Re: SA + Procmail Conundrum - RESOLVED

[Mark Sansome <ms...@troodos.demon.co.uk>]

On Thu, 2007-08-09 at 06:58 -0400, Gene Heskett wrote:
> On Thursday 09 August 2007, Mark Sansome wrote:
[Snip]
> >So if the permissions are OK I need to look again at the original
> >problem.
> >
> >On Tue, 2007-08-07 at 12:32 -0400, Kris Deugau wrote:
> >> -> Call spamc with the -u option and specify each destination user in a
> >> separate recipe.  You'll have to call SA for each destination user after
> >> splitting off the mail stream for that user (instead of before as you're
> >> probably doing now), but you should already have some pieces that do
> >> that.  This is probably the simplest option.
> >
> >Does this mean that I will have to put a ~/.spamassassin/user_prefs
> > configuration file in each user's account? And will that mean that each
> > will have to have their own bayes learning?
> 
> I believe that is how it works, but I can't readily check as there aren't any 
> other users on this machine that actually have external email accounts.  I 
> run fetchmail as a 500:500 process, and both .fetchmailrc and .procmailrc 
> live in that users home directory.  As does a .spamassassin subdir that 
> contains:
[Snip]
> >What I was hoping to achieve was that all user's mail would be checked for
> > viruses and spam, offending mails would be put into a "IN_Spam" folder
> > which is then used each night as the basis for sa-learn. Only "clean" mail
> > would then be passed on to their respective /var/spool/mail/username
> > folder...
> 
> I essentially do that here as all mail and SA related stuff is done by me as a 
> user, but at the end of the chain its kmail, run as root.  Joanne, if she has 
> the time, can tell you how to set that up as its much more secure to handle 
> your mail as an un-priviledged user even if you do run as root 99.44% of the 
> time.
> 
[Snip]

Thanks to all the people who helped me think about this. I have now
resolved the problem to my satisfaction.

For the benefit of others looking at this thread I will briefly describe
my solution:

Essentially I still run Procmail as root, I still do the virus / spam
checking before splitting the mails off into their respective users'
mail directories - but now I run SA with the following command from
Procmail:
:0fw
* < 256000
| /usr/bin/spamc --username=mark

(mark is *my* username)

This meant that I had to copy over the bayes files
from /etc/mail/spamassassin into /home/mark/.spamassassin and put the
spam directory in my user area (in actual fact I just re-ran sa-learn on
my spam and ham folders) and now all is well in the land of my humble
little home mail server...

Thanks again to all...

Mark