How to test email spam scores with amavis?
The rules are cumulative. In some cases, such as this you will have overlapping rules triggered.
Bayes 99 to 99.9 Scores 3.5
3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100%
[score: 1.0000]
Bayes 99.9 to 100% triggers two rules and scores 3.7.
3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100%
[score: 1.0000]
0.2 BAYES_999 BODY: Bayes spam probability is 99.9 to 100%
[score: 1.0000]
EDIT: Amavis does seem to support testing directly.
There are some hint on testing on the mailing list. This indicates something like the following.
mini_sendmail -ftest at example.com -s127.0.0.1 \
-p8888 postmaster at example.com <test.msg
It may be possible to generate a test configuration that delivers messages to a file. See the above mailing list thread.
The amavis-new documentation indicates these is some documentation in the distribution. In particular, 'test-messages/README'.
Amavis works by re-injecting mail back into your MTA. This can result in back-scatter spam.
Related videos on Youtube
CaptSaltyJack
Updated on September 18, 2022Comments
-
CaptSaltyJack almost 2 years
I'd like a way to test a spam message to see its spam scores that SpamAssassin gives it. The SA db files (
bayes_toks
, etc) reside in/var/lib/amavis/.spamassassin
. I've been testing emails by doing this:sudo su amavis -c 'spamassassin -t msgfile'
Though this yields some strange results, such as:
Content analysis details: (3.7 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% [score: 1.0000] -0.0 NO_RELAYS Informational: message was not relayed via SMTP 0.0 LONG_TERM_PRICE BODY: LONG_TERM_PRICE 0.2 BAYES_999 BODY: Bayes spam probability is 99.9 to 100% [score: 1.0000] -0.0 NO_RECEIVED Informational: message has no Received headers
0.2 is an awfully low scores for
BAYES_999
! But this is the first time I've used amavis, previously I've always just used spamassassin directly as a content filter in postfix, but apparently running amavis/spamassassin is more efficient.So, with amavis in the picture, how can I run a test on a message to see its spam score breakdown?
Another email I ran a test on got this result:
2.0 BAYES_80 BODY: Bayes spam probability is 80 to 95% [score: 0.8487]
Doesn't make sense, that BAYES_80 can yield a higher score than BAYES_999. Help!
-
CaptSaltyJack almost 10 yearsThis didn't actually answer the question. I was asking how to test email messages on the command line using amavis.
-
BillThor almost 10 years@CaptSaltyJack I've added testing notes.
-
CaptSaltyJack almost 10 yearsThe question was how to properly test an email that is going through amavis first. Actually I think the answer is, it's not possible. Once it passes through amavis, it's kind of a different message and is trusted even more since it was delivered by localhost.
-
BillThor almost 10 years@CaptSaltyJack According to the documentation amavis logs its activity, so you merely need to look in the logs. Also, you will have a second received header from when amavis re-injects the message into your MTA. I don't understand your new interpretation of what you asked. I think that what you asked is may not be what you intended to ask.
-
CaptSaltyJack almost 10 yearsMy goal is to not see what scores it got, I can see that from the header. My goal is to actually run a command to test a message to see how it would score (from amavis's perspective).
-
BillThor almost 10 years@CaptSaltyJack According to the documentation that is what you were doing. See the references I added for more information.
-
CaptSaltyJack almost 10 yearsAh! So, I tried
/usr/sbin/sendmail -i me@domain < spamfile.txt
. Unfortunately, it went right through and didn't get marked as spam at all. Yet when I manually runspamassassin -t spamfile.txt
, it does. I wonder why thesendmail
method didn't work. -
BillThor almost 10 years@CaptSaltyJack Check the headers. Also try the documented method to send the method directly to amavis. If the results don't agree, you may not have sendmail appropriately configured.