-----Original Message-----
From: address@hidden
[mailto:address@hidden
] On Behalf Of Saurabh Barve
Sent: Wednesday, May 18, 2005 12:53 PM
To: address@hidden
Subject: running spamass-milter as non-root and rejecting spam
Hi,
1) I was running SpamAssassin as root, but I kept getting an
error that
said that it isn't a good idea to run SA as root. So, I created an
unprivileged user `spamd` that had no login shell, and a home
directory
as /home/spamd. I then passed the following options to spamd when
starting it up: -d -c -m5 --username spamd -H /home/spamd. SA
now runs
under user spamd. However, I get an error message that says
that spamd
cannot write to user preferences in /root/.spamassassin. I
posted this
question on the SA-list, and somebody told me that to get it to
recognize the home directory for user prefs as /home/spamd, I need to
run spamass-milter as a non-root user. How do I do that?
There seems to
be no option to run spamass-milter as an unprivileged user. `man
spamass-milter` has one option for 'username', but it is not
related to
running the milter program as non-root. Since my unprivileged
user does
not have a shell, I cannot 'su' to that user to start spamass-milter.
I don't know who said you need to switch spamass-milter over, as that's
actually rather strange.
Here I have spamassassin set to run as root (without any errors as I run
per-user config on sql, but this should not be a big deal), and I have
told spamassassin that it's "homedir" folder is a different folder.
This means that spamass-milter runs as root (which being a milter it
does like to have higher-access levels that most programs, at least I
would suspect this), and spamassasin just dumps the data into the
correct location. Spamass-milter has no say in the home directory
details of spamassassin aside from how spamd responds when it gets
called.
In my case the option to spamassassin is
"--helper-home-dir=/var/local/spamd", you would use whatever directory
you wished. It's a spamassassin thing, not a milter thing with the
preferences data.
2) I have the following options set up for spamass-milter: -r 10 -B
address@hidden Thus, I am trying to reject any e-mail that gets a
score of
10 or more. All other e-mails that get tagged as spam, I want
to be sent
to address@hidden My score setting for spam recognition is set at 5. So,
anything that is between 5 and 10 should be sent to address@hidden, and
anything above 10 should be rejected outright[at least that's my
understanding of it]. However, what I'm seeing is that
messages with a
score over 10 are attempted to be sent to address@hidden, and then are
getting blocked as well. This is resulting in a mailer-daemon message
being generated. The reason for the mailer-daemon is that the
message is
bouncing too many times between localhost and the mail server. My
localhost is my mail server. How do I get around this?
I am not sure what is happening there, as I don't use mail redirection
for tagged spam... I do seem to recall a previous person with the same
situation however - have you checked back through the list archive? I'm
sure someone else here can help on this one though...
Regards,
Cassandra Brockett