SpamAssassin bayesian score discrepancies

Posted by CaptSaltyJack on Server Fault See other posts from Server Fault or by CaptSaltyJack
Published on 2014-08-20T02:58:12Z Indexed on 2014/08/20 4:23 UTC
Read the original article Hit count: 425

Filed under:
|

This makes my brain hurt. For some reason, SpamAssassin is giving high scores to certain emails, but when I test them on the command line, they get a low score.

This one particular email has this in the header:

X-Spam-Flag: YES
X-Spam-Score: 8.521
X-Spam-Level: ********
X-Spam-Status: Yes, score=8.521 tagged_above=-9999 required=5
    tests=[BAYES_99=3.5, BAYES_999=0.2, HTML_MESSAGE=0.001,
    NO_RECEIVED=-0.001, NO_RELAYS=-0.001, RAZOR2_CF_RANGE_51_100=0.5,
    RAZOR2_CF_RANGE_E8_51_100=1.886, RAZOR2_CHECK=0.922,
    URIBL_RHS_DOB=1.514] autolearn=no

Yet when I dump the raw email into a file msg and run sudo su amavis -c 'spamassassin -t msg', I get this output:

Content analysis details:   (3.8 points, 5.0 required)

 pts rule name              description
---- ---------------------- --------------------------------------------------
 1.5 URIBL_RHS_DOB          Contains an URI of a new domain (Day Old Bread)
                            [URIs: cliobeads.com]
-1.0 ALL_TRUSTED            Passed through trusted hosts only via SMTP
 0.0 HTML_MESSAGE           BODY: HTML included in message
-0.0 BAYES_20               BODY: Bayes spam probability is 5 to 20%
                            [score: 0.1855]
 1.9 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
                            above 50%
                            [cf: 100]
 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
                            [cf: 100]
 0.9 RAZOR2_CHECK           Listed in Razor2 (http://razor.sf.net/)

I'm really confused as to why when the email comes in, it gets a completely different score attached to it than when I run spamassassin -t. Is there some other way I should be testing emails?

Also, my users have the ability to drag false positives into a folder called "False Positives," and every day a cron job fires off that runs this on every message in every user's folder:

sa-learn --dbpath=/var/lib/amavis/.spamassassin --ham /tmp/*-*.eml >/dev/null

I ran sudo locate bayes_toks and there's definitely only one bayes DB on the system, in /var/lib/amavis/.spamassassin. I'm clueless, any help would be great and may help restore my sanity!

© Server Fault or respective owner

Related posts about spamassassin

Related posts about amavis