[SA-exim] SA-exim suddenly started ignoring "X-Spam-Status: Yes"

[Rick Moen]

Something peculiar happened to my MTA, last night.  I set "sa-learn
--spam" loose on an mbox of about 50,000 received spam mails, and then
went to sleep.  In the morning, suddenly hundreds of _new_ spams like
this had started transiting _through_ to my personal inbox, despite
being marked " X-Spam-Status: Yes" with very high spamicity scores, like
this:

 From j.hastingsvw at stanway.demon.co.uk Sat Apr 24 12:52:47 2004
 From: James Hastings <j.hastingsvw at stanway.demon.co.uk>
 To: bale at linuxmafia.com
 Date: Sat, 24 Apr 2004 19:58:58 +0000
 Subject: 9 times better then Vi*agra                             dewjxjc
 X-Spam-Status: Yes, hits=20.8 required=5.0
 tests=BAYES_99,CLICK_BELOW_CAPS,
         HTML_MESSAGE,IMPOTENCE,MIME_HTML_ONLY,RAZOR2_CF_RANGE_51_100,
         RAZOR2_CHECK,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_DYNABLOCK,RCVD_IN_SORBS,
         SUBJ_HAS_SPACES,SUBJ_HAS_UNIQ_ID autolearn=spam version=2.63

Here are relevant versions (unchanged for some weeks):

ii  exim4          4.30-4         An MTA (Mail Transport Agent)
ii  exim4-base     4.30-4         EXperimental Internal Mailer -- a Mail Trans
ii  exim4-config   4.30-4         Debian configuration for exim4
ii  exim4-daemon-h 4.30-8         Exim (v4) with extended features, including 
ii  sa-exim        3.1-2          Use spamAssassin at SMTP time with the Exim 
ii  spamassassin   2.63-1         Perl-based spam filter using text analysis

load average is low, as usual: 0.16, 0.08, 0.04

Looking through /var/log/exim4/* confirms that Exim4 callouts are still 
(correctly) leading to rejection of a considerable amount of spam, even
though something's evidently gone wonky with the SA side of things.

I notice that /var/spool/sa-exim/* is owned by mail:mail.  Is that right, 
given that the exim daemon runs as user Debian-exim ?

Any clues as to how I figure out what has suddenly broken?