Bayes Introduction
The Bayesian classifier in Spamassassin tries to identify spam by looking at what are called tokens; words or short character sequences that are commonly found in spam or ham. If I've handed 100 messages to sa-learn that have the phrase penis enlargement and told it that those are all spam, when the 101st message comes in with the words penis and enlargment, the Bayesian classifier will be pretty sure that the new message is spam and will increase the spam score of that message.
...
- To train Spamassassin, you get a mailbox full of messages that you know are spam and use the sa-learn program to pull out the tokens and remember them for later:
sa-learn --showdots --mbox --spam spam-file
Then you get a mailbox full of messages you're sure are ham and teach Bayes about those:
sa-learn --showdots --mbox --ham ham-file
It is important to do both. - The bayesian classifier can only score new messages if it already has 200 known spams and 200 known hams.
- If Spamassassin fails to identify a spam, teach it so it can do better next time. Run it through the sa-learn program and it will be more likely to correctly identify it as spam next time. Likewise, if SA puts a ham in your spam folder, run that message through sa-learn --ham ham-folder.
- It's OK to feed emails with Spamassassin markup into the sa-learn command – sa-learn will ignore any standard Spamassassin headers, and if the original email has been encapsulated into an attachment it will decapsulate the email. In other words sa-learn will undo any changes which Spamassassin has done before learning the spam/ham character of the email.
- If you or any upstream service has added any additional headers to the emails which may mislead Bayes, those should probably be removed before feeding the email to sa-learn. Alternatively, use the bayes_ignore_header setting in your local.cf (as detailed in the man page for Mail::SpamAssassin::Conf).
- An example of a ham-file could be ~/mail/saved-messages, or wherever your email client saves messages. Make sure all spam is deleted before using sa-learn on a ham-file.
Similar to the training example above, for a maildir format mailbox, the commands should be altered as shown below.
...
How to train Bayes without logging on
(DanKohn)
If you don't read your mail on the account where SpamAssassin is running, it can be challenging to do mistake-based training, where you learn false negatives (i.e., spam that was not caught) as spam. One approach is redirect your false negatives and use procmail to train on them, as described in ProcmailToForwardMail.
(DanKohn)
Training
...
plus reporting
If you only train your own bayes database using sa-learn, you will not be reporting the spam message you received to spam checksum services such as dcc, pyzor, or razor. To report the spam to the checksum services, you will need to use spamassassin -r < the_spam_message_file. You may also need to register as a spam reporter for services such as razor. If you are not sure your reports are being accepted, run spamassassin -rD < the_spam_message_file and look for any debugging output telling you that you need to register.
...
| Wiki Markup |
|---|
If you have "maildir" mailboxes, running _spamassassin -r_ multiple times can be tedious for large numbers of spam. So you can use this \["report_spam.pl"\] script to run it for you. The script is written in perl. You can save the script to your spamassassin computer and then run it using _report_spam.pl your_spam_directory_. Each message in your_spam_directory will then be learned in bayes *and* reported to the checksum services. |
(KurtYoder)
Questions, Comments, Future Directions
...