AW: [suse-security] Per user config for SpamAssassin with amavisd-new and cyrus-imapd
Hello David, i use spamassassin with qmail and i dont use a per-user-config. The first few weeks it worked very good but then the spamlevel begun to increase. Now i enabled RBL-Check. By default RBL is disabled in local.cf. This works very good but you have to look for servers that are offline or very slow. I simple tested all the servers in "/usr/share/spamassassin/20_head_tests.cf" (grep "check_rbl" 20_head_tests.cf). You can use nslookup for that. I disabled every slow server with '#'..... CU Robert -----Ursprüngliche Nachricht----- Von: David Huecking [mailto:d.huecking@gmx.net] Gesendet: Samstag, 27. März 2004 13:59 An: suse-security@suse.com Betreff: [suse-security] Per user config for SpamAssassin with amavisd-new and cyrus-imapd Hi folks, maybe someone could give me a hint... I switched from: fetchmail->sendmail->sendmail.milter->Amavis->.forward->procmail->spamc(SpamAssasin)->INBOX which did global virus checking and per user spam checking with Bayes testing to fetchmail->postfix->amavisd-new->perl-spamassassin->cyrus-imapd which does global virus and global spam checking BUT NO PER USER spam checking, so without Bayes testing! :-( So the rate of unreconised spam did increase. I fiddled around with options in the /etc/mail/spamassassin/local.cf, but they were ignored because amavisd-new calls spamassin via perl interface and takes some SA parameters from the /etc/amavisd.conf (beginning with $sa_). I tried calling a SUIDed cyrus deliver (without SUID deliver hasn't got the right: deliver[3876]: connect(/var/lib/imap/socket/lmtp) failed: Permission denied) to user cyrus via .forward and a .procmailrc. The log said that lmtpd was called, but depending on the syntax of deliver in the .procmailrc the mail was delivered to the INBOX-file in /var/spool/mail or just vanished! One example for my .promailrc: :0 fw |/usr/bin/spamc -f |/usr/lib/cyrus/bin/deliver -e -a david -m user.david and the .forward: "|IFS=' ' && exec /usr/bin/procmail -f- || exit 75 #user" Could someone give me a hint using sieve or procmail for a per user SpamAssassin check? Thanks in advance. -- Eat, sleep and go running, David Huecking. Encrypted eMail welcome! GnuPG/ PGP-Key: 0x57809216. Fingerprint: 3DF2 CBE0 DFAA 4164 02C2 4E2A E005 8DF7 5780 9216 -- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
Hi Robert, first thanks for your hint, but I think that SpamAssassin when run from amavisd-new doesn't get its configuration out of the local.cf file, but from the $sa_* entries in the amavisd.conf. There I found an entry: $sa_local_tests_only = 1; No I set this to 0, so non-local test will be performed(?) and I will see what will happen with realtime blacklisting which I think are non-local tests. BTW I found the check_rbl string in 20_dnsbl_tests.cf and not in 20_head_tests.cf. 8-) Anyway I'm looking for a possibility of Bayes filtering if possible with white- and black-listing per user with my setup. Maybe I will try to integrate dspam (Homepage: http://www.nuclearelephant.com/projects/dspam/ ;German article: http://www.pro-linux.de/news/2004/6620.html) into postfix. But as I'm no postfix configuration hero I will need some time (for reading the Postfix book I ordered...). ;-> On Samstag, 27. März 2004 16:17, Rasp, Robert wrote:
i use spamassassin with qmail and i dont use a per-user-config. The first few weeks it worked very good but then the spamlevel begun to increase. Now i enabled RBL-Check. By default RBL is disabled in local.cf. This works very good but you have to look for servers that are offline or very slow. I simple tested all the servers in "/usr/share/spamassassin/20_head_tests.cf" (grep "check_rbl" 20_head_tests.cf). You can use nslookup for that. I disabled every slow server with '#'.....
-- Eat, sleep and go running, David Huecking. Encrypted eMail welcome! GnuPG/ PGP-Key: 0x57809216. Fingerprint: 3DF2 CBE0 DFAA 4164 02C2 4E2A E005 8DF7 5780 9216
participants (2)
-
David Huecking -
Rasp, Robert