[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vps-mail] VPS2, Bayes problem

Subject: Re: [vps-mail] VPS2, Bayes problem
From: Scott Wiersdorf <scott@xxxxxxxxxxxx>
Date: Thu, 1 Apr 2004 21:48:54 -0700

On Thu, Apr 01, 2004 at 03:42:09PM -0800, Abigail Marshall wrote:
> 
> SW> It sounds like you want the following behavior:
> 
> SW>   * scan mail with spamassassin with the recipient's UID (for Bayes
> SW>     training)
> 
> NO. I want to use Bayes & Autowhitelisting server wide, with
> ONE Bayes database shared by all.  (Believe me, we all get
> the same spam).

Ah, then you definitely don't want to have DROPPRIVS at all in your
procmailrc file (rather, delay it until after spam has been processed
and delivered).

<snip>

> I appear to have fixed it now, but here is what I had to do.
> I was mistaken in thinking that it
> would write to Bayes with Dropprivs=yes. With that setting,
> it was creating the Bayes journal, but not writing to it.
> 
> Here is the configuration I now have that works (just in
> case anyone else needs it).
> 
> /etc/mail/local.cf:
> 
> use_bayes        1
> bayes_path      /var/spool/spamassassin/bayes

I'd make this /etc/mail/spamassassin/bayes for cleanness. Putting it
in sendmail's spool directory may have consequences.

> bayes_file_mode  0777

See below; this could be done less permissively with 0770 or possibly
0700 (default) if the directory ownership and permissions are set
correctly.

> bayes_auto_expire  1
> bayes_auto_learn   1
> 
> Directory /var/spool/spamassassin -
> chmod: 777

Again, this is very unsafe. It appears that spamd drops its own
privileges to 'nobody' when no '-u <user>' appears on the
command-line (I'm gathering this much from my own logs as well as the
excerpts you've posted). Try chowning the /etc/mail/spamassassin/bayes
directory to group 'nobody':

    chgrp nobody /etc/mail/spamassassin/bayes

and make it writable by that group:

    chmod 770 /etc/mail/spamassassin/bayes

And then watch your logs carefully! As a general rule (allow me some
pedantry please--this lesson is not just for Abigail), if you have to
set permissions to 777, you're probably doing something wrong. No well-
designed program would require such wickedness. If it's the only way
to accomplish what you're after, you're probably after the wrong thing.

Scott
-- 
Scott Wiersdorf
scott@xxxxxxxxxxxx
======================================================================
This is <vps-mail@xxxxxxxxxxxx>       <http://www.perlcode.org/lists/>
Before posting a question, please search the archives (see above URL).

Follow-Ups:
- Re[2]: [vps-mail] VPS2, Bayes problem
  - From: Abigail Marshall

References:
- [vps-mail] VPS2, Bayes problem
  - From: Abigail Marshall
- Re: [vps-mail] VPS2, Bayes problem
  - From: Abigail Marshall
- Re: [vps-mail] VPS2, Bayes problem
  - From: Scott Wiersdorf
- Re[2]: [vps-mail] VPS2, Bayes problem
  - From: Abigail Marshall

Prev by Date: Re[2]: [vps-mail] VPS2, Bayes problem
Next by Date: Re[2]: [vps-mail] VPS2, Bayes problem
Previous by thread: Re[2]: [vps-mail] VPS2, Bayes problem
Next by thread: Re[2]: [vps-mail] VPS2, Bayes problem
Index(es):
- Date
- Thread

Main Index | Thread Index