How does the real-time spam training in Warden Anti-spam and Virus Protection work?

When a user marks a message as spam in their email client (or though webmail) Warden will use a dovecot IMAP service sieve filter to train SpamAssassin (the message is fed though the spamassassin sa-learn binary).  If a message is marked as not spam Warden will train the message as HAM (good email). Warden will log this training in dashboard under the Anti-spam - Learning Statistics dashboard widget.

By default BAYES rules will be enabled once 200 spam and ham message are trained. You can view the number of trained items on the Dashboard or in the Reports area under Anti-spam - Learning Statistics. All Bayes and Txrep data is stored in the Warden database for improved maintenance and performance.

When a user marks a message as spam or ham in their email client you should see the Anti-spam - Learning Statistics increment the spam or ham learned values.

Troubleshooting

If your learning statistics are not working you can go though the setup wizard again under Settings -> Application Setup to try and fix the problem (It will re-add database connection information to /etc/mail/spamassassin/local.cf which is used by the real-time learning).

The dovecot learning sieve filter also expects that SpamAssassin and sa-learn is in working order. You can check that your SpamAssassin config has no errors using the command (It should not return any errors):

spamassassin --lint

To turn on debug mode for dovecot edit the file /etc/dovecot/dovecot.conf and search for the mail_debug parameter:

mail_debug = yes

Restart dovecot after enabling debug mode:

systemctl restart dovecot

With debug mode enabled this is what you will see in the /var/log/maillog when a user marks a message as spam:

Aug 21 11:20:32 el7p17 dovecot: service=imap, user=test@example.com, ip=[192.168.1.100]. Debug: Mailbox INBOX.Spam: Mailbox opened because: UID move
Aug 21 11:20:32 el7p17 dovecot: service=imap, user=test@example.com, ip=[192.168.1.100]. Debug: imapsieve: mailbox INBOX.Spam: MOVE event
Aug 21 11:20:32 el7p17 dovecot: service=imap, user=test@example.com, ip=[192.168.1.100]. Debug: imapsieve: Matched static mailbox rule [1]
Aug 21 11:20:32 el7p17 dovecot: service=imap, user=test@example.com, ip=[192.168.1.100]. Debug: sieve: file storage: Using Sieve script path: /var/qmail/popuser/warden-learn-spam.sieve
Aug 21 11:20:32 el7p17 dovecot: service=imap, user=test@example.com, ip=[192.168.1.100]. Debug: sieve: file storage: script: Opened script `warden-learn-spam' from `/var/qmail/popuser/warden-learn-spam.sieve'
Aug 21 11:20:32 el7p17 dovecot: service=imap, user=test@example.com, ip=[192.168.1.100]. Debug: sieve: Opening script 1 of 1 from `/var/qmail/popuser/warden-learn-spam.sieve'
Aug 21 11:20:32 el7p17 dovecot: service=imap, user=test@example.com, ip=[192.168.1.100]. Debug: sieve: Loading script /var/qmail/popuser/warden-learn-spam.sieve
Aug 21 11:20:32 el7p17 dovecot: service=imap, user=test@example.com, ip=[192.168.1.100]. Debug: sieve: Script binary /var/qmail/popuser/warden-learn-spam.svbin successfully loaded
Aug 21 11:20:32 el7p17 dovecot: service=imap, user=test@example.com, ip=[192.168.1.100]. Debug: sieve: binary /var/qmail/popuser/warden-learn-spam.svbin: save: not saving binary, because it is already stored
Aug 21 11:20:32 el7p17 dovecot: service=imap, user=test@example.com, ip=[192.168.1.100]. Debug: sieve: Executing script from `/var/qmail/popuser/warden-learn-spam.svbin'
Aug 21 11:20:32 el7p17 dovecot: service=imap, user=test@example.com, ip=[192.168.1.100]. Debug: sieve: Started running script `/var/qmail/popuser/warden-learn-spam.svbin'
Aug 21 11:20:32 el7p17 dovecot: service=imap, user=test@example.com, ip=[192.168.1.100]. Debug: sieve: Finished running script `/var/qmail/popuser/warden-learn-spam.svbin'
Aug 21 11:20:32 el7p17 dovecot: service=imap, user=test@example.com, ip=[192.168.1.100]. Debug: sieve: action pipe: running program: warden-learn-spam.sh
Aug 21 11:20:32 el7p17 dovecot: service=imap, user=test@example.com, ip=[192.168.1.100]. Debug: program exec:/var/qmail/popuser/warden-learn-spam.sh: Created
Aug 21 11:20:32 el7p17 dovecot: service=imap, user=test@example.com, ip=[192.168.1.100]. Debug: program exec:/var/qmail/popuser/warden-learn-spam.sh: Pass environment: USER=test@example.com
Aug 21 11:20:32 el7p17 dovecot: service=imap, user=test@example.com, ip=[192.168.1.100]. Debug: program exec:/var/qmail/popuser/warden-learn-spam.sh: Pass environment: HOME=/var/qmail/mailnames/example.com/test
Aug 21 11:20:32 el7p17 dovecot: service=imap, user=test@example.com, ip=[192.168.1.100]. Debug: program exec:/var/qmail/popuser/warden-learn-spam.sh: Pass environment: HOST=localhost.localdomain
Aug 21 11:20:32 el7p17 dovecot: service=imap, user=test@example.com, ip=[192.168.1.100]. Debug: Mailbox INBOX.Spam: UID 14: Opened mail because: mail stream
Aug 21 11:20:32 el7p17 dovecot: service=imap, user=test@example.com, ip=[192.168.1.100]. Debug: program exec:/var/qmail/popuser/warden-learn-spam.sh: Establishing connection
Aug 21 11:20:32 el7p17 dovecot: service=imap, user=test@example.com, ip=[192.168.1.100]. Debug: program exec:/var/qmail/popuser/warden-learn-spam.sh: Forked child process
Aug 21 11:20:32 el7p17 dovecot: service=imap, user=test@example.com, ip=[192.168.1.100]. Debug: program exec:/var/qmail/popuser/warden-learn-spam.sh (31354): Connected to program
Aug 21 11:20:32 el7p17 dovecot: service=imap, user=test@example.com, ip=[192.168.1.100]. Debug: program exec:/var/qmail/popuser/warden-learn-spam.sh (31354): Finished streaming payload to program
Aug 21 11:20:32 el7p17 dovecot: service=imap, user=test@example.com, ip=[192.168.1.100]. Debug: program exec:/var/qmail/popuser/warden-learn-spam.sh (31354): Finished input to program
Aug 21 11:20:32 el7p17 dovecot: service=imap, user=test@example.com, ip=[192.168.1.100]. Debug: program exec:/var/qmail/popuser/warden-learn-spam.sh (31354): Disconnected
Aug 21 11:20:32 el7p17 dovecot: service=imap, user=test@example.com, ip=[192.168.1.100]. Debug: program exec:/var/qmail/popuser/warden-learn-spam.sh (31354): Waiting for program to finish after 6 msecs
Aug 21 11:20:34 el7p17 dovecot: service=imap, user=test@example.com, ip=[192.168.1.100]. Debug: program exec:/var/qmail/popuser/warden-learn-spam.sh (31354): Child process ended
Aug 21 11:20:34 el7p17 dovecot: service=imap, user=test@example.com, ip=[192.168.1.100]. Debug: program exec:/var/qmail/popuser/warden-learn-spam.sh (31354): Destroy
Aug 21 11:20:34 el7p17 dovecot: service=imap, user=test@example.com, ip=[192.168.1.100]. Debug: sieve: uid=14: pipe action: piped message to program `warden-learn-spam.sh'
Aug 21 11:20:34 el7p17 dovecot: service=imap, user=test@example.com, ip=[192.168.1.100]. Debug: sieve: uid=14: left message in mailbox 'INBOX.Spam'
  • training, learning, dovecot, sieve
  • 0 A felhasználók hasznosnak találták ezt
Hasznosnak találta ezt a választ?

Kapcsolódó cikkek

How can I change the interface language of the extension?

You can change the interface language under Settings -> Application Settings -> Locale...

How can I disable admin email notifications in Amavis?

Amavis has different default options for controlling where virus, spam, banned file attachments,...

How can I whitelist or blacklist a mail server from greylisting?

To Whitelist a Mail Server From Greylisting Navigate to Warden -> Settings ->...

How can I enable third party anti-virus signatures within Warden to improve the ClamAV detection rate?

Warden supports enabling third party anti-virus signatures to improve the detection rate. These...

How can I setup a local caching DNS resolver to speed up DNS queries used by Amavis?

Run the following command to check if local DNS caching is enabled: host -tTXT...