# SpamAssassin not check mail with bayes rules



## ORTO-DOX (Nov 12, 2013)

Guys, please help me!

I've read a number of articles about a FreeBSD + Postfix + Dovecot + Amavisd + Clamav + SpamAssassin system. And with those materials I set up a mail server and I have two mailboxes (which I fill manually with IMAP): spam@dom.ru (about 600 mails) and clean@dom.ru (about 1000 mails). And every week I teach SpamAssassin with those mailboxes:

```
#!/bin/sh
DIR=/var/spool/mail/dom.ru
sa-learn --clear
sa-learn --spam ${DIR}/spam@dom.ru/cur/*S{a,}
sa-learn --ham ${DIR}/clean@dom.ru/cur/*S{a,}
sa-update
```
But as I see SpamAssassin does not check mail with rules from learned mailboxes. I think that because:

 All new similar messages which I move into the spam@ box and teach SA with are not being marked as spam.
 In spamalert-mails I have not found any BAYES_xx header, only standard statistical, online and RBL checks like[... (something missing? -- mod.)]


```
3.5 HELO_DYNAMIC_SPLIT_IP  Relay HELO'd using suspicious hostname (Split
                             IP)
  0.0 TVD_RCVD_IP            TVD_RCVD_IP
  3.3 RCVD_IN_PBL            RBL: Received via a relay in Spamhaus PBL
                             [85.136.177.149 listed in zen.spamhaus.org]
  0.4 RCVD_IN_XBL            RBL: Received via a relay in Spamhaus XBL
  1.3 RCVD_IN_RP_RNBL        RBL: Relay in RNBL,
                             https://senderscore.org/blacklistlookup/
                            [85.136.177.149 listed in bl.score.senderscore.com]
  1.4 RCVD_IN_BRBL_LASTEXT   RBL: RCVD_IN_BRBL_LASTEXT
                             [85.136.177.149 listed in bb.barracudacentral.org]
  1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
               [Blocked - see
 <http://www.spamcop.net/bl.shtml?85.136.177.149>]
  1.4 PYZOR_CHECK            Listed in Pyzor (http://pyzor.sf.net/)
  0.0 RCVD_IN_SORBS_DUL      RBL: SORBS: sent directly from dynamic IP address
                             [85.136.177.149 listed in dnsbl.sorbs.net]
  0.8 RCVD_IN_SORBS_WEB      RBL: SORBS: sender is an abusable web server
  1.0 RDNS_DYNAMIC           Delivered to internal network by host with
                             dynamic-looking rDNS
```
So, here are my config files:

```
[CMD]cat /usr/local/etc/postfix/master.cf | grep -v "^#"[/CMD]
smtp      inet  n       -       n       -       -       smtpd
smtps     inet  n       -       n       -       -       smtpd
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o content_filter=smtp-amavis:[127.0.0.1]:10026
pickup    fifo  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
tlsmgr    unix  -       -       n       1000?   1       tlsmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       n       -       -       smtp
relay     unix  -       -       n       -       -       smtp
        -o smtp_fallback_relay=
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
retry     unix  -       -       n       -       -       error
discard   unix  -       -       n       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
scache    unix  -       -       n       -       1       scache

dovecot   unix  -       n       n       -       -       pipe
  flags=DRhu user=virtual:virtual argv=/usr/local/libexec/dovecot/deliver -d ${recipient}

smtp-amavis unix - - n - 2 smtp
        -o smtp_data_done_timeout=1200
        -o smtp_send_xforward_command=yes
        -o disable_dns_lookups=yes
        -o max_use=20

127.0.0.1:10025 inet n - n - - smtpd
        -o content_filter=
        -o local_recipient_maps=
        -o relay_recipient_maps=
        -o smtpd_restriction_classes=
        -o smtpd_delay_reject=no
        -o smtpd_client_restrictions=permit_mynetworks,reject
        -o smtpd_helo_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o mynetworks_style=host
        -o mynetworks=127.0.0.0/8
        -o strict_rfc821_envelopes=yes
        -o smtpd_error_sleep_time=0
        -o smtpd_soft_error_limit=1001
        -o smtpd_hard_error_limit=1000
        -o smtpd_client_connection_count_limit=0
        -o smtpd_client_connection_rate_limit=0
        -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
```


```
[CMD]grep -v "^#" /usr/local/etc/amavisd.conf[/CMD]
use strict;
$MYHOME = '/var/amavis';
$mydomain = 'dom.ru';
$daemon_user = 'vscan';
$daemon_group = 'vscan';
$TEMPBASE = "$MYHOME/tmp";
$db_home = "$MYHOME/db";
$helpers_home = $MYHOME;
$pid_file = "$MYHOME/amavisd.pid";
$lock_file = "$MYHOME/amavisd.lock";
$ENV{TMPDIR} = $TEMPBASE;
$enable_db = 1;
$enable_global_cache = 1;
$forward_method = 'smtp:[127.0.0.1]:10025';
$notify_method = $forward_method;
$max_servers = 2;
$max_requests = 10;
$child_timeout= 20*60;
@local_domains_acl = (".");
$insert_received_line = 1;
$unix_socketname = "$MYHOME/amavisd.sock";
$inet_socket_port = [10024,10026];
@inet_acl = qw(127.0.0.1);
$DO_SYSLOG = 0;
$LOGFILE        = "/var/log/amavis.log";
$log_level = 0;
$log_recip_templ = undef;
$hdr_encoding = 'koi8-r';
$bdy_encoding = 'koi8-r';
$final_virus_destiny = D_DISCARD;
$final_banned_destiny = D_DISCARD;
$final_spam_destiny = D_DISCARD;
$final_bad_header_destiny = D_PASS;
$warnvirussender = 0;
$warnspamsender = 0;
$warnbannedsender = 0;
$warnbadhsender = 0;
$warnvirusrecip = 0;
$warnbannedrecip = 0;
$warnbadhrecip = 0;
$warn_offsite = 0;
$virus_admin = "virusalert\@$mydomain";
$spam_admin = "spamalert\@$mydomain";
$mailfrom_notify_admin = "virusalert\@$mydomain";
$mailfrom_notify_recip = "virusalert\@$mydomain";
$mailfrom_notify_spamadmin = "spamalert\@$mydomain";
$mailfrom_to_quarantine = 'virus or spam';
$QUARANTINEDIR = '/var/virusmails';
$virus_quarantine_method = 'local:virus-%i-%n';
$spam_quarantine_method = 'local:spam-%i-%n';
$virus_quarantine_to = 'virus-quarantine';
$spam_quarantine_to = 'spam-quarantine';
$X_HEADER_TAG = 'X-Virus-Scanned';
$X_HEADER_LINE = "by Amavisd-New and ClamAV at dom.ru";
$remove_existing_x_scanned_headers = 1;
$remove_existing_spam_headers = 1;
$sql_select_white_black_list = undef;
$recipient_delimiter = '+';
$localpart_is_case_sensitive = 0;
$MAXLEVELS = 14;
$MAXFILES = 1500;
$MIN_EXPANSION_QUOTA = 100*1024;
$MAX_EXPANSION_QUOTA = 300*1024*1024;
$MIN_EXPANSION_FACTOR = 5;
$MAX_EXPANSION_FACTOR = 500;
$virus_check_negative_ttl = 3*60;
$virus_check_positive_ttl = 30*60;
$spam_check_negative_ttl = 30*60;
$spam_check_positive_ttl = 30*60;
$bypass_decode_parts = 1;
$path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin';
$file = 'file';
$dspam = 'dspam';
@decoders = (
.....various decoders (short it for post not exceeds 12500 signs)
);
$sa_local_tests_only = 0;
$sa_mail_body_size_limit = 512*1024;
$sa_spam_modifies_subj = 1;
$sa_spam_subject_tag = '***SPAM*** ';
$sa_tag_level_deflt = 2;
$sa_tag2_level_deflt = 6;
$sa_kill_level_deflt = 8;
@av_scanners = (
['ClamAV-Clamd',
  \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"],
  qr/\bOK$/, qr/\bFOUND$/,
  qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
);
@av_scanners_backup = (
  ['ClamAV-ClamScan', 'clamscan',
  "--stdout --disable-summary -r --tempdir=$TEMPBASE {}", [0], [1],
  qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
);
@debug_sender_acl = ( "root\@$mydomain" );
$sa_debug = 1;
1;
dkim_key('dom.ru','default','/var/db/dkim/dom.ru-default.key.pem',g=>'*',h=>'sha256', k=>'rsa');
$enable_dkim_verification = 1;
$enable_dkim_signing = 1;
$interface_policy{'10026'} = 'ORIGINATING';
$policy_bank{'ORIGINATING'} = {
  originating => 1,
  smtpd_discard_ehlo_keywords => ['8BITMIME'],
  os_fingerprint_method => undef,
  bypass_banned_checks_maps => [1],
  bypass_header_checks_maps => [1],
  bypass_spam_checks_maps   => [1],
  virus_admin_maps => ["virusalert\@$mydomain"],
};
```


```
[CMD]grep -v "^#" /usr/local/etc/mail/spamassassin/local.cf[/CMD]
report_safe              0
ok_locales               en ru
trusted_networks         127. 192.168.3. 192.168.4. 192.168.5. 192.168.6. 192.168.7. 192.168.12.
use_pyzor                1
use_razor2               1
skip_rbl_checks          0
dns_available            yes
use_bayes                1
use_bayes_rules          1
bayes_auto_learn         0
auto_whitelist_factory   Mail::SpamAssassin::SQLBasedAddrList
user_awl_dsn             DBI:mysql:spamass:localhost
user_awl_sql_username    spamass
user_awl_sql_password    PASS_PASS_PASS
bayes_store_module       Mail::SpamAssassin::BayesStore::SQL
bayes_sql_dsn            DBI:mysql:spamass:localhost
bayes_sql_username       spamass
bayes_sql_password       PASS_PASS_PASS
user_scores_dsn          DBI:mysql:spamass:localhost
user_scores_sql_username spamass
user_scores_sql_password PASS_PASS_PASS
```


```
[CMD]grep -v "^#" /usr/local/etc/mail/spamassassin/init.pre[/CMD]
loadplugin Mail::SpamAssassin::Plugin::URIDNSBL
loadplugin Mail::SpamAssassin::Plugin::Hashcash
```


```
[CMD]grep -v "^#" /usr/local/etc/mail/spamassassin/v310.pre[/CMD]
loadplugin Mail::SpamAssassin::Plugin::DCC
loadplugin Mail::SpamAssassin::Plugin::Pyzor
loadplugin Mail::SpamAssassin::Plugin::Razor2
loadplugin Mail::SpamAssassin::Plugin::SpamCop
loadplugin Mail::SpamAssassin::Plugin::AWL
loadplugin Mail::SpamAssassin::Plugin::AutoLearnThreshold
loadplugin Mail::SpamAssassin::Plugin::WhiteListSubject
loadplugin Mail::SpamAssassin::Plugin::MIMEHeader
loadplugin Mail::SpamAssassin::Plugin::ReplaceTags
```


```
[CMD]grep -v "^#" /usr/local/etc/mail/spamassassin/v320.pre[/CMD]
loadplugin Mail::SpamAssassin::Plugin::Check
loadplugin Mail::SpamAssassin::Plugin::HTTPSMismatch
loadplugin Mail::SpamAssassin::Plugin::URIDetail
loadplugin Mail::SpamAssassin::Plugin::Bayes
loadplugin Mail::SpamAssassin::Plugin::BodyEval
loadplugin Mail::SpamAssassin::Plugin::DNSEval
loadplugin Mail::SpamAssassin::Plugin::HTMLEval
loadplugin Mail::SpamAssassin::Plugin::HeaderEval
loadplugin Mail::SpamAssassin::Plugin::MIMEEval
loadplugin Mail::SpamAssassin::Plugin::RelayEval
loadplugin Mail::SpamAssassin::Plugin::URIEval
loadplugin Mail::SpamAssassin::Plugin::WLBLEval
loadplugin Mail::SpamAssassin::Plugin::VBounce
loadplugin Mail::SpamAssassin::Plugin::ImageInfo
```


```
[CMD]grep -v "^#" /usr/local/etc/mail/spamassassin/v330.pre[/CMD]
loadplugin Mail::SpamAssassin::Plugin::FreeMail
```


```
[CMD]sa-learn --dump magic[/CMD]
netset: cannot include 127.0.0.0/8 as it has already been included
0.000          0          3          0  non-token data: bayes db version
0.000          0        697          0  non-token data: nspam
0.000          0       1877          0  non-token data: nham
0.000          0     138647          0  non-token data: ntokens
0.000          0 1292224411          0  non-token data: oldest atime
0.000          0 1383840374          0  non-token data: newest atime
0.000          0          0          0  non-token data: last journal sync atime
0.000          0          0          0  non-token data: last expiry atime
0.000          0          0          0  non-token data: last expire atime delta
0.000          0          0          0  non-token data: last expire reduction count
```


----------



## ORTO-DOX (Nov 23, 2013)

*[Solved] SpamAssassin not check mail with bayes rules*

Solved problem on the SpamAssassin mailing list: HERE are discussion threads. In short: the problem was some problem with SQL server collation, and the problem was solved by migrating to Bayes DBM storage. 

Thanks!


----------

