4

I'd like a way to test a spam message to see its spam scores that SpamAssassin gives it. The SA db files (bayes_toks, etc) reside in /var/lib/amavis/.spamassassin. I've been testing emails by doing this:

sudo su amavis -c 'spamassassin -t msgfile'

Though this yields some strange results, such as:

Content analysis details:   (3.7 points, 5.0 required)

 pts rule name              description
---- ---------------------- --------------------------------------------------
 3.5 BAYES_99               BODY: Bayes spam probability is 99 to 100%
                            [score: 1.0000]
-0.0 NO_RELAYS              Informational: message was not relayed via SMTP
 0.0 LONG_TERM_PRICE        BODY: LONG_TERM_PRICE
 0.2 BAYES_999              BODY: Bayes spam probability is 99.9 to 100%
                            [score: 1.0000]
-0.0 NO_RECEIVED            Informational: message has no Received headers

0.2 is an awfully low scores for BAYES_999! But this is the first time I've used amavis, previously I've always just used spamassassin directly as a content filter in postfix, but apparently running amavis/spamassassin is more efficient.

So, with amavis in the picture, how can I run a test on a message to see its spam score breakdown?

Another email I ran a test on got this result:

 2.0 BAYES_80               BODY: Bayes spam probability is 80 to 95%
                        [score: 0.8487]

Doesn't make sense, that BAYES_80 can yield a higher score than BAYES_999. Help!

CaptSaltyJack
  • 638
  • 2
  • 13
  • 36

1 Answers1

3

The rules are cumulative. In some cases, such as this you will have overlapping rules triggered.

Bayes 99 to 99.9 Scores 3.5

3.5 BAYES_99               BODY: Bayes spam probability is 99 to 100%
                           [score: 1.0000]

Bayes 99.9 to 100% triggers two rules and scores 3.7. 

3.5 BAYES_99               BODY: Bayes spam probability is 99 to 100%
                           [score: 1.0000]
0.2 BAYES_999              BODY: Bayes spam probability is 99.9 to 100%
                           [score: 1.0000]

EDIT: Amavis does seem to support testing directly.

There are some hint on testing on the mailing list. This indicates something like the following. 

mini_sendmail -ftest at example.com -s127.0.0.1 \
     -p8888 postmaster at example.com <test.msg

It may be possible to generate a test configuration that delivers messages to a file. See the above mailing list thread.

The amavis-new documentation indicates these is some documentation in the distribution. In particular, 'test-messages/README'.

Amavis works by re-injecting mail back into your MTA. This can result in back-scatter spam.

BillThor
  • 27,737
  • 3
  • 37
  • 69
  • This didn't actually answer the question. I was asking how to test email messages on the command line using amavis. – CaptSaltyJack Aug 20 '14 at 02:59
  • @CaptSaltyJack I've added testing notes. – BillThor Aug 21 '14 at 00:18
  • The question was how to properly test an email that is going through amavis first. Actually I think the answer is, it's not possible. Once it passes through amavis, it's kind of a different message and is trusted even more since it was delivered by localhost. – CaptSaltyJack Aug 21 '14 at 00:26
  • @CaptSaltyJack According to the documentation amavis logs its activity, so you merely need to look in the logs. Also, you will have a second received header from when amavis re-injects the message into your MTA. I don't understand your new interpretation of what you asked. I think that what you asked is may not be what you intended to ask. – BillThor Aug 21 '14 at 00:38
  • 1
    My goal is to not see what scores it got, I can see that from the header. My goal is to actually run a command to test a message to see how it would score (from amavis's perspective). – CaptSaltyJack Aug 21 '14 at 00:40
  • @CaptSaltyJack According to the documentation that is what you were doing. See the references I added for more information. – BillThor Aug 21 '14 at 00:41
  • Ah! So, I tried `/usr/sbin/sendmail -i me@domain < spamfile.txt`. Unfortunately, it went right through and didn't get marked as spam at all. Yet when I manually run `spamassassin -t spamfile.txt`, it does. I wonder why the `sendmail` method didn't work. – CaptSaltyJack Aug 21 '14 at 01:15
  • @CaptSaltyJack Check the headers. Also try the documented method to send the method directly to amavis. If the results don't agree, you may not have sendmail appropriately configured. – BillThor Aug 21 '14 at 02:47