Hi, i get lot of spam mails. I have installed latest ISP with amavis which is running. I added the realtime blackhole lists from spamcop and spamhouse. I noticed, that no spam tag is the mail header. i lowered the spam tag for normal rules to 4.4. i also run once a week sa-learn with not noticed spam mails from 3 mailboxes. Any idea to solve this?
I'd switch to rspamd and setup training of manually selected messages like you have been doing, though you should give it a good sample of both spam and ham to learn from, not just one category. Both spamassassin and rspamd will do better if you spend some time working on the configuration and enabling more features/rules/etc. You might check your dns resolution and ensure you're using a local caching resolver (not a shared dns server), or many rbl lookups will be blocked.
Hi Jesse, and thanks for your reply. I think for some time to switch to rspamd, i think i will do so. I found a tutorial here anywhere, i think i will have a closer look to that. As you say, its good to learn with spam and ham? I never learned spamassassin with ham. May this could be the problem? But why i do not see the spam tag in the mail header, any idea? I use the dns service from my domain registrar. Is there way to check if this could be the problem? Do you have any examples for more features? thx
It would be a problem; there is no "the" (ie. a single) problem when it comes to improving spam scanning, there are many parts which come in to play, most any of which could have problems, but no single one will "fix" a poorly performing scanner. Another common bayes problem is training the scanner as the wrong user (eg. train as 'root', but the scanner runs as 'amavis'). The tag is added when the message score is above the 'SPAM tag level' value; you would need to look up what policy the mailbox has in effect and see what that setting is, then you know that the message scored less than that. Probably your mail log will show you the rules which hit for all mail, regardless of the tag level and score. See what rules hit for the message, eg. URIBL_BLOCKED would indicate a dns resolution problem. Check the documentation, configure system-specific settings, read all the comments in the .pre files and enable/configure the various plugins, hit search engines for info (eg. the first result of "improve spamassassin accuracy" should be quite helpful). There are a lot of things which can be done, and many which should be. Running a mail system isn't an "install software and walk away" thing, it requires continual monitoring, updating and improving, and fixing issues as they arise. Some of that can be automated, some can't.
Thanks Jesse, i will consider this and read the more. One problem you mentioned is to use the root user to learn spam. I now tried it as sudo -u amavis sa-learn .... on the folder for spam learning in one mailbox, but i got permission denied. This makes sense, but how to you solve this? Forward to an special system mailbox? thx
There are several ways; I personally used a bindfs mount to remap user id's (via the train-spam-scanner script, if you want to use it).
