1

I'm using postfix with amavis and spamassassin to filter out spam before relaying everything to an exchange server. Regularly I got mails which weren't catched by spamassassin, even worse, they were autolearned as ham.

So I started to collect them and exported them in plaintext and want to retrain those mails, marking them as spam.

From what I read so far is, that you don't have to specify anything that you want to "re"train a mail. You should just run with --spam and it should forget the mail as ham and train it as spam.

But observing sa-learn --dump magic shows, that it keeps the autolearned ham entry AND adds it to spam.

My Idea is, that Exchange somehow edited the mails so that, when exporting and putting it back to the postfix server, it isn't the same mail than before. Could that be the case? And if so, is there a way to do what i planned to do, for example by removing some headers?

Jens
  • 13
  • 2

1 Answers1

2

When you relearn SpamAssassin that a message should be spam it should flip the message over from ham to spam or spam to ham. The problem is that SpamAssassin learns about the message on your relay host, but when it is forwarded to your Exchange server the headers have changes since an addition Received line was added. You could give it a try by adding the following to your SpamAssassin configuration:

bayes_ignore_header Received

This would make SpamAssassin ignore the Received headers when using the Bayesian-filtering. Personally I'm not really in favor of this as it restricts your Bayesian-filter what it sees and what I can use to determine if something is ham or spam.

About turning on autolearning is something you may want to reconsider. In most cases it will pollute your database as more ham and spam messages will be wrongly marked. If you want train your database with the latest ham and spam messages it may be wise to set up both a ham and spam account that receive trustworthy messages that can be marked as ham or spam and learn those every X hours/minutes. But this a more difficult setup that requires some time before it correctly works.

hspaans
  • 251
  • 1
  • 7
  • it seems that this is the case in my setup the header differ so i will try to create an export which creates the exact same header (by deleting the one forward entry and looking for potential other differences) in the meantime i'll try it with ignore header – Jens May 02 '15 at 23:50