Debian/Postfix/Spamassasin bayes log error

Posted on 2007-07-30
Last Modified: 2013-12-09
I have this shown up in my Debian/Postfix/Spamassasin system log:

bayes: unknown packing format for bayes db, please re-learn: 70 at /usr/share/perl5/Mail/SpamAssassin/BayesStore/ line 1875.

Any idea what this is?
Question by:icsbudapest
    LVL 36

    Expert Comment

    What version of spamassassin are you running?

    can you do a "sa-learn --dump magic" while logged in as the same user as spamassassin runs as. You should get something like :-

    # sa-learn --dump magic
    0.000          0          3          0  non-token data: bayes db version
    0.000          0       2853          0  non-token data: nspam
    0.000          0       1110          0  non-token data: nham
    0.000          0     153157          0  non-token data: ntokens
    0.000          0  971861971          0  non-token data: oldest atime
    0.000          0 1186176350          0  non-token data: newest atime
    0.000          0 1186176637          0  non-token data: last journal sync atime
    0.000          0 1186164585          0  non-token data: last expiry atime
    0.000          0   11059200          0  non-token data: last expire atime delta
    0.000          0      15468          0  non-token data: last expire reduction count

    Can you also do a "ls -la" of the directory containing the bayes database files. If you dont know where these are doing a 'locate bayes_toks' should find it as long as the locate utility is installed.

    Author Comment

    Thanks for the response GRBLADES,

    SpamAssassin version 3.1.7-deb

    With sa-learn --dump magic I got:
    0.000          0          3          0  non-token data: bayes db version
    0.000          0      31333          0  non-token data: nspam
    0.000          0       2621          0  non-token data: nham
    0.000          0     218145          0  non-token data: ntokens
    0.000          0 1181239397          0  non-token data: oldest atime
    0.000          0 1186385258          0  non-token data: newest atime
    0.000          0 1186385296          0  non-token data: last journal sync atime
    0.000          0 1181626547          0  non-token data: last expiry atime
    0.000          0     473964          0  non-token data: last expire atime delta
    0.000          0          0          0  non-token data: last expire reduction count

    I was also able to do a ls -la of the bayes directory. (as the user that runs SA)

    LVL 36

    Accepted Solution

    I am not sure why you are getting the message. Bayes does seem to be working fine.

    Have you increaded the maximum bayes database size as the number of tokens is a bit high for a default install. Try doing a "sa-learn --force-expire" to expire the old tokens and that will also rebuild the database incase a part of it is corrupted.

    spamassassin 3.1.7 is fairly old now. 3.1.9 is the current 3.1 branch but the latest is now 3.2.2 I believe. It is worth upgrading as the detection is much better.

    How is your spam detection rate?
    There are quite a few enhancements you can make to spamassassin and with these you should be able to get the detection rate over 99%.

    Author Comment

    I will try out your suggestions and report back.

    The spam filtering has been pretty good. I'm really not a spam specialist, and to be honest this is my first dedicated spam filter box that I have built myself. (I've administered one for some time at a micro-company.) It is basically just filtering out the spam/viruses and passing it to our internal server.

    I basically configured in the same way as this guide:
    with some minor changes.
    LVL 36

    Expert Comment

    Thats a very well written guide.

    Rather than amavisd-new I use mailscanner ( which is much better in my opinion as it does a lot more but is more complex to setup. Amavis is probably better for a small user system.

    Have a look at They do unofficial additional signatures for clamav which allows it to detect a lot of the phishing, stock image and stock pdf spam as viruses.

    Have a look at There are some very good additional rules which you can either download manually (they get updated very infrequently) or configure sa-update to download updates automatically.
    There is also a imageinfo plugin which detects certain image characteristics. Spamassassin 3.2 and above include this by default so if you are planning to upgrade then dont bother installing this now.
    A new plugin is pdfinfo which is very good. It is currently just out of beta so is updated fairly frequently.

    Here is a script which downloads the KAM rules which are updated multiple times a week and detect the latest stock, greeting card and other recent spams.
    cd /etc/mail/spamassassin
    cp -f /tmp/
    wget -N
    /etc/init.d/spamd restart

    Author Comment

    Thanks so much for the extra tips on rules. I will go through that info as soon as I have a chance.
    I finally got around to upgrading spamassassin. Now running v2.1. Still getting the error though. It pops up when I try to do a:

    sa-learn --force-expire                                
    bayes: synced databases from journal in 0 seconds: 95 unique entries (113 total entries)
    bayes: unknown packing format for bayes db, please re-learn: 70 at /usr/share/perl5/Mail/SpamAssassin/BayesStore/ line 1879.
    expired old bayes database entries in 9 seconds
    218262 entries kept, 0 deleted
    token frequency: 1-occurrence tokens: 0.00%
    token frequency: less than 8 occurrences: 0.00%


    Author Comment

    Well I gave up. Did a sa-learn --clear and just cleared out my bayes database ( after creating a backup) and started with a fresh one. Not a real big deal since this server has only been up a few months, but hopefully it wont happen again. I will have to "re-learn" it but that shouldn't be a problem. We'll see if the database clear or spamassassin upgrade creates any new problems, but at least I won't have the database problem.
    LVL 36

    Expert Comment

    I assume you mean 3.2.1 and not 2.1?

    Can you post a directory listing of the bayes directory?

    You might have to backup, clear and restore the bayes database incase it is corrupted. Please post a directory listing first incase you have an old database format in which case you can use 'sa-learn --import' instead.
    sa-learn -- backup >/tmp/bayes.backup
    sa-learn --clear
    sa-learn --restore /tmp/bayes.backup

    Author Comment

    Yea, I did mean 3.2.1

    Here is my bayes dir:
    # ls -al /usr/share/perl5/Mail/SpamAssassin/BayesStore/
    total 196
    drwxr-xr-x  2 root root  4096 2007-08-27 10:47 .
    drwxr-xr-x 10 root root  4096 2007-08-27 10:47 ..
    -rw-r--r--  1 root root 58788 2007-06-08 14:55
    -rw-r--r--  1 root root 27275 2007-06-08 14:55
    -rw-r--r--  1 root root 26668 2007-06-08 14:55
    -rw-r--r--  1 root root  1917 2007-06-08 14:55
    -rw-r--r--  1 root root 58595 2007-06-08 14:55

    But as I said, I already backed it up then cleared it. It is currently running with a new fresh one. I hesitate to restore the old one. Is there any reason to restore the old one other then the fact that it has one month of "experience?"
    LVL 36

    Expert Comment

    That directory is just the perl code used to manage bayes. The bayes database directory should contain files like :-

    [root@gbhome .spamassassin]# ls -la
    total 5164
    drwx------    2 spam     spam         4096 Aug 27 06:25 .
    drwx------    6 spam     spam         4096 Aug 24 11:18 ..
    -rw-------    1 spam     spam       659456 Aug 27 15:25 auto-whitelist
    -rw-------    1 spam     spam            6 Aug 27 15:25 auto-whitelist.mutex
    -rw-------    1 spam     spam        36168 Aug 27 15:25 bayes_journal
    -rw-------    1 spam     spam         1656 Aug 27 15:25 bayes.mutex
    -rw-------    1 spam     spam       651264 Aug 27 15:25 bayes_seen
    -rw-------    1 spam     spam      5398528 Aug 27 15:25 bayes_toks
    -rw-rw-r--    1 spam     spam         1487 May 10 18:26 user_prefs

    There is no problem with not importing the old data apart from you will have to wait until it gets 300 spam and non-spam messages before it will start working so you will probably let through more spam in the meantime.

    A database backup backs up the data in human readable form so if you do a restore you are not simply copying back a potentially corrupt database.

    Author Comment

    After the update and bayes "clear" it seems that the error message is gone.
    Thanks a lot for your help. I think I have a good handle on Bayes Db now.
    Running into a different problem now though. (getting error for many messages like: Aug 30 17:10:02 icsb postfix/smtp[15617]: 8DB1CA008C: lost connection with[] while sending message body) But I will start a new question regarding that.
    LVL 36

    Expert Comment

    That error is nothing to worry about. It just means the mail server was very slow responding after the ititial connection. It will try again to another one of their mail servers or again later.

    Author Comment

    Just a last note. The error messages were actually because my antivirus (clamAV) stopped functioning properly after the upgrade. ClamAV was upgraded and the clamd had to be re-added to the amavisd group. The messages kept trying to loop through the AV untill they gave up or got pushed through, but that really is another topic for another day. :)
    Thanks a lot grbaldes, you exceed your reputation as an excellent help.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Why You Should Analyze Threat Actor TTPs

    After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

    Forget those services on TV trying to sell you software – that’s step one.  Almost all of the software you need should be available for free.  The tricky part is doing the work.  If you are not comfortable performing these steps yourself, contact a …
    Operating system developers such as Microsoft ( and Apple have made incredible strides in virus protection over the past decade. Operating systems come packaged with built in defensive tools such as virus protection and a f…
    Need more eyes on your posted question? Go ahead and follow the quick steps in this video to learn how to Request Attention to your question. *Log into your Experts Exchange account *Find the question you want to Request Attention for *Go to the e…
    Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    10 Experts available now in Live!

    Get 1:1 Help Now