-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Tue, 8 Jul 2008, Johannes Bauer wrote:
(1) making the amavis user's .spamassassin directory to world-writeable
and handing the path to sa-learn with the --dbpath parameter. That failed
- the IMAP client says "Move not allowed" when I try to move a message to
or from the Spam IMAP folder.
(3) editing sudoers to allow 'sudo -u amavis sa-learn' without a password.
This works fine on the command line, but fails with the same error as (1)
when used with the plugin.
Hmm, "Move not allowed" from the client?
What do you see from Dovecot? I mean when you speak IMAP directly or
trace/sniff a non-SSL connection. I have the impression, that you hit a
situation, like:
"Cannot APPEND to a SPAM folder."
However, in this case it should not work with the sendmail binary.
For (3): did you allow all users to call sudo without password?
I mean:
su - user sudo -u amavis sa-learn
Also, did you noticed this paragraphe in man sudo?
-H The -H (HOME) option sets the HOME environment variable to the
homedir of the target user (root by default) as specified in
passwd(5). By default, sudo does not modify HOME (see set_home
and
always_set_home in sudoers(5)).
If HOME is not amavis's HOME, sa-learn might be upset.
Wrap your program in order to trace the problems of sa-learn:
#!/bin/bash
(
id -a
[snip] sa-learn [snip]
rc=$?
echo "exit code $rc"
exit $rc
) > /tmp/antispam.out.$$ 2> /tmp/antispam.err.$$
sa-learn needs to lock the database, maybe you get race problems? I used
to call sa-learn via --no-sync and --sync'ed in regular intervals.
Also, maybe you need a combination of -u/-C/-p.
Although I compiled the plugin from git with debugging to syslog
activated, I do not get any error messages in mail.log where all messages
from dovecot are logged.
Well, my antispam logs go to syslog, but Dovecot logs to a file.
Now, I know that the methods above aren't exactly secure, so if anybody
Dunno, but you want to train a site-wide database with information from
the user. So what you consider unsecure in particular? If you are afraid
of bugs in sa-learn, you should limit this ability to a certain group of
users, because any user can push any "message" Dovecot accepts to
sa-learn, regardless of its internal structure.
I have moved the Bayes DB to SQL to avoid the locking problems I had.
Bye,
- --
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFIc0XIVJMDrex4hCIRAnN1AJwMeiSWiRl/qBbQwDNYIw6T+Zg6iwCeKNyA
jcyx0LXE7EQ2oot6wrBp+lA=
=NhLz
-----END PGP SIGNATURE-----
