You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Elizar Palad <el...@uno.net.ph> on 2004/11/12 04:12:31 UTC

Test installation problem

hi guys/list,

newbie here.. very newbie
im trying to install spamassassi for the first time

when i do the spam test from the local machine:

spamassassin -tD < sample-spam.txt  - ok
spamassassin -tD < sample-spam.txt - ok
even
mail -s "Test" user@domain.com < sample-spam.txt - ok

but when i tried sending the gtube from a remote/differect pc
the mail gets delivered and was not blocked!

MTA is postfix
this is version 3.0.1 in fedora core 1

iam following the directions here:
http://www.geocities.com/scottlhenderson/spamfilter.html

thanks

Re: Test installation problem

Posted by Elizar Palad <el...@uno.net.ph>.

>
>You forgot to mention one VERY important fact.. you're using amavisd-new.

yes, that's true. am using amavisd-new
i'll check the email header and the config file for amavis. thanks.

>Do NOT give amavis ownership of /usr/share/spamassassin. Leave that ROOT 
>owned. SA does not need to write files here, just read. Chowning the files 
>gives amavis unnecessary privleges to the files in the directory..
>
>By chowning /usr/share/spamassassin you've created a potential privilege 
>escalation hole where a user exploiting amavis can modify the standard 
>rules to contain dangerous regexes and use those to gain execution as 
>another user, including root, should root run SpamAssassin manually at the 
>command line.

thanks for the advise, I'll check it out.

Re: Test installation problem

Posted by Matt Kettler <mk...@evi-inc.com>.

At 10:12 PM 11/11/2004, Elizar Palad wrote:
>hi guys/list,
>
>newbie here.. very newbie
>im trying to install spamassassi for the first time
>
>when i do the spam test from the local machine:
>
>spamassassin -tD < sample-spam.txt  - ok
>spamassassin -tD < sample-spam.txt - ok
>even
>mail -s "Test" user@domain.com < sample-spam.txt - ok
>
>but when i tried sending the gtube from a remote/differect pc
>the mail gets delivered and was not blocked!
>
>MTA is postfix
>this is version 3.0.1 in fedora core 1
>
>iam following the directions here:
>http://www.geocities.com/scottlhenderson/spamfilter.html

You forgot to mention one VERY important fact.. you're using amavisd-new.

You'll want to check your Amavis config closely, and check the headers of 
those messages to make sure amavis scanned them. SA configuration won't 
matter, as amavis does it's own markup.

As for the directions, I'd consider them dangerous. I spotted at least one 
security hole. (I'll send Scott Henderson a separate note).

Do NOT give amavis ownership of /usr/share/spamassassin. Leave that ROOT 
owned. SA does not need to write files here, just read. Chowning the files 
gives amavis unnecessary privleges to the files in the directory..

By chowning /usr/share/spamassassin you've created a potential privilege 
escalation hole where a user exploiting amavis can modify the standard 
rules to contain dangerous regexes and use those to gain execution as 
another user, including root, should root run SpamAssassin manually at the 
command line.