Spamassassin Installation/Configuration issue

[MDAFederal]

I am currently running Scalix 10 Eval version and have just installed Spamassassin 3.1.0. All appears to be working, but not as I would have expected. Our current Operational mail server is running sendmail 8.13 with Spamassassin 2.64 and MimeDefang for the milter. With that configuration, each user gets their own .spamassassin directory to configure individual settings. With the Scalix Server setup, I have come across a few issues:

1) I keep getting "Permission Denied" messages when trying to create files in /root/.spamassassin

Feb 21 12:17:41 sam-test spamd[28613]: spamd: connection from localhost.localdomain [127.0.0.1] at port 39596
Feb 21 12:17:41 sam-test spamd[28613]: spamd: setuid to root succeeded
Feb 21 12:17:41 sam-test spamd[28613]: spamd: still running as root: user not specified with -u, not found, or set to root, falling back to nobody at /usr/bin/spamd line 1150, <GEN61> line 4.
Feb 21 12:17:41 sam-test spamd[28613]: spamd: processing message <200602211717.k1LHHMLs027536@sammy.earthsat.com> for root:99
Feb 21 12:17:41 sam-test spamd[28613]: mkdir /root/.spamassassin: Permission denied at /usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin.pm line 1467
Feb 21 12:17:41 sam-test spamd[28613]: locker: safe_lock: cannot create tmp lockfile /root/.spamassassin/auto-whitelist.lock.sam-test.earthsat.com.28613 for /root/.spamassassin/auto-whitelist.lock: Permission denied
Feb 21 12:17:41 sam-test spamd[28613]: auto-whitelist: open of auto-whitelist file failed: locker: safe_lock: cannot create tmp lockfile /root/.spamassassin/auto-whitelist.lock.sam-test.earthsat.com.28613 for /root/.spamassassin/auto-whitelist.lock: Permission denied
Feb 21 12:17:41 sam-test spamd[28613]: Can't call method "finish" on an undefined value at /usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/Plugin/AWL.pm line 397, <GEN61> line 31.
Feb 21 12:17:41 sam-test spamd[28613]: bayes: locker: safe_lock: cannot create tmp lockfile /root/.spamassassin/bayes.lock.sam-test.earthsat.com.28613 for /root/.spamassassin/bayes.lock: Permission denied
Feb 21 12:17:41 sam-test spamd[28613]: spamd: clean message (0.0/5.0) for root:99 in 0.1 seconds, 1471 bytes.

and
2) It appears that it wishes to store all of this stuff in ROOT's home directory instead of my own. Is this to be expected? I would hope that this would be controlled on a per-user basis. Is there a step that I have missed?

Any help would be greatly appreciated.

Thanks in advance,
Scott

[MDAFederal]

I have figured out why it cannot write to the /root/.spamassassin directory. I am still curious about setting up per-user user_prefs and bayesians, instead of a global one. Is this a matter of local users in RHEL 3, or is this a limitation of Scalix running on top of sendmail, since it appears that the spamd is not being run as the user receiving mail, but as root. Any thoughts, suggestions, input, etc. would be greatly appreciated.

[mhanisch]

I have figured out why it cannot write to the /root/.spamassassin directory. I am still curious about setting up per-user user_prefs and bayesians, instead of a global one. Is this a matter of local users in RHEL 3, or is this a limitation of Scalix running on top of sendmail, since it appears that the spamd is not being run as the user receiving mail, but as root. Any thoughts, suggestions, input, etc. would be greatly appreciated.

Local users won't help, since scalix mailboxes are not associated with Linux user accounts. The solution that we went with was to use the "virtual config" options of spamd; on RHEL 4, I've modified /etc/sysconfig/spamassassin as follows:

Code: Select all

SPAMDOPTIONS="-u spamd --daemonize --create-prefs -m5 --virtual-config-dir=/var/opt/spamd/%u --nouser-config"

This means:
- spamd is running as user "spamd" (you'll have to create this account on your own, or reuse some other non-root account)
- the virtual-config-dir tells spamd where to look for "user" preference files;
in this path, %u is replaced by the email address to which the message has
been sent.
This directory needs to be writeable for "spamd";
- create-prefs means that the config files will be created when they don't
exist yet. (There's one subdirectory per user!)
- --no-user-config means that virtual-config-dir should be used instead.

Note that when the email address cannot be determined (e.g. if the email has multiple recipients), a default user is used instead.
This default can be configured in /etc/sysconfig/spamass-milter like follows:

Code: Select all

EXTRA_FLAGS="-e example.com -u spamd "


==> if there's any doubt, preferences will be read from
/var/opt/spamd/spamd@example.com/user_prefs


Note that this is only an approximate solution, it's not exactly "user preferences"... E.g. for a user with 3 different aliases (addresses), you'd end up with 3 sets of preferences - but this could be solved via symlinks.
What I don't like is the fallback to the default user...

If you want to take this one step further, spamassassin can also store user
preferences in LDAP, though this would require adding attributes to the scalix SYSTEM directory - but it's the cleanest solution, at least in my eyes.
Unfortunately I didn't have time to look into this yet - if you're curious, check
the following options for spamd:

Code: Select all

        --ldap-config                      Enable LDAP config (only useful with -x)
        --setuid-with-ldap                 Enable LDAP config (only useful with -x,
                                           enables use of -H)


This URL will also be helpful:
http://search.cpan.org/src/FELICITY/Mai ... dap/README


If you follow this road, please let me know how it goes!
Or if any other scalix users (or scalix staff) already tried this, please share your experiences with us!

[mhanisch]

BTW, this setup will allow you to activate learning for the Bayes filter - the files would be created along the user_prefs files.
Just make sure that you have the following options set in your /etc/mail/spamassassin/local.cf:

Code: Select all

# Enable the Bayes system
use_bayes               1

# Enable Bayes auto-learning
bayes_auto_learn              1