I have a lot of spam that gets through. I can't really understand whether or not it's working as designed, or if it's just not working.

Here are the headers from one email from a specific company that I have marked as spam many times over the past month. The headers indicate BAYES_00=-1.9, and a spam score of 2.9.

https://gist.github.com/macdabby/4c0a3c … 67c083dc1e

if I run 'spamassassin filename' from the command line on the same mesage, i get these headers. It looks different, and the score is 5.9. Although the only place I see bayes mentioend is: X-ME-Bayesian: 0

https://gist.github.com/macdabby/5f4e31 … 19a130b04e

I also tried as the vmail user: sudo -u vmail spamassassin filename

And got a higher score of 8.5 with bayes showing 3.5. So I think this is what SHOULD be running when a new message comes in to the server.

https://gist.github.com/macdabby/4971e8 … 8ab8f8b248

I have installed the antispam plugin here, but I didn't set up the mysql storage because I read it was slower and not necessary: http://www.iredmail.org/forum/topic8169 … assin.html

It looked like a lot of my mail wasn't going through the training system except those that I was moving over, so I tried to manually run the inbox and junk box for a few accounts using sa-learn --ham and --spam. But it looks like each linux user has it's own set. Maybe this is why I should have used the mysql storage.

sudo -u vmail sa-learn --dump magic
0.000          0          3          0  non-token data: bayes db version
0.000          0       4874          0  non-token data: nspam
0.000          0      67427          0  non-token data: nham
0.000          0    6315129          0  non-token data: ntokens
0.000          0 1316464070          0  non-token data: oldest atime
0.000          0 1480457576          0  non-token data: newest atime
0.000          0          0          0  non-token data: last journal sync atime
0.000          0 1480432589          0  non-token data: last expiry atime
0.000          0    1382400          0  non-token data: last expire atime delta
0.000          0      82029          0  non-token data: last expire reduction count

sudo -u amavis sa-learn --dump magic
0.000          0          3          0  non-token data: bayes db version
0.000          0        282          0  non-token data: nspam
0.000          0      66852          0  non-token data: nham
0.000          0     170055          0  non-token data: ntokens
0.000          0 1480274555          0  non-token data: oldest atime
0.000          0 1480459955          0  non-token data: newest atime
0.000          0 1480458001          0  non-token data: last journal sync atime
0.000          0 1480447571          0  non-token data: last expiry atime
0.000          0     172800          0  non-token data: last expire atime delta
0.000          0      15131          0  non-token data: last expire reduction count

I tried to run sa-learn for the junk and inbox folders using the amavis user, but I get access denied.

Any idea what could be wrong?

Thanks!

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 9.4
- Linux/BSD distribution name and version: debian 8
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): mysql
- Web server (Apache or Nginx): nginx
- Manage mail accounts with iRedAdmin-Pro? no
- Related log if you're reporting an issue:
====