SA Learn and Bayes Problem?

[sa-exim <sa...@edschooler.com>]

I have Suse 10.1 exim, spamassassin 3.1.7 with bayes  first the  
spamassassin does it's job very well but spam does get through once in 
awhile so I move all spam to a junk folder then upload this file to the 
server, then I run sa_learn on the junk file and it loads the tokens and 
such just fine. Now the problem is i installed this setup with the  suse 
add ons and it created the user nobody for SA. Spamassassin uses this 
created user nobody but the sa_learn uses the /root/spamassassin folder 
to  update the  rules. Then I have to copy these file to the nobody 
folder. Then everything works great until the spammers next wave. I have 
checked the bogofilter.cf and I have all the commands pointing to the 
nobody folder but still can't sa_learn to the nobody folder.
here are the permissions/r/w on the nobody folder

drwx------ 3 nobody nobody      256 Mar 18 20:45 .
drwxr-xr-x 3 nobody root         80 Nov 22 12:07 ..
-rw------- 1 nobody nobody        6 Dec  5 02:40 .lock
-rw------- 1 nobody nobody    32768 Mar 18 20:45 auto-whitelist
-rw-rw-rw- 1 nobody nobody    29472 Mar 18 20:45 bayes_journal
-rw-rw-rw- 1 nobody nogroup  692224 Mar 18 15:24 bayes_seen
-rw-rw-rw- 1 root   root    5283840 Mar 18 15:24 bayes_toks

Can anyone point me in the right direction to correct this

Thanks

Ed

Re: SA Learn and Bayes Problem?

[sa-exim <sa...@edschooler.com>]

Matt Kettler wrote:
> sa-exim wrote:
>   
>> I have Suse 10.1 exim, spamassassin 3.1.7 with bayes  first the 
>> spamassassin does it's job very well but spam does get through once in
>> awhile so I move all spam to a junk folder then upload this file to
>> the server, then I run sa_learn on the junk file and it loads the
>> tokens and such just fine. Now the problem is i installed this setup
>> with the  suse add ons and it created the user nobody for SA.
>> Spamassassin uses this created user nobody but the sa_learn uses the
>> /root/spamassassin folder to  update the  rules. Then I have to copy
>> these file to the nobody folder. Then everything works great until the
>> spammers next wave. I have checked the bogofilter.cf and I have all
>> the commands pointing to the nobody folder but still can't sa_learn to
>> the nobody folder.
>> here are the permissions/r/w on the nobody folder
>>
>>     
> By default, sa-learn will write to the home directory of the user that
> executes it.
> Spamd, when scanning mail, will do the same for the user that executed
> spamd.
>
> *EXCEPT ROOT*. In that case, it defaults back to nobody for security.
>   
>> Can anyone point me in the right direction to correct this
>>     
>
> >From the looks of it, you're trying to do everything as root.
>
> I would suggest creating a separate account named "spamd", "spamfilter"
> or whatever you like.
>
> Then do the following to get SA to always use it:
>
> 1) su to this user before running sa-learn.
> 2) pass this username with the -u parameter to either spamd's startup,
> or every call to spamc.
>
> I'd also suggest removing nobody's write privleges to his home
> directory, that's a minor security hazard. 
>
> In an ideal world, nobody shouldn't be able to write to anything, this
> way attackers that exploit a daemon running as nobody have no place to
> write to for storing scripts to attack the rest of the system.
>
> While this is a modest security gain, every little bit helps.
>
>
>
>
>
>   
Perfect!! I knew I was overlooking something stupid and obvious.
By the way I took your advice and created a new user for spam (not 
actual user spam for obvious reasons) , and removed nobody and works 
perfectly.

Thanks again for the pointer

Ed

Re: SA Learn and Bayes Problem?

[Matt Kettler <mk...@verizon.net>]

sa-exim wrote:
> I have Suse 10.1 exim, spamassassin 3.1.7 with bayes  first the 
> spamassassin does it's job very well but spam does get through once in
> awhile so I move all spam to a junk folder then upload this file to
> the server, then I run sa_learn on the junk file and it loads the
> tokens and such just fine. Now the problem is i installed this setup
> with the  suse add ons and it created the user nobody for SA.
> Spamassassin uses this created user nobody but the sa_learn uses the
> /root/spamassassin folder to  update the  rules. Then I have to copy
> these file to the nobody folder. Then everything works great until the
> spammers next wave. I have checked the bogofilter.cf and I have all
> the commands pointing to the nobody folder but still can't sa_learn to
> the nobody folder.
> here are the permissions/r/w on the nobody folder
>
By default, sa-learn will write to the home directory of the user that
executes it.
Spamd, when scanning mail, will do the same for the user that executed
spamd.

*EXCEPT ROOT*. In that case, it defaults back to nobody for security.
>
> Can anyone point me in the right direction to correct this

>From the looks of it, you're trying to do everything as root.

I would suggest creating a separate account named "spamd", "spamfilter"
or whatever you like.

Then do the following to get SA to always use it:

1) su to this user before running sa-learn.
2) pass this username with the -u parameter to either spamd's startup,
or every call to spamc.

I'd also suggest removing nobody's write privleges to his home
directory, that's a minor security hazard. 

In an ideal world, nobody shouldn't be able to write to anything, this
way attackers that exploit a daemon running as nobody have no place to
write to for storing scripts to attack the rest of the system.

While this is a modest security gain, every little bit helps.