paths and permissions
Bob George
mailings02 at ttlexceeded.com
Sat Feb 28 20:17:45 CET 2004
Tom Anderson wrote:
>This is true for my system. I have no /etc/procmailrc file. Sendmail
>only runs procmail for users who have a ~/.procmailrc. This is as it
>should be. Bogofilter is run for each user as that user, each having
>their own wordlist.db. Under this setup, if you wanted a global
>wordlist.db, you'd have to give world-writable permissions, or else
>invoke procmail with /etc/procmailrc.
>
>
Here's how I'm using procmail using bogofilter for a site-wide bayes
configuration. Keep in mind, I'm a lowly end-user, so I can't speak to
bogofilter's inner workings, but this is working well for me. I realize
site-wide bayes isn't always an ideal solution, but I'm able to live
with the limitations.
I wanted to create ONE procmailrc that would call bogofilter (and
others) on every inbound message. I did not want to set up
world-writable directories, or run with root privs to do so. I wanted to
carefully control what was initially fed into bayes so as not to pollute
it. So...
1. I created and initialized by bogofilter database as the user I run
spamassassin as (spamd). The database files are located outside of
spamd's home directory, in a world-READABLE location. /etc/bogofilter.cf
includes:
bogofilter_dir=/var/opt/bogofilter
$ ls -ld bogofilter
drwxr-xr-x 2 spamd spamd 4.0K Feb 15 03:31 bogofilter
$ ls -l /var/opt/bogofilter
total 9.1M
-rw-r--r-- 1 spamd spamd 9.1M Feb 28 12:49 wordlist.db
2. The top of my /etc/procmailrc has DROPPRIVS as one of the first
things done. I confirm this by viewing the debug output from procmail.
3. bogofilter is called by procmail from /etc/procmailrc, along with
several other spam/virus-checking tools.
4. "Normal" users call bogofilter to query the database (from
/etc/procmailrc):
BOGOHEADER=`/usr/bin/bogofilter -l -p -e | formail -X "X-Spam-Bogosity:"`
LOG="BOGOHEADER: $BOGOHEADER$NL"
$BOGOHEADER is used to tage the message later in the procmailrc via formail.
(Note: No -u used!)
5. This seems to be working just fine for all users (read-only access to
db), and messages are tagged with (sample):
X-Spam-Bogosity: No, tests=bogofilter, spamicity=0.002479, version=0.17.0
6. Since I want to carefully control what goes INTO the database, lest
users pollute it with bad input, I collect spam/ham candidate messages,
then have the spamd user periodically run a cron job that trains on ham
and spam:
formail -s bogofilter -n < hamfolder
formail -s bogofilter -s < spamfolder
FWIW: I'm running several bayes tools in parallel, and calling/training
all this same way. I'm current running spamassassin, bogofilter, ifile
and spamprobe. I'm planning on adding crm114 to the mix shortly.
I have a procmailrule set up that uses all of these to test before
auto-deleting (or rather, auto-training on) spam. Otherwise, I review
them manually first. Lately, all of these tools are more-or-less
agreeing on spam/ham, so I'm adjusting the acceptance threshold accordingly.
I particularly appreciate bogofilters tri-state feature, and use
"unsure" results to identify candidates for re-training.
I'm not sure how "correct" this all is, but it's working quite well.
- Bob
More information about the Bogofilter
mailing list