[SWLUG] help required with spamassassin

bascule asura at theexcession.co.uk
Sun Jul 30 06:43:33 UTC 2006 

i'm getting really low detection rates with spamassassin and i can't work out 
why. mail is received by postfix from fetchmail and handed off to spamd (via 
spamc) and then received back and passed to cyrus, it seems i have sa set up 
right or else i wouldn't get any spam detected right? i have sa configured to 
add an identifier to the subject line and i do get a few everyday, i think my 
config for sa and postfix may be slightly non-standard in that i have a mail 
user (or more than one if i so chose) that isn't a system user, but has a 
user_prefs stored under /var/spool/spamassassin/prefs that is referenced by 
the command that runs spamd:
SPAMDOPTIONS="-d -c  -u cyrus -x 
--virtual-config-dir=/var/spool/spamassassin/prefs/%l"

this tells spamd to use the user prefs of whatever user postfix has destined 
the mail for, my user_prefs is very simple:

required_hits 5
rewrite_header Subject [SPAM]
report_safe 0
auto_whitelist_path        /var/spool/spamassassin/auto-whitelist
auto_whitelist_file_mode   0666
dcc_home                   /var/lib/dcc
whitelist_to    cardifffreecycle at yahoogroups.com

under /etc/mail/spamassassin i have a few rulesets:
[root at watson bascule]# ls /etc/mail/spamassassin/
70_sare_adult.cf             70_sare_genlsubj0.cf     70_sare_html0.cf     
70_sare_random.cf    70_sare_uri_eng.cf        local.cf
70_sare_bayes_poison_nxm.cf  70_sare_genlsubj1.cf     70_sare_html1.cf     
70_sare_specific.cf  70_sc_top200.cf           RulesDuJour/
70_sare_evilnum0.cf          70_sare_genlsubj_eng.cf  70_sare_html_eng.cf  
70_sare_spoof.cf     72_sare_bml_post25x.cf    spamassassin-default.rc
70_sare_evilnum1.cf          70_sare_header0.cf       70_sare_obfu0.cf     
70_sare_unsub.cf     99_sare_fraud_post25x.cf  spamassassin-spamc.rc
70_sare_evilnum2.cf          70_sare_header1.cf       70_sare_obfu1.cf     
70_sare_uri0.cf      antidrug.cf               tripwire.cf
70_sare_genlsub0.cf          70_sare_header_eng.cf    70_sare_oem.cf       
70_sare_uri1.cf      init.pre                  user_prefs.template
and i use rules_du_jour to keep them updated, i've begun to wonder though if 
my setup is somehow bypassing all these rulesets, because although there is 
an argument that sa is not necessarily the best spam tool today i would 
expect it to get over half my spam instead of less then half!

if someone with knowledge and time is able to help me trouble shoot this i'd 
be grateful, just ask for any info you need

bascule
-- 
"there's nothing an agnostic can't do if he really doesn't know if he believes
in anything or not" - M.Python

More information about the Swlug mailing list