when you run bayes in SQL and does sa-learn --username it will not try to setuid to that user (in a real system user scenario it will fail for non existent users). Instead it uses that username to save and recall data from database. Due to forged addresses your system treat any originating address as yours and then try to interact with the DB.
*-u username, --username=username* If specified this username will override the username taken from the runtime environment. You can use this option to specify users in a virtual user configuration. NOTE: This option will not change to the given *username*, it will only attempt to act on behalf of that user. Because of this you will need to have proper permissions to be able to change files owned by *username*. In the case of SQL this generally is not a problem. A lot of time ago I came with the same problem to Marc Martinec and he implemented some sort of checks of addreses to see if they are local to you or not....but I dont remeber Cheers 2014-12-10 10:22 GMT-03:00 Filip Havlíček <filip.havli...@pro-com.cz>: > Hi, > > I have configured spamasssin with bayes user rules with this configuration: > http://pastebin.com/KWW78DJx > > I would like to ask you, if everything is correct, because I found in > table bayes_vars lot of (thousands) unknown email addresses like: > a...@hotmail.com > ablewi...@hotmail.com > abl...@hotmail.com > > My table bayes_token is also 350MB large! > > Thanks for your help. >
