On 11/21/2016 11:27 AM, Karl Denninger wrote:
On 11/21/2016 10:12, Karl Denninger wrote:
I'm using SpamAssassin on a system that uses Postfix for MTA and
Dovecot for handling final delivery. Spamassassin is being called
via Postfix through spamd with:
#
# Spam Assassin bayesian filter updaters
#
sa-spam unix - n n - - pipe
user=spamd:spamd argv=/usr/local/bin/sa-wrapper.pl spam ${sender}
sa-ham unix - n n - - pipe
user=spamd:spamd argv=/usr/local/bin/sa-wrapper.pl ham ${sender}
I have a material number of role accounts on the box that are all
aliased to the various places they need to go. Most of these do not
have entries in /etc/passwd, that is, they're not real login accounts.
The issue is that if I am reading the code correctly my particular
Bayes database (for "karl") is not being consulted, and can't be, for
anything that comes into a role account since the user side of the
email address is (obviously) not altered in the message. As a result
I have the rulesets, but none of the "training" that individual Bayes
recognition would provide, nor is there any way for that training to
take place since none of these accounts are "real".
sa-learn --dump magic -u karl shows the expected (large) number of
tokens in the database, but the same command targeting any of the
role account names shows nearly nothing (which isn't surprising since
they're role accounts and not real user logins.)
How have people dealt with this -- or do they?
To add to this the way the bayes database gets built (other than via
auto-add) is from anything that a user sticks in the "Junk" folder.
There is a cron job that runs every hour that runs sa-learn against
that and then moves anything it finds in there to a "Junk-Saved"
folder, expiring anything older than 14 days from that folder (so spam
emails are held for 2 weeks.) Dovecot is configured to deliver
confirmed spam to the "Junk" folder as well.
Is the best way to handle role accounts to (1) create a "dummy" user
account for them and (2) have the script that runs sa-learn add spam
to not only the target's account but also, if the target is a role
account, to each of the role account's database entries as well?
That's a somewhat-messy maintenance job if/when role accounts are
added/removed/changed, but it appears to be the only way to accomplish
the goal.
--
Karl Denninger
k...@denninger.net <mailto:k...@denninger.net>
/The Market Ticker/
/[S/MIME encrypted email preferred]/
I can't speak for specifically making it work with Postfix, but you
usually want a site-wide Bayes database. No matter what (real or fake)
user is receiving the message, it would get trained as the spamd user,
or whatever ends up running SA. That same user runs SA and reads that
appropriate database, which gets training from everyone and classifies
based on a much more statistically useful volume of data.
