Matt Kettler wrote:
sa-exim wrote:
I have Suse 10.1 exim, spamassassin 3.1.7 with bayes first the
spamassassin does it's job very well but spam does get through once in
awhile so I move all spam to a junk folder then upload this file to
the server, then I run sa_learn on the junk file and it loads the
tokens and such just fine. Now the problem is i installed this setup
with the suse add ons and it created the user nobody for SA.
Spamassassin uses this created user nobody but the sa_learn uses the
/root/spamassassin folder to update the rules. Then I have to copy
these file to the nobody folder. Then everything works great until the
spammers next wave. I have checked the bogofilter.cf and I have all
the commands pointing to the nobody folder but still can't sa_learn to
the nobody folder.
here are the permissions/r/w on the nobody folder
By default, sa-learn will write to the home directory of the user that
executes it.
Spamd, when scanning mail, will do the same for the user that executed
spamd.
*EXCEPT ROOT*. In that case, it defaults back to nobody for security.
Can anyone point me in the right direction to correct this
>From the looks of it, you're trying to do everything as root.
I would suggest creating a separate account named "spamd", "spamfilter"
or whatever you like.
Then do the following to get SA to always use it:
1) su to this user before running sa-learn.
2) pass this username with the -u parameter to either spamd's startup,
or every call to spamc.
I'd also suggest removing nobody's write privleges to his home
directory, that's a minor security hazard.
In an ideal world, nobody shouldn't be able to write to anything, this
way attackers that exploit a daemon running as nobody have no place to
write to for storing scripts to attack the rest of the system.
While this is a modest security gain, every little bit helps.
Perfect!! I knew I was overlooking something stupid and obvious.
By the way I took your advice and created a new user for spam (not
actual user spam for obvious reasons) , and removed nobody and works
perfectly.
Thanks again for the pointer
Ed
