BAYES_00 is killing me

Glenn Steen glenn.steen at gmail.com
Mon Jun 16 23:16:14 IST 2008 

2008/6/16 Devon Harding <devonharding at gmail.com>:
>
>
> On Mon, Jun 16, 2008 at 4:12 PM, Glenn Steen <glenn.steen at gmail.com> wrote:
>>
>> 2008/6/16 Devon Harding <devonharding at gmail.com>:
>> >
>> >
>> > On Mon, Jun 16, 2008 at 2:46 PM, Glenn Steen <glenn.steen at gmail.com>
>> > wrote:
>> >>
>> >> 2008/6/16 Devon Harding <devonharding at gmail.com>:
>> >> >>>>
>> >> >>>>
>> >> >>>>
>> >> >>>>        Devon Harding wrote:
>> >> >>>>        | I'm getting alot of spam coming through and it seems like
>> >> >>>>        the cause of
>> >> >>>>        | this is BAYES_00 scoring messages with -2.60.  I'm
>> >> >>>> running
>> >> >>>>        MS 4.68.8
>> >> >>>>        | with SA *Le Service des Technologies de l'Information de
>> >> >>>>        l'UdeS veut vous mettre en garde contre "3.2.4" qui semble
>> >> >>>>        être une tentative de fraude envers* 3.2.4. <http://3.2.4.>
>> >> >>>>        <*Le Service des Technologies de l'Information de l'UdeS
>> >> >>>> veut
>> >> >>>>        vous mettre en garde contre "3.2.4" qui semble être une
>> >> >>>>        tentative de fraude envers* http://3.2.4.>  I've already
>> >> >>>>        trained hundreds of
>> >> >>>>
>> >> >>>>        | messages like these as spam and it doesn't seem to work.
>> >> >>>>         What else can
>> >> >>>>        | I do?
>> >> >>>>
>> >> >>>>        My guess is that you are training the wrong database. You
>> >> >>>>        train another
>> >> >>>>        database and not the one you are using with MailScanner.
>> >> >>>>
>> >> >>>>        Hugo.
>> >> >>>>
>> >> >>>>
>> >> >>>>
>> >> >>>>    For MS, where is the Bayes DB path specified?  My DB is located
>> >> >>>> here:
>> >> >>>>
>> >> >>>>    /etc/MailScanner/.spamassassin
>> >> >>>>
>> >> >>>>
>> >> >>>> I think my BAYES is  all messed up.  How do I rebuild it from
>> >> >>>> scratch?
>> >> >>>>
>> >> >>> Devon,
>> >> >>>
>> >> >>> Look here for a starter kit: http://www.fsl.com/resources.html
>> >> >>>
>> >> >>> Denis
>> >> >>>
>> >> >>> --
>> >> >>
>> >> >> I've restored the starter DB and I do see the new files in
>> >> >> /etc/MailScanner/.spamassassin (I stopped MailScanner and removed
>> >> >> the
>> >> >> one
>> >> >> ones first), but SA Bayes DB Info from Mailwatch shows nothing.
>> >> >>  When I
>> >> >> do a
>> >> >> lint from the Tools tab, i Get the following:
>> >> >>
>> >> >> [5637] dbg: bayes: no dbs present, cannot tie DB R/O:
>> >> >> //.spamassassin/bayes_toks
>> >> >
>> >> >
>> >> > Hmm....I thing Bayes IS working.  I just ran MailScanner --debug
>> >> > --debug-sa
>> >> > after the restore and did see:
>> >> >
>> >> > 11:52:13 [5879] dbg: bayes: tie-ing to DB file R/W
>> >> > /root/.spamassassin/bayes_toks
>> >> > 11:52:13 [5879] dbg: bayes: tie-ing to DB file R/W
>> >> > /root/.spamassassin/bayes_seen
>> >> > 11:52:13 [5879] dbg: bayes: found bayes db version 3
>> >> > 11:52:13 [5879] dbg: bayes: learned
>> >> > '88a47a16459989c19d47893de31fec608aa8f41e at sa_generated', atime:
>> >> > 1213631520
>> >> > 11:52:13 [5879] dbg: bayes: untie-ing
>> >> > 11:52:13 [5879] dbg: bayes: files locked, now unlocking lock
>> >> >
>> >> > It seems that MailWatch is the one thats not working right.  Any way
>> >> > to
>> >> > relink this?
>> >> >
>> >> > -Devon
>> >> >
>> >> Make sure your apahce user (the one running your httpd processes...
>> >> hence the one running MailWatch:-) can actually read the bayes
>> >> files... "su" is your friend here... and if you want to be able to
>> >> learn via MailWatch, make sure the same user can write them too.
>> >>
>> >> Cheers
>> >> --
>> >
>> > I have the right permissions set, the thing is MailWatch is not showing
>> > any
>> > data for 'Bayes Database Information'.  What is the tie in for
>> > MailWatch?
>> >
>> > -rw-rw---- 1 root apache  78K Jun 16 15:17 bayes_journal
>> > -rw-rw---- 1 root apache  895 Jun 16 15:17 bayes.mutex
>> > -rw-rw---- 1 root apache 172K Jun 16 15:17 bayes_seen
>> > -rw-rw---- 1 root apache 5.1M Jun 16 15:17 bayes_toks
>> >
>> > -Devon
>> >
>> But can the apache user access the directory?
>> MailWatch isn't particularly "magical" here, it uses the same info as
>> all else...
>>
>> Try something like "su - apache -s /bin/bash" and then "cd
>> /path/to/where/you/have/the/bayes/files"... Might give a clue:-)
>>
>> Cheers
>> --
>> -- Glenn
>
> User apache can access this fine.  I didn't see anything  in the  MailWatch
> .conf file on  Bayes
>
That's because there is nothing there....:-).
It uses the same info all else do (through the normal SA method... The
.cf files).

Unless this is something hardcoded into the scriptlet handling the SA
db dump... Haven't checked that (and will not be anwhere I can check
it until tomorrow... You have a look:-).

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

More information about the MailScanner mailing list