You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Filip Havlíček <fi...@pro-com.cz> on 2015/01/05 19:45:25 UTC

Re: spamassassin bayes rules

Anybody can help with this? I still cannot find some helpful 
information, thanks.
Dne 10.12.2014 v 14:52 Christian Grunfeld napsal(a):
> when you run bayes in SQL and does sa-learn --username it will not try 
> to setuid to that user (in a real system user scenario it will fail 
> for non existent users). Instead it uses that username to save and 
> recall data from database. Due to forged addresses your system treat 
> any originating address as yours and then try to interact with the DB.
>
> **-u* /username/, *--username*=/username/*
>     If specified this username will override the username taken from
>     the runtime environment. You can use this option to specify users
>     in a virtual user configuration. 
>
>     NOTE: This option will not change to the given /username/, it will
>     only attempt to act on behalf of that user. Because of this you
>     will need to have proper permissions to be able to change files
>     owned by /username/. In the case of SQL this generally is not a
>     problem.
>
>
> A lot of time ago I came with the same problem to Marc Martinec and he 
> implemented some sort of checks of addreses to see if they are local 
> to you or not....but I dont remeber
>
> Cheers
>
> 2014-12-10 10:22 GMT-03:00 Filip Havlíček <filip.havlicek@pro-com.cz 
> <ma...@pro-com.cz>>:
>
>     Hi,
>
>     I have configured spamasssin with bayes user rules with this
>     configuration:
>     http://pastebin.com/KWW78DJx
>
>     I would like to ask you, if everything is correct, because I found
>     in table bayes_vars lot of (thousands) unknown email addresses like:
>     abko@hotmail.com <ma...@hotmail.com>
>     ablewis60@hotmail.com <ma...@hotmail.com>
>     abluxq@hotmail.com <ma...@hotmail.com>
>
>     My table bayes_token is also 350MB large!
>
>     Thanks for your help.
>
>

Re: spamassassin bayes rules

Posted by Mark Martinec <Ma...@ijs.si>.

Filip Havlíček wrote:

> Anybody can help with this? I still cannot find some helpful
> information, thanks.

> Dne 10.12.2014 v 14:52 Christian Grunfeld napsal(a):
>> when you run bayes in SQL and does sa-learn --username it will not try 
>> to setuid to that user (in a real system user scenario it will fail 
>> for non existent users). Instead it uses that username to save and 
>> recall data from database. Due to forged addresses your system treat 
>> any originating address as yours and then try to interact with the DB.
>> 
>> **-u* /username/, *--username*=/username/*
>>     If specified this username will override the username taken from
>>     the runtime environment. You can use this option to specify users
>>     in a virtual user configuration.     NOTE: This option will not
>>     change to the given /username/, it will
>>     only attempt to act on behalf of that user. Because of this you
>>     will need to have proper permissions to be able to change files
>>     owned by /username/. In the case of SQL this generally is not a
>>     problem.
>> 
>> A lot of time ago I came with the same problem to Marc Martinec and he
>> implemented some sort of checks of addreses to see if they are local
>> to you or not....but I dont remeber

This last statement probably refers to a 2007 thread regarding per-user 
bayes
in amavisd-new. It is probably unrelated to the issue here.


>> 2014-12-10 10:22 GMT-03:00 Filip Havlíček <fi...@pro-com.cz>:
>>     I have configured spamasssin with bayes user rules with this
>>     configuration:
>>     http://pastebin.com/KWW78DJx
>> 
>>     I would like to ask you, if everything is correct, because I found
>>     in table bayes_vars lot of (thousands) unknown email addresses 
>> like:
>>     abko@hotmail.com <ma...@hotmail.com>
>>     ablewis60@hotmail.com <ma...@hotmail.com>
>>     abluxq@hotmail.com <ma...@hotmail.com>
>> 
>>     My table bayes_token is also 350MB large!


That pastebin document is no longer there, so I'm only guessing.

If you are calling SpamAssassin via spamc/spamd combo, the recipient
usernames you specify with the option -u in spamc are what ends up
in an SQL field bayes_vars.username . Make sure you only allow
legitimate usernames or email addresses of you existing users there.
How you accomplish that depends on how spamc/spamd is integrated
with your mailer.

   Mark