Possible fixes:
1) don't use hordes reporting util (recommended)
2) run the webserver as root and use the command ('su -c /usr/local/bin/sa-learn --spam $user' or something like it. Do man su or su --help for more info) where $user is horde's global variable for the currently logged on user. (*NOT* recommended. Major security issues there)
3) attempt to run the command from 2 under the su'd nobody user. It may work since sometimes su is broken depending on your build of perl, etc (although it has been 6 months since I used RH, I do not believe their stock perl build was broken). It may revert to the parent processes rights instead of seeing nobody and su without a password needed. This is highly unlikely of working but it is worth a shot. It will take no time to try and can't hurt if it works. Since if it works, you have bigger problems that you can do little to fix. Although I stress, I do not think it will work.
I hope that helps,
Tom
Sahil Tandon wrote:
I understand my problem might be rooted in Horde, amavisd-new, or Postfix. However, I want to be sure it's not a fundamental misunderstanding (on my part) of how SA should be setup.
Postfix filters mail via amavisd-new (which calls SA). Everything runs smoothly except the "Report as Spam" link for users viewing messages via webmail. When clicked, it successfully sends a message to postmaster, and unsuccessfully calls sa-learn. This is what I see in my logs (sorry for line wraps):
lock: 94539 cannot create tmp lockfile /root/.spamassassin/bayes.lock.sphinx.hamla.org.94539 for /root/.spamassassin/bayes.lock: Permission denied
perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
LC_ALL = (unset),
LANG = "en_US"
are supported and installed on your system.
perl: warning: Falling back to the standard locale ("C").
bayes expire_old_tokens: lock: 95562 cannot create tmp lockfile /root/.spamassassin/bayes.lock.sphinx.hamla.org.95562 for /root/.spamassassin/bayes.lock: Permission denied
lock: 95562 cannot create tmp lockfile /root/.spamassassin/bayes.lock.sphinx.hamla.org.95562 for /root/.spamassassin/bayes.lock: Permission denied
The relevant line in my IMP conf.php:
$conf['spam']['program'] = '/usr/local/bin/sa-learn --spam';
I googled for the error but cannot find a proper solution. Right now, /root/.spamassassin is a symlink to /var/amavis/.spamassassin; the files therein (i.e. the bayes_* files) are chown'd vscan:vscan. They are updated when SA *itself* notices spam above a certain threshold, rejects those messages, and auto-learns their spammy existence.
How to get 'sa-learn --spam' from webmail to co-exist peacefully with my current setup?
-- Sahil Tandon