I've recently switched from running spamd on our mail server machine, where all users have direct access to their SA config in their home directory, to running spamd on a second machine and using --virtual-config-dir for user configuration. (SA 3.1.1)
One side-effect of this was that the bayes databases couldn't be ported and had to be retrained. Fortunately we keep an archive of the last few days' filtered spam, so between that and the contents of the inbox there was plenty of fodder for "spamc -L". The only problem this has posed is that there's no convenient way for users to modify entries in the auto-whitelist file. Some spam (mostly mortgage offers with obfuscated text) that came in before bayes was retrained got scored low, and consequently the AWL scores are pulling the total score for new spam from the same source back down below the 5.0 threshold in spite of it hitting BAYES_90 and above. I've resorted to deleting the auto-whitelist files from the virtual config dir when someone notices this effect, but that's hardly a scalable solution. (Someone remind me why the spamd option to disable the auto-whitelist was dropped? I could instead "chmod 0" the auto-whitelist file, I suppose, but then the maillog is cluttered with extra warning output, and it's still not scalable.) Is there another approach I don't know about? I'll repeat a suggestion that I made once before, which is that sa-learn (or spamd TELL) should delete auto-whitelist entries when the learning state of a message flips from ham to spam (or the reverse).
