> On Jun 20, 2024, at 6:05 PM, Bill Cole > <sausers-20150...@billmail.scconsult.com> wrote: > > On 2024-06-20 at 16:14:47 UTC-0400 (Thu, 20 Jun 2024 15:14:47 -0500) > Paul Schmehl <paul.schm...@gmail.com <mailto:paul.schm...@gmail.com>> > is rumored to have said: > >> I’m running spamassassin (SA) 3.4, postfix 3.9.0-1, and dovecot 2.2.36-8 on >> a linux server. I have some questions about SA that I can’t seem to find >> answers for on the web. >> >> The SA conf files are /etc/mail/spamassassin. The bayes files are in >> /usr/local/etc/mail/spamassassin/bayes. >> >> I’m running spamd as the content_filter in postfix. spamassassin unix - >> n n - - pipe >> user=spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} >> ${recipient} >> >> Everything is working as expected, but I have some questions about >> permissions. Should spamd be the owner of /etc/mail/spamassassin? > > No. It is entirely normal for any user to read the config files. The spamd > user never needs to write to that directory or anything in it.
I set it back to root ownership. > >> Of /usr/local/etc/mail/spamassassin? > > Yes. The bayes_* files there are the active Bayes DB in use by the spamd > daemon, so the user the daemon is running as needs to be able to do anything > in that directory. So spamd needs to be the owner of the bayes files. > >> Today I got a warning about the unsafe perms on sa-update-keys. Who should >> own those and what should the perms be? > > Files in that directory control whose signatures you trust on daily rules > packages, so the directory should be owned by root, perms 0700. > > >> Finally, I’m seeing this in my maillogs. >> config: failed to parse line, skipping, in >> "/etc/mail/spamassassin/local.cf": bayes_ >> >> This is the config in local.cf: >> bayes_path /usr/local/etc/mail/spamassassin/bayes/bayes > > Is there any other line in that file starting with 'bayes_' ? > > That error message is not lying to you: you have an error in local.cf which > SA cannot parse around. Also look in the lines before the 'bayes_path' line > for unterminated quotes. > Here’s every line with bayes_ in it: bayes_#auto_learn 1 bayes_learn_to_journal 1 bayes_path /usr/local/etc/mail/spamassassin/bayes/bayes bayes_file_mode 0775 bayes_ignore_header ReSent-Date bayes_ignore_header ReSent-From bayes_ignore_header ReSent-Message-ID bayes_ignore_header ReSent-Subject bayes_ignore_header ReSent-To bayes_ignore_header Resent-Date bayes_ignore_header Resent-From bayes_ignore_header Resent-Message-ID bayes_ignore_header Resent-Subject bayes_ignore_header Resent-To I think that first line looks problematic. > >> This is the contents of the bayes folder: >> # ls -lsah /usr/local/etc/mail/spamassassin/bayes/ >> total 632K >> 0 drwxrwxr-x 2 spamd spamd 63 Jun 20 11:36 . >> 0 drwxrwxr-x 3 spamd spamd 19 Jun 13 06:00 .. >> 96K -rw------- 1 spamd spamd 95K Jun 20 14:44 bayes_journal >> 12K -rwxrwxrwx 1 spamd spamd 12K Jun 20 11:32 bayes_seen >> 524K -rwxrwxrwx 1 spamd spamd 664K Jun 20 11:32 bayes_toks >> >> spamd owns the directory /usr/local/etc/mail/spamassassin and all >> subdirectories. The perms are 775 for the directories and 777 for all files. >> (I did this for testing purposes. They normally would be 755 and 644.) > > I hope there's only you on that machine... It is. > > Using 'chmod 777' to troubleshoot permissions issues is always a bad idea. Yeah, but when you run out of ideas….. They’ve already been reset to normal since they didn’t change anything. Paul Schmehl paul.schm...@gmail.com