On 8/17/07 11:53 AM, "Robert Moskowitz" wrote:

> More questions...
>
> James Lay wrote:
>>
>> On 8/17/07 11:24 AM, "Robert Moskowitz" wrote:
>>
>>
>>> thanks for the quick reply.
>>>
>>> James Lay wrote:
>>>
>>>> On 8/17/07 10:58 AM, "Robert Moskowitz" wrote:
>>>>
>>>>
>>>>
>>>>> I left off below that I am using
>>>>> spam-milter 0.3.1-1
>>>>>
>>>>> ================================================== =================
>>>>>
>>>>> I am new to this. I have been running my mail server in various flavors
>>>>> for 10+ years. Always trying to do better....
>>>>>
>>>>> PLATFORM:
>>>>>
>>>>> Centos 5.0
>>>>> 1Ghz processor 512Mb memory
>>>>>
>>>>> Mail server: Scalix 11.1
>>>>> MTA: Sendmail ver. 8.13.8
>>>>> Spamassassin: 3.1.9
>>>>> Webmin: 1.360
>>>>>
>>>>> I followed the Scalix WiKi spamassassin install instructions:
>>>>> http://www.scalix.com/wiki/index.php...s/SpamAssassin
>>>>>
>>>>> I am using Thunderbird 1.5.0.12, sending mail has a significant delay.
>>>>> The meter just sits there near the beginning for quite some time.
>>>>> Often, the sending times out.
>>>>>
>>>>> I read through much of the spamassassin WiKi. Nothing on performance
>>>>> seems to apply. When I go into the /var/log/maillog, I catch soom real
>>>>> problems.
>>>>>
>>>>> I enabled DNS checking (dns_available yes) and restarted spamassassin
>>>>> via webmin and caught the following in the maillog:
>>>>>
>>>>> Aug 17 12:13:28 z9m9z spamd[1381]: spamd: connection from
>>>>> localhost.localdomain [127.0.0.1] at port 48800
>>>>> Aug 17 12:13:28 z9m9z spamd[1381]: spamd: setuid to root succeeded
>>>>> Aug 17 12:13:28 z9m9z spamd[1381]: spamd: still running as root: user
>>>>> not specified with -u, not found, or set to root, falling back to nobody
>>>>> at /usr/bin/spamd line 1161, line 4.
>>>>>
>>>>>
>>>> Robert,
>>>>
>>>> What's your startup line to start spamd look like? If you're starting it
>>>> like:
>>>>
>>>> Spamd -u spamduser
>>>>
>>>>
>>> from file: /etc/rc.d/init.d/spamassassin:
>>>
>>> # Set default spamd configuration.
>>> SPAMDOPTIONS="-d -c -m5 -H"
>>> SPAMD_PID=/var/run/spamd.pid
>>>
>>> and as you can see below, the actual command that got run was:
>>>
>>> /usr/bin/spamd -d -c -m5 -H -r /var/run/spamd.pid
>>>
>>> So no -u at all!
>>>
>>>> Is that user in your /etc/passwd file?
>>>>
>>>>
>>> No spamduser.
>>>
>>> What files would I expect to see owned by spamduser. Oh, wait. If the
>>> user's not there, there better not be any files owned by it....
>>>

>>
>> Doh!
>>
>> It's running as root then

> Gee, I thought that was clear from the maillog lines and running
> processes...
>
> But then it has those processes running as 'nobody' as well..
>> ...no goodness there.

> Why not? Security (it should be running chrooted then?)? other reasons?
>> I created a user and group
>> called spamfilter, then su'd to root, then su'd to spamfilter and ran my
>> bayes and pyzor setups as spamfilter.

> This makes no sense to me. You created the user spamfilter. You logged
> in as spamfilter, su'd to root and su'd to spamfiltre? What does that
> accomplish? Or are you logged in as James and trying to be spamfilter?
> If so does not: login spamfilter do the same thing? (I did a fair bit of
> unix back in '93, then nothing for over 10 years...).
>


When you su to root, then su to spamfilter, you in effect are now logged in
as that user. Because spamd will drop privileges to spamfilter, you should
setup pyzor and razor and run test like spamassassin -D --lint as the user
it will be running as.

> And how do you run the bayes and pyzor setups? I am looking for a url
> but not finding it...


Pyzor: http://wiki.apache.org/spamassassin/UsingPyzor

Razor: http://wiki.apache.org/spamassassin/RazorSiteWide

Note, I pointed these all to /home/spamfilter instead of
/etc/mail/spamassassin and ran them as user spamfilter.

>> Here's what's in the dir:
>>
>> drwxr-xr-x 2 spamfilter spamfilter 4096 2005-09-03 11:31 .pyzor
>> drwxr-xr-x 2 spamfilter spamfilter 4096 2005-10-09 19:22 .razor
>> drwx------ 2 spamfilter spamfilter 4096 2007-08-17 11:25 .spamassassin
>>
>> These are auto created I believe. Maybe try a similar setup on your
>> machine...add the user and group, make sure /home/spamfilter is owned by
>> spamfilter,

> That makes sense, but where did the .spamassassin come from? Creating
> the user, or the bayes setup.......
>> then modify the options above to -u spamfilter,

> Wait! above where? In the /etc/rc.d/d.init/spamassassin? Adding the -u
> option to the list of defaults?


Add that -u spamfilter to your SPAMDOPTIONS=

>> then su to root,
>> su to spamfilter, cd to /home/spamfilter and rum spammassassin --lint, then
>> spamassassin -D --lint and see if you get any errors.

> ???? Where is there info on these command line uses of spamassassin.
> Nothing in the Man pages.


Spamassassin -h will give you the options.

>> Also, may want to change the shell in your /etc/passwd to /bin/false so that
>> user has no
>> remote access.
>>

> yeah, makes sense once you have things working...
>> James
>>
>>>>> And looking at running processes via webmin I see:
>>>>>
>>>>> 1373 root 12:13 /usr/bin/spamd -d -c -m5 -H -r
>>>>> /var/run/spamd.pid
>>>>> 1381 nobody 12:13 spamd child
>>>>> 1382 root 12:13 spamd child
>>>>>
>>>>> What do I change so that it does not fall back to 'nobody'?
>>>>>
>>>>> Now this MIGHT explain something else I am seeing in maillog:
>>>>>
>>>>> Aug 17 12:48:16 z9m9z spamd[1381]: mkdir /root/.spamassassin: Permission
>>>>> denied at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin.pm line 1536
>>>>> Aug 17 12:48:16 z9m9z spamd[1381]: locker: safe_lock: cannot create tmp
>>>>> lockfile
>>>>> /root/.spamassassin/auto-whitelist.lock.z9m9z.htt-consult.com.1381 for
>>>>> /root/.spamassassin/auto-whitelist.lock: Permission denied
>>>>> Aug 17 12:48:16 z9m9z spamd[1381]: auto-whitelist: open of
>>>>> auto-whitelist file failed: locker: safe_lock: cannot create tmp
>>>>> lockfile
>>>>> /root/.spamassassin/auto-whitelist.lock.z9m9z.htt-consult.com.1381 for
>>>>> /root/.spamassassin/auto-whitelist.lock: Permission denied
>>>>>
>>>>> Please lend me a hand in cleaning what looks to be a very basic set of
>>>>> install problems.
>>>>>
>>>>>

>>
>>
>>
>>