Hi Jeff,
2008/4/3, LedHed <[EMAIL PROTECTED]>:
> Konstantin Boyandin wrote:
>
> > Greetings,
> >
> > I've installed DPAM 3.8.0 to be called by Exim4. The configure command:
> >
> > ./configure --prefix=/usr/local/dspam-3.8.0 \
> > --enable-daemon \
> > --enable-clamav \
> > --enable-syslog \
> > --enable-homedir \
> > --with-dspam-home-owner=exim \
> > --with-dspam-group=mail \
> > --with-delivery-agent=/usr/sbin/exim \
> > --with-quarantine-agent=/usr/sbin/exim
> >
> > The Exim routers:
> >
> > dspam_router:
> > no_verify
> > check_local_user
> > condition = "${if and { \
> > {!def:h_X-Spam-Flag:} \
> > {!def:h_X-FILTER-DSPAM:} \
> > {!eq {$received_protocol}{local}} \
> > { <= {$message_size}{512k}} \
> > }\
> > {1}{0}}"
> > headers_add = "X-FILTER-DSPAM: by $primary_hostname on $tod_full"
> > driver = accept
> > transport = dspam_spamcheck
> >
> > dspam_addspam_router:
> > driver = accept
> > local_part_prefix = spam-
> > transport = dspam_addspam
> >
> > dspam_falsepositive_router:
> > driver = accept
> > local_part_prefix = nospam-
> > transport = dspam_falsepositive
> >
> > The Exim transports:
> >
> > dspam_spamcheck:
> > driver = pipe
> > command = "/usr/local/dspam-3.8.0/bin/dspam
> --debug --deliver=innocent,s
> > pam --user ${lc:$local_part} -f \
> > '$sender_address' -- %u"
> > home_directory = "/tmp"
> > current_directory = "/tmp"
> > user = exim
> > group = mail
> > log_output = true
> > return_fail_output = true
> > return_path_add = false
> > message_prefix =
> > message_suffix =
> >
> > dspam_addspam:
> > driver = pipe
> > command = "/usr/local/dspam-3.8.0/bin/dspam --debug
> --class=spam --source=er
> > ror --user \
> > ${lc:$local_part} -f '$sender_address' -- %u"
> > home_directory = "/tmp"
> > current_directory = "/tmp"
> > user = exim
> > group = mail
> > log_output = true
> > return_fail_output = true
> > return_path_add = false
> > message_prefix =
> > message_suffix =
> >
> > dspam_falsepositive:
> > driver = pipe
> > command = "/usr/local/dspam-3.8.0/bin/dspam --debug
> --class=innocent --sourc
> > e=error \
> > --deliver=innocent,spam --user ${lc:$local_part}\
> > -f '$sender_address' -- %u"
> > home_directory = "/tmp"
> > current_directory = "/tmp"
> > user = exim
> > group = mail
> > log_output = true
> > return_fail_output = true
> > return_path_add = false
> > message_prefix =
> > message_suffix =
> >
> > This is what I see in the maillog when a message is sent to :
> >
> > Apr 2 08:37:25 dev dspam[11734]: Unable to create directory:
> > /home/user/.dspam: Permission denied
> > Apr 2 08:37:25 dev dspam[11734]: Unable to open file for reading:
> > /home/user/.dspam/user.lock: Permission denied
> > Apr 2 08:37:25 dev dspam[11734]: Unable to attach DSPAM context
> > Apr 2 08:37:25 dev dspam[11734]: process_message returned error -2.
> > delivering.
> >
> > May I ask, what is requried to allow DSPAM to cerate the per-user
> > .dspam directories and all the required data in them?
> >
> > Thanks.
> >
> > All the best,
> >
> > Konstantin
> >
> >
> >
>
> I think I explained this to you in IRC, but here it goes.
> You are using --enable-homedir, which requires that dspam be setuid root so
> that it has access to the users home directory.
> If you are running dspam as user 'mail' or 'dspam' etc... then dspam won't
> have permission to read/write to the users home directory.
>
> In addition by using --enable-homedir you can't use the WebUI (which isn't
> required), unless you run the dspam.cgi as root, which is a security issue.
>
> The alternative would be to omit --enable-homedir, in which case the opt-in
> & opt-out data will be stored in
> /usr/local/var/dspam/data/username (or $Home/data/username)
>
> If you plan to have multiple domains then use --enable-domain-scale which
> places the opt-in & opt-out data in
> /usr/local/var/dspam/data/domain.tld/username
>
> All of this information can be found in the README located here:
> http://dspam.nuclearelephant.com/text/README-3.6.7.txt
Yes, I received your explanation on IRC. I decided to ignore the
possible advantage that can provide the --enable-homedir and chose to
use the 'inner' storage within DSPAM installation directory.
That works fine. I suppose I will update the correspondent Wiki page,
since current DSPAM+Exim page is out-of-date (e.g., it lists configure
options that are phased out of the current DSPAM version).
Thank you.
All the best,
Konstantin
