On 2024-06-20 at 16:14:47 UTC-0400 (Thu, 20 Jun 2024 15:14:47 -0500)
Paul Schmehl <paul.schm...@gmail.com>
is rumored to have said:
I’m running spamassassin (SA) 3.4, postfix 3.9.0-1, and dovecot
2.2.36-8 on a linux server. I have some questions about SA that I
can’t seem to find answers for on the web.
The SA conf files are /etc/mail/spamassassin. The bayes files are in
/usr/local/etc/mail/spamassassin/bayes.
I’m running spamd as the content_filter in postfix. spamassassin
unix - n n - - pipe
user=spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f
${sender} ${recipient}
Everything is working as expected, but I have some questions about
permissions. Should spamd be the owner of /etc/mail/spamassassin?
No. It is entirely normal for any user to read the config files. The
spamd user never needs to write to that directory or anything in it.
Of /usr/local/etc/mail/spamassassin?
Yes. The bayes_* files there are the active Bayes DB in use by the spamd
daemon, so the user the daemon is running as needs to be able to do
anything in that directory.
Today I got a warning about the unsafe perms on sa-update-keys. Who
should own those and what should the perms be?
Files in that directory control whose signatures you trust on daily
rules packages, so the directory should be owned by root, perms 0700.
Finally, I’m seeing this in my maillogs.
config: failed to parse line, skipping, in
"/etc/mail/spamassassin/local.cf": bayes_
This is the config in local.cf:
bayes_path /usr/local/etc/mail/spamassassin/bayes/bayes
Is there any other line in that file starting with 'bayes_' ?
That error message is not lying to you: you have an error in local.cf
which SA cannot parse around. Also look in the lines before the
'bayes_path' line for unterminated quotes.
This is the contents of the bayes folder:
# ls -lsah /usr/local/etc/mail/spamassassin/bayes/
total 632K
0 drwxrwxr-x 2 spamd spamd 63 Jun 20 11:36 .
0 drwxrwxr-x 3 spamd spamd 19 Jun 13 06:00 ..
96K -rw------- 1 spamd spamd 95K Jun 20 14:44 bayes_journal
12K -rwxrwxrwx 1 spamd spamd 12K Jun 20 11:32 bayes_seen
524K -rwxrwxrwx 1 spamd spamd 664K Jun 20 11:32 bayes_toks
spamd owns the directory /usr/local/etc/mail/spamassassin and all
subdirectories. The perms are 775 for the directories and 777 for all
files. (I did this for testing purposes. They normally would be 755
and 644.)
I hope there's only you on that machine...
Using 'chmod 777' to troubleshoot permissions issues is always a bad
idea.
Spam that are not caught by SA are moved to my junk folder, and I
croned a script that parses those and feeds them into bayes_seen. That
script is working, and the bayes_seen file is being updated. (I
checked the timestamp on the file after running the script manually.)
I can’t make sense out of this error message. What am I missing?
It is a configuration file parsing error. It has nothing to do with
permissions or ownership. There's an error in local.cf.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo@toad.social and many *@billmail.scconsult.com
addresses)
Not Currently Available For Hire
