Different results from spamassassin and spamc

Different results from spamassassin and spamc

I have installed and configured and trained my spamassassin and all seemed to work just fine.
Then when I tried to deploy it via spamc I get partial results.
Why is this happening?
I like spamc for the fact i can get it to output just the report but it seems to be missing checks: SPF, DKIM, BAYES.
I have not managed to figure it out or find any similar reports online.
This has been going on for days now and I am out of ideas.
spamassassin works:
# spamassassin -t < /path/to/spam.eml Content analysis details: (3.3 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 FSL_HELO_NON_FQDN_1 FSL_HELO_NON_FQDN_1 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) 0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60% [score: 0.5000] 0.5 MISSING_MID Missing Message-Id: header 0.0 HELO_NO_DOMAIN Relay reports its domain incorrectly 1.4 MISSING_DATE Missing Date: header spamc only partial: # spamc -R < /path/to/spam.eml Content analysis details: (1.5 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 FSL_HELO_NON_FQDN_1 FSL_HELO_NON_FQDN_1 0.1 MISSING_MID Missing Message-Id: header 0.0 HELO_NO_DOMAIN Relay reports its domain incorrectly 1.4 MISSING_DATE Missing Date: header

Solutions/Answers:

Solution 1:

I figured the same problem.

The bayes databases are saved in the home directory of the user which runs spamassassin:

bayes_path /path/filename   (default: ~/.spamassassin/bayes)
This is the directory and filename for Bayes databases. Several databases will be created, with this as the base directory and filename, with _toks, _seen, etc. appended to the base. The default setting results in files called ~/.spamassassin/bayes_seen, ~/.spamassassin/bayes_toks, etc.

By default, each user has their own in their ~/.spamassassin directory with mode 0700/0600. For system-wide SpamAssassin use, you may want to reduce disk space usage by sharing this across all users. However, Bayes appears to be more effective with individual user databases.
  • And here is the solution that worked for me:
Related:  centos 7.1 - error repository

According to this wiki: http://wiki.apache.org/spamassassin/SiteWideBayesSetup , I added in /etc/mail/spamassassin/local.cf the following two lines:

bayes_path /var/spamassassin/bayes_db/bayes
bayes_file_mode 0777

and I created the needed directory: /var/spamassassin/bayes_db/

Please note that the last “bayes” in the path is the prefix for the database files (bayes_journal, bayes_seen, etc.)

Ok, after I restared the spamassassin, nothing happened. No Bayes test yet. Hmm…

So, I copied the already created databases from /root/.spamassassin/* to /var/spamassassin/bayes_db

Update: It seems that I had to change the permissions to these 4 bayes_* files to 0666. Otherwise the autolearner will not save the new data. I don’t agree with 0666 permission, but I hope I will find another solution soon.

I ran another test in spamc and… I got the Bayes!! 🙂

Results for spamassassin

# spamassassin -t -D spf,dkim < /path/to/spam.eml

Content analysis details:   (8.2 points, 5.0 required)

 pts rule name              description
---- ---------------------- --------------------------------------------------
 3.5 BAYES_99               BODY: Bayes spam probability is 99 to 100%
                            [score: 1.0000]
 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
                [Blocked - see <http://www.spamcop.net/bl.shtml?141.146.5.61>]
 1.0 DATE_IN_PAST_12_24     Date: is 12 to 24 hours before Received: date
-0.0 SPF_PASS               SPF: sender matches SPF record
 1.3 TRACKER_ID             BODY: Incorporates a tracking ID number
 0.2 BAYES_999              BODY: Bayes spam probability is 99.9 to 100%
                            [score: 1.0000]
 0.0 HTML_MESSAGE           BODY: HTML included in message
 0.8 RDNS_NONE              Delivered to internal network by a host with no rDNS

Results for spamc:

# spamc -R  < /path/to/spam.eml

Content analysis details:   (8.2 points, 5.0 required)

 pts rule name              description
---- ---------------------- --------------------------------------------------
 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
                [Blocked - see <http://www.spamcop.net/bl.shtml?141.146.5.61>]
 3.5 BAYES_99               BODY: Bayes spam probability is 99 to 100%
                            [score: 1.0000]
 1.0 DATE_IN_PAST_12_24     Date: is 12 to 24 hours before Received: date
-0.0 SPF_PASS               SPF: sender matches SPF record
 1.3 TRACKER_ID             BODY: Incorporates a tracking ID number
 0.2 BAYES_999              BODY: Bayes spam probability is 99.9 to 100%
                            [score: 1.0000]
 0.0 HTML_MESSAGE           BODY: HTML included in message
 0.8 RDNS_NONE              Delivered to internal network by a host with no rDNS

Content analysis details:   (8.2 points, 5.0 required)
Related:  Deleting Files Permanently and Securely on CentOS

Solution 2:

If spamd is running under a dedicated user account, it will use the preferences found by that user and you can additionally have some access rights issues (e.g. that user not allowed to read a site-wide Bayes database).

You can also have options given to spamd that affects other behaviour (e.g. -L that disables DNS and network tests).

How are you running spamd? You can also run spamd with -D and see if anything interesting pops up.