You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Daniel Madaoui <da...@logilune.com> on 2006/04/13 20:28:59 UTC

(Unknown)

I want to use SA for a lot of users which don't have home directory.  
There mails are in /var/mail. The spammed mails are send to the  
recipient  in his file /var/mail/user with the addition  of SA.

The bayes and auto-whitelist database will be comun to anybody.

I use spamassassin  3.0.3 under freebsd 4.8

I use postfix and  SA through procmail.

postfix  main.cf:

	mailbox_command = /usr/local/bin/procmail -t

I 've got the config file for procmail in /usr/local/etc/procmailrc

	PATH=$HOME/bin:/usr/bin:/usr/ucb:/bin:/usr/local/bin:.
	LOGFILE=/var/log/procmail.log

	:0fw: $LOGNAME.lock
	*  < 256000
	| /usr/local/bin/spamc

I launch spamd in this way:

	/usr/local/bin/spamd -d -m10

and when I send a mail  I 've got this log:

Apr 13 19:39:37 host spamd[48968]: spamd: setuid to root succeeded
Apr 13 19:39:37 host spamd[48968]: spamd: still running as root: user  
not specified with -u, not found, or set to root, falling back to  
nobody at /usr/local/bin/spamd line 1152, <GEN5> line 4.
Apr 13 19:39:37 host spamd[48968]: spamd: processing message  
<38...@example.com> for root:65534
Apr 13 19:39:37 host spamd[48968]: locker: safe_lock: cannot create  
tmp lockfile /root/.spamassassin/auto-whitelist.lock.example.com. 
48968 for /root/.spamassassin/auto-whitelist.lock: Permission denied
Apr 13 19:39:37 host spamd[48968]: auto-whitelist: open of auto- 
whitelist file failed: locker: safe_lock: cannot create tmp lockfile / 
root/.spamassassin/auto-whitelist.lock.example.com.48968 for / 
root/.spamassassin/auto-whitelist.lock: Permission denied
Apr 13 19:39:37 host spamd[48968]: bayes: locker: safe_lock: cannot  
create tmp lockfile /root/.spamassassin/bayes.lock.example.com.48968  
for /root/.spamassassin/bayes.lock: Permission denied
Apr 13 19:39:37 host spamd[48968]: spamd: clean message (-1.4/5.0)  
for root:65534 in 0.3 seconds, 744 bytes.
Apr 13 19:39:37 host spamd[48968]: spamd: result: . -1 - ALL_TRUSTED  
scantime=0.3,size=744,user=root,uid=65534,required_score=5.0,rhost=local 
host.example.com,raddr=127.0.0.1,rport=1645,mid=<3822750E-3444-4F34-938F 
-A506DB0CC640@example.com>,autolearn=failed


The mail was in the mailbox but the bayes was not used.

So I restart the spamd daemon whith this options

/usr/local/bin/spamd -d -m10  -u spamassassin ( spamassassin in an  
user with its directory /home/spamassassin/.spamassassin )

He try to use the .spamassassin directory who belong to root (/ 
root/.spamssassin/ )

Apr 13 19:50:53 host spamd[49552]: spamd: connection from  
localhost.example.com [127.0.0.1] at port 1982
Apr 13 19:50:53 host spamd[49552]: spamd: processing message  
<C7...@example.com> for root:3005
Apr 13 19:50:53 host spamd[49552]: locker: safe_lock: cannot create  
tmp lockfile /root/.spamassassin/auto-whitelist.lock.example.com. 
49552 for /root/.spamassassin/auto-whitelist.lock: Permission denied
Apr 13 19:50:53 host spamd[49552]: auto-whitelist: open of auto- 
whitelist file failed: locker: safe_lock: cannot create tmp lockfile / 
root/.spamassassin/auto-whitelist.lock.example.com.49552 for / 
root/.spamassassin/auto-whitelist.lock: Permission denied
Apr 13 19:50:53 host spamd[49552]: bayes: locker: safe_lock: cannot  
create tmp lockfile /root/.spamassassin/bayes.lock.example.com.49552  
for /root/.spamassassin/bayes.lock: Permission denied
Apr 13 19:50:53 host spamd[49552]: spamd: clean message (-1.4/5.0)  
for root:3005 in 0.1 seconds, 736 bytes.
Apr 13 19:50:53 host spamd[49552]: spamd: result: . -1 - ALL_TRUSTED  
scantime=0.1,size=736,user=root,uid=3005,required_score=5.0,rhost=localh 
ost.example.com,raddr=127.0.0.1,rport=1982,mid=<C779CA6F-5CC6-4FD5-8547- 
F78D09D78147@example.com>,autolearn=failed

how can I configure spamd to use another directory for using bayes  
and auto-whitelist database ( in /home/spamassassin/.spamassassin ).  
It works if I change the permissions of /root/.spamassassin but it's  
not optimal.

Thanks for your help.

Re: Re:

Posted by Theo Van Dinter <fe...@apache.org>.

On Fri, Apr 14, 2006 at 12:36:40PM +0200, Daniel Madaoui wrote:
> >>/usr/local/bin/spamd -d -m10  -u spamassassin ( spamassassin in an  
> >>user with its directory /home/spamassassin/.spamassassin )
> >>He try to use the .spamassassin directory who belong to root
> >>(/root/.spamssassin/ )
> I installed the version 3.1.1 but I've got the same comportement. It  
> 's not use the /home/spamassassin/.spamassassin directory for bayes  
> and auto-whitelist

Just because you used "-u spamassassin" doesn't mean that all access
will be to the spamassassin user's home directory.  Unless you disable
per-user configs and/or configure paths for things like bayes, etc, to
be in a publically accessible location, SpamAssassin will still try to
access the calling user's home directory (which will very likely fail
since you're running spamd -u).

-- 
Randomly Generated Tagline:
If your happy and you know it clap your hams.

Re: Re:

Posted by Daniel Madaoui <da...@logilune.com>.

Le 13 avr. 06 à 20:45, Matt Kettler a écrit :

> Daniel Madaoui wrote:
> <snip>
>> So I restart the spamd daemon whith this options
>>
>> /usr/local/bin/spamd -d -m10  -u spamassassin ( spamassassin in an  
>> user
>> with its directory /home/spamassassin/.spamassassin )
>>
>> He try to use the .spamassassin directory who belong to root
>> (/root/.spamssassin/ )
>
> Known bug, fixed in SA 3.1.0 and higher.

I installed the version 3.1.1 but I've got the same comportement. It  
's not use the /home/spamassassin/.spamassassin directory for bayes  
and auto-whitelist

>
> http://issues.apache.org/SpamAssassin/show_bug.cgi?id=3900
>
> Also be aware that unless your source has back ported fixes, SA  
> 3.0.3 is
> vulnerable to a two different DoS attacks triggered by sending it a  
> specially
> crafted messages.
>
> 3.0.4, possibly older versions: "many to: headers" DoS vulnerability
> 	http://secunia.com/advisories/17386/
> 	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3351
>
> 3.0.1-3.0.3: malformed message with long headers DoS
> 	http://secunia.com/advisories/15704/
> 	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1266

Re:

Posted by Matt Kettler <mk...@evi-inc.com>.

Daniel Madaoui wrote:
<snip>
> So I restart the spamd daemon whith this options
> 
> /usr/local/bin/spamd -d -m10  -u spamassassin ( spamassassin in an user
> with its directory /home/spamassassin/.spamassassin )
> 
> He try to use the .spamassassin directory who belong to root
> (/root/.spamssassin/ )

Known bug, fixed in SA 3.1.0 and higher.

http://issues.apache.org/SpamAssassin/show_bug.cgi?id=3900

Also be aware that unless your source has back ported fixes, SA 3.0.3 is
vulnerable to a two different DoS attacks triggered by sending it a specially
crafted messages.

3.0.4, possibly older versions: "many to: headers" DoS vulnerability
	http://secunia.com/advisories/17386/
	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3351

3.0.1-3.0.3: malformed message with long headers DoS
	http://secunia.com/advisories/15704/
	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1266