R Lists06 wrote: >> 1) are you using bayes_path ? >> 2) have you set bayes_file_mode 0777 in your local.cf? >> >> If you use bayes_path in a multi-user environment, you *MUST* set >> bayes_file_mode 0777 in local.cf. >> >> Also, make sure that /var/.spamassassin has world rwx privileges. >> >> > > Doesn't this create a potential or real giant type security risk? Well, regardless, the current user SA is running as has to be able to read and write to the bayes DB. It has to write to the journal publish atime updates at the very least. It will also want to be able to perform autolearning, journal sync, and oportunistic expiry, unless you've disabled those.
Without that, bayes cannot function. Does it have a security risk? Yes, there's the possibility of someone exploiting it for local-user privilege escalation. AFAIK, SA's bayes code is very careful about how it accesses files to mitigate this risk, but there's always room for mistakes. Really, using a SQL based bayes is a much better idea for an environment using a single bayes DB with multiple users accessing it. It's safer in this regard, and significantly faster too.
