occasional bayes failure

Greg Matthews gmatt at nerc.ac.uk
Mon May 19 15:45:47 IST 2008 

On one of my production relays I'm seeing occasional messages come 
through that seem to miss Bayes scanning. What could be the cause of 
this? The vast majority of low and high scoring spam shows a BAYES score 
but occasionally not:

May 19 15:30:24 mailr-w MailScanner[28305]: Message m4JEUIY6031013 from 
210.35.74.3 (customer.support at britannia.co.uk) to ceh.ac.uk is spam, 
SpamAssassin (cached, score=11.974, required 5, autolearn=spam, 
BOTNET_CLIENT 0.20, BOTNET_CLIENTWORDS 0.20, BOTNET_IPINHOSTNAME 0.30, 
BOTNET_SOHO -0.40, DCC_CHECK 1.70, FORGED_MUA_OUTLOOK 3.12, 
FORGED_OUTLOOK_HTML 0.00, FORGED_OUTLOOK_TAGS 0.00, HTML_MESSAGE 0.00, 
MIME_HTML_ONLY 1.46, MISSING_HEADERS 1.29, MSGID_FROM_MTA_HEADER 0.80, 
MSOE_MID_WRONG_CASE 0.82, RDNS_DYNAMIC 0.10, SPF_SOFTFAIL 0.60, 
URIBL_PH_SURBL 1.79)

I've checked the permissions of /etc/MailScanner/bayes and they are 
exactly like my other two production hosts. I've --restore'd from a 
bayes backup (from another relay) but I'm still seeing occasional log 
entries with no BAYES score.

a --lint run shows nothing out of the ordinary. The only slightly iffy 
log that I've seen is when doing a --force-expire I see this:

dbg: bayes: can't use estimation method for expiry, unexpected
result, calculating optimal atime delta

but googling for this suggests it is quite common.

I looked for spamassassin timeouts but I dont have any past 1/20 (assume 
it retries up to 20 times) and these dont correspond chronologically 
with the bayes misses. Also, this is not the busiest of the three 
relays. The busiest shows no such problem.

any help appreciated.

GREG
-- 
Greg Matthews           01491 692445
Head of UNIX/Linux, iTSS Wallingford

-- 
This message (and any attachments) is for the recipient only. NERC
is subject to the Freedom of Information Act 2000 and the contents
of this email and any reply you make may be disclosed by NERC unless
it is exempt from release under the Act. Any material supplied to
NERC may be stored in an electronic records management system.

More information about the MailScanner mailing list