Mulriple eFa servers one bayes database
Mulriple eFa servers one bayes database
Hello,
We have multiple eFa servers running as spam firewalls (for both incoming and outgoing emails). However we had some different spam scores based on the bayes database on each server. The next logical step was to use only 1 database, so this is what we did:
1. In one of our servers (the one with over 20m tokens) we created a new mysql user which was granted all privileges and access from the rest of the eFA databases.
2. Modified /etc/mail/mailscanner.cf and changed the following lines:
bayes_sql_dsn DBI:mysql:sa_bayes:main.sql.server
bayes_sql_username sa_remote
bayes_sql_password thenewpassword
bayes_sql_override_username postfix
3. Restarted mailscanner and spamassasin using:
service mailscanner restart
service spamassasin restart
Now, if I run a lint test, I can see that it connects to the main.sql.server. I've also manually tested the connection to ensure that the username/password are right and that it has access to the remote database.
If I run:
spamassassin -D -t < /var/spool/MailScanner/quarantine/20240523/nonspam/OneOfTheIds
Everything seems fine and we get a bayes spam probability.
So far, everything looks good....
But when I log into mailwatch, I can't see any BAYES probability in the spam report, it's not logged to the maillog table in MySQL and there's no way for us to know if it's actually being calculated or not.
Any help will be greatly appreciated.
We have multiple eFa servers running as spam firewalls (for both incoming and outgoing emails). However we had some different spam scores based on the bayes database on each server. The next logical step was to use only 1 database, so this is what we did:
1. In one of our servers (the one with over 20m tokens) we created a new mysql user which was granted all privileges and access from the rest of the eFA databases.
2. Modified /etc/mail/mailscanner.cf and changed the following lines:
bayes_sql_dsn DBI:mysql:sa_bayes:main.sql.server
bayes_sql_username sa_remote
bayes_sql_password thenewpassword
bayes_sql_override_username postfix
3. Restarted mailscanner and spamassasin using:
service mailscanner restart
service spamassasin restart
Now, if I run a lint test, I can see that it connects to the main.sql.server. I've also manually tested the connection to ensure that the username/password are right and that it has access to the remote database.
If I run:
spamassassin -D -t < /var/spool/MailScanner/quarantine/20240523/nonspam/OneOfTheIds
Everything seems fine and we get a bayes spam probability.
So far, everything looks good....
But when I log into mailwatch, I can't see any BAYES probability in the spam report, it's not logged to the maillog table in MySQL and there's no way for us to know if it's actually being calculated or not.
Any help will be greatly appreciated.
- shawniverson
- Posts: 3751
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: Mulriple eFa servers one bayes database
Do you see the bayes probability in the spam report prior to making this change?
Try running your spamassassin debug test as postfix and see what happens:
sudo su - postfix -s /bin/bash -c "spamassassin -D -t < /var/spool/MailScanner/quarantine/20240523/nonspam/OneOfTheIds"
Try running your spamassassin debug test as postfix and see what happens:
sudo su - postfix -s /bin/bash -c "spamassassin -D -t < /var/spool/MailScanner/quarantine/20240523/nonspam/OneOfTheIds"
Re: Mulriple eFa servers one bayes database
Using the local mysql bayes database:
Content analysis details: (-11.0 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-5.0 BAYES_00 BODY: Bayes spam probability is 0 to 1%
[score: 0.0000]
-4.0 RCVD_IN_DNSWL_MED RBL: Sender listed at https://www.dnswl.org/,
medium trust
[68.232.139.250 listed in list.dnswl.org]
-2.0 RCVD_IN_MSPIKE_H4 RBL: Very Good reputation (+4)
[68.232.139.250 listed in wl.mailspike.net]
0.5 SUBJ_ALL_CAPS Subject is all capitals
-0.0 T_SCC_BODY_TEXT_LINE No description available.
-3.5 DKIMWL_WL_HIGH DKIMwl.org - High trust sender
3.0 TXREP TXREP: Score normalizing based on sender's reputation
After changing the mentioned files to use the remote mysql bayes database:
-4.0 RCVD_IN_DNSWL_MED RBL: Sender listed at https://www.dnswl.org/,
medium trust
[68.232.139.250 listed in list.dnswl.org]
-2.0 RCVD_IN_MSPIKE_H4 RBL: Very Good reputation (+4)
[68.232.139.250 listed in wl.mailspike.net]
-5.0 BAYES_00 BODY: Bayes spam probability is 0 to 1%
[score: 0.0000]
0.5 SUBJ_ALL_CAPS Subject is all capitals
-0.0 T_SCC_BODY_TEXT_LINE No description available.
-3.5 DKIMWL_WL_HIGH DKIMwl.org - High trust sender
1.0 TXREP TXREP: Score normalizing based on sender's reputation
As you can see, the BAYES_00 is on both...
However, when I use MailWatch (eFa's web ui) it doesn't show any BAYES. Even the spam score is different from the one I get by running spamassassin as postfix than the one reported by MailWatch/MailScanner.
Content analysis details: (-11.0 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-5.0 BAYES_00 BODY: Bayes spam probability is 0 to 1%
[score: 0.0000]
-4.0 RCVD_IN_DNSWL_MED RBL: Sender listed at https://www.dnswl.org/,
medium trust
[68.232.139.250 listed in list.dnswl.org]
-2.0 RCVD_IN_MSPIKE_H4 RBL: Very Good reputation (+4)
[68.232.139.250 listed in wl.mailspike.net]
0.5 SUBJ_ALL_CAPS Subject is all capitals
-0.0 T_SCC_BODY_TEXT_LINE No description available.
-3.5 DKIMWL_WL_HIGH DKIMwl.org - High trust sender
3.0 TXREP TXREP: Score normalizing based on sender's reputation
After changing the mentioned files to use the remote mysql bayes database:
-4.0 RCVD_IN_DNSWL_MED RBL: Sender listed at https://www.dnswl.org/,
medium trust
[68.232.139.250 listed in list.dnswl.org]
-2.0 RCVD_IN_MSPIKE_H4 RBL: Very Good reputation (+4)
[68.232.139.250 listed in wl.mailspike.net]
-5.0 BAYES_00 BODY: Bayes spam probability is 0 to 1%
[score: 0.0000]
0.5 SUBJ_ALL_CAPS Subject is all capitals
-0.0 T_SCC_BODY_TEXT_LINE No description available.
-3.5 DKIMWL_WL_HIGH DKIMwl.org - High trust sender
1.0 TXREP TXREP: Score normalizing based on sender's reputation
As you can see, the BAYES_00 is on both...
However, when I use MailWatch (eFa's web ui) it doesn't show any BAYES. Even the spam score is different from the one I get by running spamassassin as postfix than the one reported by MailWatch/MailScanner.
- shawniverson
- Posts: 3751
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: Mulriple eFa servers one bayes database
When you ran as postfix, did you see any bayes in the score report?
Re: Mulriple eFa servers one bayes database
Yes, as you can see in the pasted data the line:
-5.0 BAYES_00 BODY: Bayes spam probability is 0 to 1%
[score: 0.0000]
Is on both reports, the one using the local mysql database and the one using the remote database.
-5.0 BAYES_00 BODY: Bayes spam probability is 0 to 1%
[score: 0.0000]
Is on both reports, the one using the local mysql database and the one using the remote database.
- shawniverson
- Posts: 3751
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: Mulriple eFa servers one bayes database
I'm still not clear on who you are executing as...
Does the bayes report show when you execute this:
Does the bayes report show when you execute this:
Code: Select all
sudo su - postfix -s /bin/bash -c "spamassassin -D -t < /var/spool/MailScanner/quarantine/20240523/nonspam/OneOfTheIds"
Re: Mulriple eFa servers one bayes database
Yes, what I pasted was running spamassassin as postfix user with the command you provided on the server that's connecting to the "remote" database.
My set up is this:
[EFA1] [EFA2] [EFA3]
Now, EFA1's bayes database is way more trained than the one used in EFA2 and EFA3.
The commands were run in EFA2.
The first time, I ran the command using EFA2's local bayes database. The second time I used EFA1's database (connecting from EFA2).
I got BAYES_00 in both reports.
However when I go to EFA2's MailWatch, the report doesn't show any BAYES probability when using the remote database, it shows fine when I use the local database.
My set up is this:
[EFA1] [EFA2] [EFA3]
Now, EFA1's bayes database is way more trained than the one used in EFA2 and EFA3.
The commands were run in EFA2.
The first time, I ran the command using EFA2's local bayes database. The second time I used EFA1's database (connecting from EFA2).
I got BAYES_00 in both reports.
However when I go to EFA2's MailWatch, the report doesn't show any BAYES probability when using the remote database, it shows fine when I use the local database.
- shawniverson
- Posts: 3751
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: Mulriple eFa servers one bayes database
MailWatch literally just parses the results from SpamAssassin when MailScanner calls it, so if it isn't showing in MailWatch, it didn't work...
Is SELinux enforcing on EFA2?
Is SELinux enforcing on EFA2?
Re: Mulriple eFa servers one bayes database
Yes it is.shawniverson wrote: ↑27 May 2024 15:11 MailWatch literally just parses the results from SpamAssassin when MailScanner calls it, so if it isn't showing in MailWatch, it didn't work...
Is SELinux enforcing on EFA2?
Re: Mulriple eFa servers one bayes database
You're a genius. I disabled selinux and it started reporting bayes probability in MailWatch.
I usually disable selinux when I initially set up a server, so I'm not used to deal with selinux restrictions. Since this boxes were loaded using your iso image I didn't think of selinux blocking.
I usually disable selinux when I initially set up a server, so I'm not used to deal with selinux restrictions. Since this boxes were loaded using your iso image I didn't think of selinux blocking.
Re: Mulriple eFa servers one bayes database
Thanks for posting this.
I now have two eFa 5 servers running on one bayes database and I am synching the spamassassin/local.cf between the two. This makes customizing rules a breeze.
I now have two eFa 5 servers running on one bayes database and I am synching the spamassassin/local.cf between the two. This makes customizing rules a breeze.