Subject: Re:  New: Incorrect user_prefs being used

This is probably something better asked on the users list because the
most likely cause is a bad config.

On Fri, Jan 14, 2005 at 02:29:17AM -0800, bugzilla-daemon@bugzilla.spamassassin.org wrote:
> 
> CentOs 3.3, filtered via procmail, running SA 3.0.2. Using spamc/spamd.
> 

Are you absolutely sure it is 3.0.2?  I ask because there was a bug
like this in 3.0.0, but it was fixed.

> I have setup a whitelist_from in my own 
> file, /home/jim/.spamassassin/user_prefs with a test email. I have sent a test 
> email from my nominated external address to user jim on my box. Whitelist in 
> user_prefs is NOT being applied.
> 
> The same applies to blacklist_from.
> 
> However, if I instead add the whitelist_from line to 
> file /root/.spamassassin/user_prefs, the whitelist is applied successfully.
> 

Did this work before?  How are you starting spamd? How are you calling
spamd? with spamc? are you passing in the username? Are you running in
a site wide configuration?

> In other words, my user-level rules are NOT being applied, the values are 
> always coming from root's user_prefs file, for all users.

whitelist_* and blacklist_* are not "user-level rules" so...

> 
> I have used Webmin to enable the "allow users to define rules" in header/body 
> tests, just in case this had an impact, but still no luck.
> 

This doesn't do what you think it does.  This allows you to put new
rules in your user_prefs file and can be a security risk (hopefully
Webmin makes this clear before allowing you to turn it on).

Subject: Re:  Incorrect user_prefs being used


> Are you absolutely sure it is 3.0.2?  I ask because there was a bug
> like this in 3.0.0, but it was fixed.

Yes, certain. It was installed from an RPM I found on the web. It reports
itself as 3.0.2 to Webmin.

>
>> I have setup a whitelist_from in my own
>> file, /home/jim/.spamassassin/user_prefs with a test email. I have sent
>> a test
>> email from my nominated external address to user jim on my box.
>> Whitelist in
>> user_prefs is NOT being applied.
>>
>> The same applies to blacklist_from.
>>
>> However, if I instead add the whitelist_from line to
>> file /root/.spamassassin/user_prefs, the whitelist is applied
>> successfully.
>>
>
> Did this work before?  How are you starting spamd? How are you calling
> spamd? with spamc? are you passing in the username? Are you running in
> a site wide configuration?

I have never tried it before, as the box was only for my use. Now I have
users who want to enter their own rules.

My /etc/init.d/spamassasin file contains:

SPAMDOPTIONS="-d -c -m2 -H"


and my /etc/procmailrc contains:

:0fw: spamassassin.lock
* < 131072
| /usr/bin/spamc


>> In other words, my user-level rules are NOT being applied, the values
>> are
>> always coming from root's user_prefs file, for all users.
>
> whitelist_* and blacklist_* are not "user-level rules" so...
>
>>
>> I have used Webmin to enable the "allow users to define rules" in
>> header/body
>> tests, just in case this had an impact, but still no luck.
>>
>
> This doesn't do what you think it does.  This allows you to put new
> rules in your user_prefs file and can be a security risk (hopefully
> Webmin makes this clear before allowing you to turn it on).

I thought that was the case, I was just concerned it was affecting the
other functionality.

many thanks!


Jim

>
>
>
>
>
> ------- You are receiving this mail because: -------
> You reported the bug, or are watching the reporter.
>

Subject: Re:  Incorrect user_prefs being used

On Fri, Jan 14, 2005 at 06:09:02AM -0800, bugzilla-daemon@bugzilla.spamassassin.org wrote:
> 
> I have never tried it before, as the box was only for my use. Now I have
> users who want to enter their own rules.
> 
> My /etc/init.d/spamassasin file contains:
> 
> SPAMDOPTIONS="-d -c -m2 -H"
> 
> 
> and my /etc/procmailrc contains:
> 
> :0fw: spamassassin.lock
> * < 131072
> | /usr/bin/spamc
> 
> 

Most likely this is running as the root user and passing root as the
username to spamd.  It's been awhile since I've messed with procmail,
but I believe you need to add DROPPRIVS=yes to your procmailrc file.

You can confirm this behavior by looking at your logs, it should say
who it is processing the mail for.

Subject: Re:  Incorrect user_prefs being used

> Most likely this is running as the root user and passing root as the
username to spamd.  It's been awhile since I've messed with procmail,
but I believe you need to add DROPPRIVS=yes to your procmailrc file.

Apologies, I had forgotten to do that. I have now added that line.

> You can confirm this behavior by looking at your logs, it should say who
it is processing the mail for.

Well done. Found out it was a permisisons thing.

Have followed some points at
http://www.math.tamu.edu/computing/spamassassin.html

and changed permisisons. Not sure if they are correct though. (It's now
working, but possibly now a security risk?). I have:

chmod a+x /home/jim/.spamassassin/
chmod a+u /home/jim/.spamassassin/user_prefs

Does this sound okay? I'll try to RTFM now I know what I'm looking for.


Many thanks!



Jim




>
>
>
>
>
> ------- You are receiving this mail because: -------
> You reported the bug, or are watching the reporter.
>

Not a bug, just config issue.

The permissions on those files should be whatever is appropriate for that user
to be able to read the user_prefs file, since the spamd process will run as that
user.