On Wed, 31 Dec 2003, Russell H. wrote:
> I'm running the latest release (2.61) on FreeBSD with the standard
> sendmail+procmail config using spamc/spamd and it seems that user_prefs
> are not working. I've tried setting up whitelists/blacklists and played
> with the threshold value but it only acts on the standard values listed in
> local.cf
>
> Here's how I'm running spamd:
>
> /usr/local/bin/spamd -u spamd -d -L --user-config
Probably the problem you're seeing is that the "spamd" user
cannot read other users' .spamassassin/user_prefs files. The
best way to handle per-user preferences if you're running spamd
as a non-root user is to stash the preferences into a database
(I use MySQL to good advantage) instead of files.
Running spamd as root has security implications, but it
really does try to relinquish root when it actually processes
messages. If you don't pass it a user (via spamc -u username)
it relinquishes privs by suid'ing to "nobody". To wit, a syslog
excerpt (spamc was invoked with an invalid user):
Jan 1 11:55:53 scanner spamd[20018]: connection from rover.example.org
[192.168.5.232] at port 4097
Jan 1 11:55:53 scanner spamd[22006]: handle_user: unable to find user
'foo'!
Jan 1 11:55:53 scanner spamd[22006]: Still running as root: user not
specified with -u, not found, or set to root. Fall back to nobody.
Jan 1 11:55:53 scanner spamd[22006]: processing message
<[EMAIL PROTECTED]> for foo:99.
Jan 1 11:56:04 scanner spamd[22006]: identified spam (13.0/5.0) for
foo:99 in 11.1 seconds, 2526 bytes.
So, if you want the spamd process to use the user_prefs _file_ in
the users' directories, you'll need to run spamd as root (and protect
the interfaces you have it listening on from external connections!) so
it can "su" to that user, or open up the .spamassassin directory (and
the users' home directories) via a "chmod a+x" directive and make the
"user_prefs" file world-readable. If your users are concerned that
their personal preferences are exposed (others *will* be able to
read them) you'll need to go the database route and protect the
database via rigourous authentication mechanisms that only spamd has
access to.
+------------------------------------------------+---------------------+
| Carl Richard Friend (UNIX Sysadmin) | West Boylston |
| Minicomputer Collector / Enthusiast | Massachusetts, USA |
| mailto:[EMAIL PROTECTED] +---------------------+
| http://users.rcn.com/crfriend/museum | ICBM: 42:22N 71:47W |
+------------------------------------------------+---------------------+
-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills. Sign up for IBM's
Free Linux Tutorials. Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
