Guardian Digital Inc. > InfoCenter > Mailing List Archives > Amavis

Amavis Mailing List Archive

From: Daniel Luttermann (Daniel.Luttermann@t-online.de)
Date: Wed Dec 29 2004 - 20:05:31 EST


> I am pretty new to amavisd-new (2.2.1) and have had a big headache trying to
> get it installed and everything working. The problems I am having are with
> the spam filters using both SpamAssassin (3.0.2) and dspam (3.2.3). I have
> found the following issues:
> 1) I have the web cgi frontend installed for dspam so I can see each message
> being passed through the filter. I have found that on some messages dspam
> will get trained twice on the same message, contradicting itself! The first
> pass would say its Innocent, then a few seconds later it says its actually
> Spam. It took me awhile to figure it out but if you look in the executable
> for amavisd around line 11086, sub spam_scan, you will see the following:

As I know the mails are fed back because of the dspam autolearn
function. If dspam means that the mail is ham but sa means that the mail is spam
then the mail gets back to dspam for autolearn. So you see one time
the "Innocent" result and then the "Spam" result.

>> if ( $spam_level > 5.0 && $dspam_result eq 'Innocent') {
>> $eat = 'SPAM'; push(@options, qw(--class=spam --source=error));
>> # @options = qw(--stdout --addspam); # dspam < 3.0
>> }
>> elsif ($spam_level < 1.0 && $dspam_result eq 'Spam') {
>> $eat = 'HAM'; push(@options, qw(--class=innocent --source=error));
>> # @options = qw(--stdout --falsepositive); # dspam < 3.0
>> }
> So basically every message with more than 5 points from SA is always spam,
> and less than 1 point is always Innocent and dspam is wrong otherwise. Why
> is this so?

Perhaps because of the dspam autolearn feature? I don't know.... But
with these settings amavisd can train the dspam filter based on the
results from spamassassin.

> 2) In sub check_mail around line 6398 you will see:
>> } elsif ($spam_presence_checked) {
>> do_log(5, "spam_presence cached, skipping spam_scan");
>> } else {
> This is causing some duplicate messages not to be spam scanned at all or
> causing spam headers to be missing. IMO I'd like every message to be
> scanned, wouldn't this be better as an option in the config?
> 3) After processing quite a few emails I have found that dspam doesn't
> actually do anything with SA present. If they have different opinions on
> whether an email is spam/ham, SA always wins the arguement. Is this true?

Dspam learns based on the sa results but sa doesn't learn from dspam
results. SA performes tests on each mail and creates then the score
for it. You can increase/decrease the score if dspam means that the
mail is ham/spam. But the overall score is important for amavisd.
Based on that overall score the mail is delivered or not.

> 4) I have setup amavisd to use quarantine and changed $QUARANTINEDIR to use
> dspam's mailbox so I can use their web frontend to process quarantine. The
> problem is when a message gets quarantined, none of the dspam headers are
> present! This causes 2 big problems, 1) all the rating percentages are 0%
> because DSpam-Confidence is missing and 2) delivering a quarantine message
> (because it is not spam) throws it back in the quarantine because retraining
> dspam on that message fails since the headers are missing (--source=error
> relies on DSPAM headers or it fails).
> I'm not sure if this is the correct place to bring these issues up but
> perhaps someone can give me some feedback on this. Thanks!

The dspam header is inserted into passed mail if all recipients are
local. If the mail gets quarantained then it's not needed for sa or

Best Regards
Daniel Luttermann
The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt
AMaViS-user mailing list

[ About Guardian Digital ] - [ Press Center ] - [ Contact Us ] - [ System Activation ] - [ Reseller Info ] - [ Online Store ] - [ Site Map ]
Copyright (c) 2000 - 2004 Guardian Digital, Inc. Linux Lockbox and EnGarde are Trademarks of Guardian Digital, Inc.