Bill, Thanks for the advice. I'm not too worried about the permissions config, though I will make the mods once I get performance up to the point where bayes is usable at all - I wouldn't want to lose all those sweet, sweet tokens to some unauthorized write premission.
-David -------- Original Message -------- Subject: Re: very basic SA-Learn performance question: is 90 seconds or so per token really, really slow or roughly normal? From: Bill Cole <sausers-20150...@billmail.scconsult.com> To: users@spamassassin.apache.org Date: Wed Nov 01 2017 06:57:55 GMT+0300 (AST) > On 31 Oct 2017, at 7:27 (-0400), David Gessel wrote: > >> bayes_file_mode 0777 > > Don't do that. I know the SiteWideBayes page recommends that, but it's wrong. > It's a bad idea to EVER make ANY file mode 0777 on any normal system. > Something mangled your Bayes DB. Anything running on that system *could* do > so. Maybe it was innocent, maybe not. > > One alternative: use 0770 (or even 775) and use group membership control > access. You can then symlink the ~/.spamassassin directories of users in the > group to that of the primary SA user (i.e. whatever amavisd runs as) OR > hardlink the Bayes and autowhitelist files from the primary user's directory > into that of other users. > > Another alternative: use 0700 and whenever doing anything with the > Bayes/AWL/TxRep DBs, do it as the primary user of he sitewide DB. This > requires giving that user read access to user mail but that's safe because it > already is seeing it all pre-delivery anyway. The safest approach for that is > setting an ACL on the Maildir/. I use MIMEDefang instead of amavisd so the > ACL for mine looks like this: > > bigsky:~ bill$ ls -led Maildir/ > drwx------+ 239 bill bill 8670 Oct 31 09:31 Maildir/ > 0: user:defang allow list,search,readattr,file_inherit,directory_inherit > >
