis.org>] On Behalf Of Alex
> > Masidlover
> > Sent: Thursday, November 24, 2016 4:09 AM
> > To: amavis-users@amavis.org <mailto:amavis-users@amavis.org>
> > Subject: Amavisd and Bayes (again...)
> >
> > Hi,
> >
> > I'm currently being deluged with spam and have been trying to use BAYES
> > filters to try and get rid of some of it. I've made a lot of progress but 
> > am now
> > very stuck.
> >
> > I have go to the point where I have (temporarily) given the amavis user a
> > shell and when I run spamassassin on an email from the command line I
> > get:
> >
> > spamassassin -t </tmp/sample3.txt
> >
> > Content analysis details:   (7.4 points, 5.0 required)
> >
> >  pts rule name              description
> > ---- ---------------------- -----------------------------------------
> > ---------
> >  3.5 BAYES_99               BODY: Bayes spam probability is 99 to 100%
> >                             [score: 1.0000]
> >  1.8 REMOVE_BEFORE_LINK     BODY: Removal phrase right before a link
> >  0.2 BAYES_999              BODY: Bayes spam probability is 99.9 to 100%
> >                             [score: 1.0000]
> >  0.0 HTML_MESSAGE           BODY: HTML included in message
> >  1.1 DCC_CHECK              Detected as bulk mail by DCC (dcc-
> > servers.net)
> >  0.8 RDNS_NONE              Delivered to internal network by a host with no 
> > rDNS
> >
> > The debugs show:
> >
> > [Tue Nov 22 16:12:01] amavis@mta0 ~ $ spamassassin -D -t
> > </tmp/sample3.txt 2>&1 | grep -i bayes Nov 22 16:12:10.355 [10336] dbg:
> > plugin: loading Mail::SpamAssassin::Plugin::Bayes from @INC Nov 22
> > 16:12:10.603 [10336] dbg: config: fixed relative path:
> > /var/lib/spamassassin/3.004000/updates_spamassassin_org/23_bayes.cf
> > Nov 22 16:12:10.603 [10336] dbg: config: using
> > "/var/lib/spamassassin/3.004000/updates_spamassassin_org/23_bayes.cf"
> > for included file
> > Nov 22 16:12:10.603 [10336] dbg: config: read file
> > /var/lib/spamassassin/3.004000/updates_spamassassin_org/23_bayes.cf
> > Nov 22 16:12:11.594 [10336] dbg: plugin:
> > Mail::SpamAssassin::Plugin::Bayes=HASH(0x27d2868) implements
> > 'learner_new', priority 0 Nov 22 16:12:11.595 [10336] dbg: bayes:
> > learner_new self=Mail::SpamAssassin::Plugin::Bayes=HASH(0x27d2868),
> > bayes_store_module=Mail::SpamAssassin::BayesStore::DBM
> > Nov 22 16:12:11.609 [10336] dbg: bayes: learner_new: got
> > store=Mail::SpamAssassin::BayesStore::DBM=HASH(0x2fa76c8)
> > Nov 22 16:12:11.609 [10336] dbg: plugin:
> > Mail::SpamAssassin::Plugin::Bayes=HASH(0x27d2868) implements
> > 'learner_is_scan_available', priority 0 Nov 22 16:12:11.613 [10336] dbg: 
> > bayes:
> > tie-ing to DB file R/O /var/amavis/.spamassassin/bayes_toks
> > Nov 22 16:12:11.614 [10336] dbg: bayes: tie-ing to DB file R/O
> > /var/amavis/.spamassassin/bayes_seen
> > Nov 22 16:12:11.614 [10336] dbg: bayes: found bayes db version 3 Nov 22
> > 16:12:13.528 [10336] dbg: bayes: untie-ing
> >
> > However, when the same email was received through amavsid-new it
> > received the following headers:
> >
> > X-Virus-Scanned: amavisd-new at zednax.com
> > X-Spam-Flag: NO
> > X-Spam-Score: 3.962
> > X-Spam-Level: ***
> > X-Spam-Status: No, score=3.962 tagged_above=0 required=4
> >  tests=[DCC_CHECK=1.1, HTML_MESSAGE=0.001, RDNS_NONE=1.274,
> >  REMOVE_BEFORE_LINK=1.587] autolearn=no autolearn_force=no
> >
> > I start amavisd in screen with debugs on as the same user; the debugs from
> > amavisd show:
> >
> > Nov 22 15:55:46.359 mta0.zednax.com /usr/sbin/amavisd[7630]: SA dbg:
> > plugin: loading Mail::SpamAssassin::Plugin::Bayes from @INC Nov 22
> > 15:55:46.569 mta0.zednax.com /usr/sbin/amavisd[7630]: SA dbg:
> > config: fixed relative path:
> > /var/lib/spamassassin/3.004000/updates_spamassassin_org/23_bayes.cf
> > Nov 22 15:55:46.569 mta0.zednax.com /usr/sbin/amavisd[7630]: SA dbg:
> > config: using
> > "/var/lib/spamassassin/3.004000/updates_spamassassin_org/23_bayes.cf"
> > for included file
> > Nov 22 15:55:46.569 mta0.zednax.com /usr/sbin/amavisd[7630]: SA dbg:
> > config: read file
> > /var/lib/spamassassin/3.004000/updates_spamassassin_org/23_bayes.cf
> > Nov 22 15:55:47.565 mta0.zednax.com /usr/sbin/amavisd[7630]: SA dbg:
> > plugin: Mail::SpamAssassin::Plugin::Bayes=HASH(0x55e7a00) implements
> > 'learner_new', priority 0 Nov 22 15:55:47.566 mta0.zednax.com
> > /usr/sbin/amavisd[7630]: SA dbg:
> > bayes: learner_new
> > self=Mail::SpamAssassin::Plugin::Bayes=HASH(0x55e7a00),
> > bayes_store_module=Mail::SpamAssassin::BayesStore::DBM
> > Nov 22 15:55:47.566 mta0.zednax.com /usr/sbin/amavisd[7630]: SA dbg:
> > bayes: learner_new: got
> > store=Mail::SpamAssassin::BayesStore::DBM=HASH(0x5b102c8)
> > Nov 22 15:55:47.566 mta0.zednax.com /usr/sbin/amavisd[7630]: SA dbg:
> > plugin: Mail::SpamAssassin::Plugin::Bayes=HASH(0x55e7a00) implements
> > 'learner_is_scan_available', priority 0 Nov 22 15:55:47.566 mta0.zednax.com
> > /usr/sbin/amavisd[7630]: SA dbg:
> > bayes: tie-ing to DB file R/O /var/amavis/.spamassassin/bayes_toks
> > Nov 22 15:55:47.567 mta0.zednax.com /usr/sbin/amavisd[7630]: SA dbg:
> > bayes: tie-ing to DB file R/O /var/amavis/.spamassassin/bayes_seen
> > Nov 22 15:55:47.567 mta0.zednax.com /usr/sbin/amavisd[7630]: SA dbg:
> > bayes: found bayes db version 3
> > Nov 22 15:55:49.089 mta0.zednax.com /usr/sbin/amavisd[7630]: SA dbg:
> > plugin: Mail::SpamAssassin::Plugin::Bayes=HASH(0x55e7a00) implements
> > 'learner_close', priority 0 Nov 22 15:55:49.089 mta0.zednax.com
> > /usr/sbin/amavisd[7630]: SA dbg:
> > bayes: untie-ing
> > Nov 22 15:55:49.089 mta0.zednax.com /usr/sbin/amavisd[7630]: SA dbg:
> > plugin: Mail::SpamAssassin::Plugin::Bayes=HASH(0x55e7a00) implements
> > 'prefork_init', priority 0 Nov 22 15:55:49.090 mta0.zednax.com
> > /usr/sbin/amavisd[7630]:
> > SpamAssassin loaded plugins: AskDNS, AutoLearnThreshold, Bayes,
> > BodyEval, Check, DCC, DKIM, DNSEval, FreeMail, HTMLEval, HTTPSMismatch,
> > HeaderEval, ImageInfo, MIMEEval, MIMEHeader, Pyzor, Razor2, RelayEval,
> > ReplaceTags, SpamCop, URIDetail, URIEval, VBounce, WLBLEval,
> > WhiteListSubject Nov 22 15:55:49.104 mta0.zednax.com
> > /usr/sbin/amavisd[7649]: SA dbg:
> > plugin: Mail::SpamAssassin::Plugin::Bayes=HASH(0x55e7a00) implements
> > 'spamd_child_init', priority 0
> >
> > at startup, then when processing the message:
> >
> > Nov 22 16:08:37.091 mta0.zednax.com /usr/sbin/amavisd[9727]: SA dbg:
> > plugin: Mail::SpamAssassin::Plugin::Bayes=HASH(0x55e7a00) implements
> > 'spamd_child_init', priority 0 Nov 22 16:08:37.223 mta0.zednax.com
> > /usr/sbin/amavisd[9727]: (09727-01) SA dbg: bayes: tie-ing to DB file R/O
> > /var/amavis/.spamassassin/bayes_toks
> > Nov 22 16:08:37.224 mta0.zednax.com /usr/sbin/amavisd[9727]: (09727-01)
> > SA dbg: bayes: tie-ing to DB file R/O /var/amavis/.spamassassin/bayes_seen
> > Nov 22 16:08:37.224 mta0.zednax.com /usr/sbin/amavisd[9727]: (09727-01)
> > SA dbg: bayes: found bayes db version 3
> >
> > I'm even seeing debugs that show amavisd learning messages it detects as
> > spam (using non-bayes rules):
> >
> > Nov 22 16:07:40.228 mta0.zednax.com /usr/sbin/amavisd[9064]: (09064-11)
> > SA dbg: locker: safe_lock: created
> > /var/amavis/.spamassassin/bayes.lock.mta0.zednax.com.9064
> > Nov 22 16:07:40.228 mta0.zednax.com /usr/sbin/amavisd[9064]: (09064-11)
> > SA dbg: locker: safe_lock: trying to get lock on
> > /var/amavis/.spamassassin/bayes with 0 retries Nov 22 16:07:40.228
> > mta0.zednax.com /usr/sbin/amavisd[9064]: (09064-11) SA dbg: locker:
> > safe_lock: link to
> > /var/amavis/.spamassassin/bayes.lock: link ok Nov 22 16:07:40.229
> > mta0.zednax.com /usr/sbin/amavisd[9064]: (09064-11) SA dbg: bayes: tie-ing
> > to DB file R/W /var/amavis/.spamassassin/bayes_toks
> > Nov 22 16:07:40.229 mta0.zednax.com /usr/sbin/amavisd[9064]: (09064-11)
> > SA dbg: bayes: tie-ing to DB file R/W /var/amavis/.spamassassin/bayes_seen
> > Nov 22 16:07:40.230 mta0.zednax.com /usr/sbin/amavisd[9064]: (09064-11)
> > SA dbg: bayes: found bayes db version 3 Nov 22 16:07:40.396
> > mta0.zednax.com /usr/sbin/amavisd[9064]: (09064-11) SA dbg: bayes:
> > learned '3cbcccb5747f8488582ac93a965e6c8590b465c2@sa_gen
> > erated', atime: 1479830854
> >
> > Having read numerous threads of admins with similar issues I expect it will
> > come down to permissions, but I've tried 0666 and 0777 as the file mode. The
> > options currently set in the spamassassin config are:
> >
> > skip_rbl_checks         0
> > use_bayes 1
> > auto_learn 0
> > bayes_path /var/amavis/.spamassassin/bayes bayes_file_mode 0777
> > bayes_auto_expire 0
> >
> > The directory looks like:
> >
> > [Wed Nov 23 09:13:55] mta0 ~ # ls -la /var/amavis/.spamassassin/*
> > -rw-rw-rw- 1 amavis amavis        22 Nov 22 16:19
> > /var/amavis/.spamassassin/bayes.lock
> > -rw-rw-rw- 1 amavis amavis      2200 Nov 23 09:14
> > /var/amavis/.spamassassin/bayes.lock.mta0.zednax.com.18174
> > -rwxrwxrwx 1 amavis amavis 167673856 Nov 22 16:19
> > /var/amavis/.spamassassin/bayes_seen
> > -rwxrwxrwx 1 amavis amavis   5382144 Nov 22 16:19
> > /var/amavis/.spamassassin/bayes_toks
> > -rwxrwxrwx 1 amavis amavis      1869 Nov 22 11:29
> > /var/amavis/.spamassassin/user_prefs
> >
> > And the magic dump looks like:
> >
> > [Wed Nov 23 09:14:14] mta0 ~ # sa-learn --username=amavis --dump magic
> > 0.000          0          3          0  non-token data: bayes db version
> > 0.000          0     387589          0  non-token data: nspam
> > 0.000          0     922763          0  non-token data: nham
> > 0.000          0     175867          0  non-token data: ntokens
> > 0.000          0 1478796541          0  non-token data: oldest atime
> > 0.000          0 1479831533          0  non-token data: newest atime
> > 0.000          0 1479831423          0  non-token data: last journal sync 
> > atime
> > 0.000          0 1479802087          0  non-token data: last expiry atime
> > 0.000          0          0          0  non-token data: last expire atime 
> > delta
> > 0.000          0          0          0  non-token data: last expire 
> > reduction count
> >
> > Any help would be appreciated before I drown in spam...
> >
> > --
> > Technical Director - Zednax Limited
> > W: http://www.zednax.com <http://www.zednax.com/>
> > T: +44 333 444 0160
> > F: +44 161 660 8010
> >
> > Zednax Limited is registered in England and Wales, Company no.
> > 05321754.
> > Registered address: Meadow House, Meadow Lane, Nottingham, NG2 3HS.
> > Zednax Limited is VAT registered, VAT registration no. GB 855 4468 92.

Reply via email to