On 8/2/23 14:32, Dave Funk wrote:
On Wed, 2 Aug 2023, Thomas Cameron via users wrote:
Wow! What a charming response! You must be a LOT of fun at parties,
and have lots of friends! <eyeroll>
Please don't feed the troll. There's a reason that Reindl is blocked
from this list.
I was not aware, and I apologize.
No, I did not get that response. I don't have any of those specific
spam to sample, as I have not gotten one today. But the last spam I
got that
slipped through SA had this score:
X-Spam-Status: No, score=-5.1 required=5.0
tests=BAYES_00,DEAR_SOMETHING,
DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,
HTML_MESSAGE,RCVD_IN_DNSWL_HI,RCVD_IN_MSPIKE_H2,RCVD_IN_PBL,
SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE shortcircuit=no
So nothing about any tests not working, or queries being rejected.
Nothing that looks like misconfiguration on my end. I am not saying
there are
no misconfigurations on my end, but if there are, it's not super
obvious to me.
The fact that you're getting BAYES_00 on that message indicates that
Bayes -really- thinks it's ham.
Given that you've trained multiple instances of this kind of message
to Bayes as spam but it still gets BAYES_00 score means one of two
things:
1) Either you've got thousands of instances of similar messages that
were learned as 'ham'
2) or the database that Bayes in your running SA instance is using is
not the same one that you were doing your training to.
This could be configuration issues or pilot error (using the wrong
identity when doing the training, training on the wrong machine, etc).
On your SA machine what does the output of "sa-learn --dump magic"
show you?
(IE how many nspam & nham tokens, what is the newest "atime", etc).
If careful config & log inspection doesn't give clues, try this
brute-force test.
Shut down your SA, move the directory containing your Bayes database
out of the way and create a new empty one.
("sa-learn --dump magic" should now show 0 tokens).
Then train a few ham & spam messages (only a dozen or so), recheck the
--dump magic to see that there are now some tokens in the database but
not too many.
Restart your SA and watch the log results. If there are fewer than 200
messages (both ham & spam) in your Bayes database then SA won't use
it, so make sure that's the case, your new database should be too
empty for SA to be willing to use it.
So if you -are- getting Bayes scores then that indicates that SA is
using some database other than what you think it has.
Now start manually training more messages (spam & ham). When you hit
the 200 count threashold Bayes scores should start showing up in your
logs.
Good luck.
Thank you very much. The message that slipped through today was NOT one
of the ones being discussed in this thread, it was a different format
and totally different message. I only included it to demonstrate that my
server was not being rejected for queries as the blocked user intimated.
I will dig deeper into the --magic and make sure I'm feeding Bayes with
spam and ham.
Thanks for your response, and again, I apologize for leaking that user's
garbage to the list. I was not aware that he was blocked.
--
Thomas