You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Daniel Madaoui <da...@logilune.com> on 2006/04/13 20:28:59 UTC
(Unknown)
I want to use SA for a lot of users which don't have home directory.
There mails are in /var/mail. The spammed mails are send to the
recipient in his file /var/mail/user with the addition of SA.
The bayes and auto-whitelist database will be comun to anybody.
I use spamassassin 3.0.3 under freebsd 4.8
I use postfix and SA through procmail.
postfix main.cf:
mailbox_command = /usr/local/bin/procmail -t
I 've got the config file for procmail in /usr/local/etc/procmailrc
PATH=$HOME/bin:/usr/bin:/usr/ucb:/bin:/usr/local/bin:.
LOGFILE=/var/log/procmail.log
:0fw: $LOGNAME.lock
* < 256000
| /usr/local/bin/spamc
I launch spamd in this way:
/usr/local/bin/spamd -d -m10
and when I send a mail I 've got this log:
Apr 13 19:39:37 host spamd[48968]: spamd: setuid to root succeeded
Apr 13 19:39:37 host spamd[48968]: spamd: still running as root: user
not specified with -u, not found, or set to root, falling back to
nobody at /usr/local/bin/spamd line 1152, <GEN5> line 4.
Apr 13 19:39:37 host spamd[48968]: spamd: processing message
<38...@example.com> for root:65534
Apr 13 19:39:37 host spamd[48968]: locker: safe_lock: cannot create
tmp lockfile /root/.spamassassin/auto-whitelist.lock.example.com.
48968 for /root/.spamassassin/auto-whitelist.lock: Permission denied
Apr 13 19:39:37 host spamd[48968]: auto-whitelist: open of auto-
whitelist file failed: locker: safe_lock: cannot create tmp lockfile /
root/.spamassassin/auto-whitelist.lock.example.com.48968 for /
root/.spamassassin/auto-whitelist.lock: Permission denied
Apr 13 19:39:37 host spamd[48968]: bayes: locker: safe_lock: cannot
create tmp lockfile /root/.spamassassin/bayes.lock.example.com.48968
for /root/.spamassassin/bayes.lock: Permission denied
Apr 13 19:39:37 host spamd[48968]: spamd: clean message (-1.4/5.0)
for root:65534 in 0.3 seconds, 744 bytes.
Apr 13 19:39:37 host spamd[48968]: spamd: result: . -1 - ALL_TRUSTED
scantime=0.3,size=744,user=root,uid=65534,required_score=5.0,rhost=local
host.example.com,raddr=127.0.0.1,rport=1645,mid=<3822750E-3444-4F34-938F
-A506DB0CC640@example.com>,autolearn=failed
The mail was in the mailbox but the bayes was not used.
So I restart the spamd daemon whith this options
/usr/local/bin/spamd -d -m10 -u spamassassin ( spamassassin in an
user with its directory /home/spamassassin/.spamassassin )
He try to use the .spamassassin directory who belong to root (/
root/.spamssassin/ )
Apr 13 19:50:53 host spamd[49552]: spamd: connection from
localhost.example.com [127.0.0.1] at port 1982
Apr 13 19:50:53 host spamd[49552]: spamd: processing message
<C7...@example.com> for root:3005
Apr 13 19:50:53 host spamd[49552]: locker: safe_lock: cannot create
tmp lockfile /root/.spamassassin/auto-whitelist.lock.example.com.
49552 for /root/.spamassassin/auto-whitelist.lock: Permission denied
Apr 13 19:50:53 host spamd[49552]: auto-whitelist: open of auto-
whitelist file failed: locker: safe_lock: cannot create tmp lockfile /
root/.spamassassin/auto-whitelist.lock.example.com.49552 for /
root/.spamassassin/auto-whitelist.lock: Permission denied
Apr 13 19:50:53 host spamd[49552]: bayes: locker: safe_lock: cannot
create tmp lockfile /root/.spamassassin/bayes.lock.example.com.49552
for /root/.spamassassin/bayes.lock: Permission denied
Apr 13 19:50:53 host spamd[49552]: spamd: clean message (-1.4/5.0)
for root:3005 in 0.1 seconds, 736 bytes.
Apr 13 19:50:53 host spamd[49552]: spamd: result: . -1 - ALL_TRUSTED
scantime=0.1,size=736,user=root,uid=3005,required_score=5.0,rhost=localh
ost.example.com,raddr=127.0.0.1,rport=1982,mid=<C779CA6F-5CC6-4FD5-8547-
F78D09D78147@example.com>,autolearn=failed
how can I configure spamd to use another directory for using bayes
and auto-whitelist database ( in /home/spamassassin/.spamassassin ).
It works if I change the permissions of /root/.spamassassin but it's
not optimal.
Thanks for your help.
Re: Re:
Posted by Theo Van Dinter <fe...@apache.org>.
On Fri, Apr 14, 2006 at 12:36:40PM +0200, Daniel Madaoui wrote:
> >>/usr/local/bin/spamd -d -m10 -u spamassassin ( spamassassin in an
> >>user with its directory /home/spamassassin/.spamassassin )
> >>He try to use the .spamassassin directory who belong to root
> >>(/root/.spamssassin/ )
> I installed the version 3.1.1 but I've got the same comportement. It
> 's not use the /home/spamassassin/.spamassassin directory for bayes
> and auto-whitelist
Just because you used "-u spamassassin" doesn't mean that all access
will be to the spamassassin user's home directory. Unless you disable
per-user configs and/or configure paths for things like bayes, etc, to
be in a publically accessible location, SpamAssassin will still try to
access the calling user's home directory (which will very likely fail
since you're running spamd -u).
--
Randomly Generated Tagline:
If your happy and you know it clap your hams.
Re: Re:
Posted by Daniel Madaoui <da...@logilune.com>.
Le 13 avr. 06 à 20:45, Matt Kettler a écrit :
> Daniel Madaoui wrote:
> <snip>
>> So I restart the spamd daemon whith this options
>>
>> /usr/local/bin/spamd -d -m10 -u spamassassin ( spamassassin in an
>> user
>> with its directory /home/spamassassin/.spamassassin )
>>
>> He try to use the .spamassassin directory who belong to root
>> (/root/.spamssassin/ )
>
> Known bug, fixed in SA 3.1.0 and higher.
I installed the version 3.1.1 but I've got the same comportement. It
's not use the /home/spamassassin/.spamassassin directory for bayes
and auto-whitelist
>
> http://issues.apache.org/SpamAssassin/show_bug.cgi?id=3900
>
> Also be aware that unless your source has back ported fixes, SA
> 3.0.3 is
> vulnerable to a two different DoS attacks triggered by sending it a
> specially
> crafted messages.
>
> 3.0.4, possibly older versions: "many to: headers" DoS vulnerability
> http://secunia.com/advisories/17386/
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3351
>
> 3.0.1-3.0.3: malformed message with long headers DoS
> http://secunia.com/advisories/15704/
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1266
Re:
Posted by Matt Kettler <mk...@evi-inc.com>.
Daniel Madaoui wrote:
<snip>
> So I restart the spamd daemon whith this options
>
> /usr/local/bin/spamd -d -m10 -u spamassassin ( spamassassin in an user
> with its directory /home/spamassassin/.spamassassin )
>
> He try to use the .spamassassin directory who belong to root
> (/root/.spamssassin/ )
Known bug, fixed in SA 3.1.0 and higher.
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=3900
Also be aware that unless your source has back ported fixes, SA 3.0.3 is
vulnerable to a two different DoS attacks triggered by sending it a specially
crafted messages.
3.0.4, possibly older versions: "many to: headers" DoS vulnerability
http://secunia.com/advisories/17386/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3351
3.0.1-3.0.3: malformed message with long headers DoS
http://secunia.com/advisories/15704/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1266