paths and permissions

[Bob George]

Tom Anderson wrote:

>This is true for my system.  I have no /etc/procmailrc file.  Sendmail
>only runs procmail for users who have a ~/.procmailrc.  This is as it
>should be.  Bogofilter is run for each user as that user, each having
>their own wordlist.db.  Under this setup, if you wanted a global
>wordlist.db, you'd have to give world-writable permissions, or else
>invoke procmail with /etc/procmailrc.
>  
>
Here's how I'm using procmail using bogofilter for a site-wide bayes 
configuration. Keep in mind, I'm a lowly end-user, so I can't speak to 
bogofilter's inner workings, but this is working well for me. I realize 
site-wide bayes isn't always an ideal solution, but I'm able to live 
with the limitations.

I wanted to create ONE procmailrc that would call bogofilter (and 
others) on every inbound message. I did not want to set up 
world-writable directories, or run with root privs to do so. I wanted to 
carefully control what was initially fed into bayes so as not to pollute 
it. So...

1. I created and initialized by bogofilter database as the user I run 
spamassassin as (spamd). The database files are located outside of 
spamd's home directory, in a world-READABLE location. /etc/bogofilter.cf 
includes:

bogofilter_dir=/var/opt/bogofilter

$ ls -ld bogofilter
drwxr-xr-x    2 spamd    spamd        4.0K Feb 15 03:31 bogofilter

$ ls -l /var/opt/bogofilter
total 9.1M
-rw-r--r--    1 spamd    spamd        9.1M Feb 28 12:49 wordlist.db

2. The top of my /etc/procmailrc has DROPPRIVS as one of the first 
things done. I confirm this by viewing the debug output from procmail.

3. bogofilter is called by procmail from /etc/procmailrc, along with 
several other spam/virus-checking tools.

4. "Normal" users call bogofilter to query the database (from 
/etc/procmailrc):

BOGOHEADER=`/usr/bin/bogofilter -l -p -e | formail -X "X-Spam-Bogosity:"`
LOG="BOGOHEADER: $BOGOHEADER$NL"

$BOGOHEADER is used to tage the message later in the procmailrc via formail.
(Note: No -u used!)

5. This seems to be working just fine for all users (read-only access to 
db), and messages are tagged with (sample):

X-Spam-Bogosity: No, tests=bogofilter, spamicity=0.002479, version=0.17.0

6. Since I want to carefully control what goes INTO the database, lest 
users pollute it with bad input, I collect spam/ham candidate messages, 
then have the spamd user periodically run a cron job that trains on ham 
and spam:

formail -s bogofilter -n < hamfolder
formail -s bogofilter -s < spamfolder

FWIW: I'm running several bayes tools in parallel, and calling/training 
all this same way. I'm current running spamassassin, bogofilter, ifile 
and spamprobe. I'm planning on adding crm114 to the mix shortly.

I have a procmailrule set up that uses all of these to test before 
auto-deleting (or rather, auto-training on) spam. Otherwise, I review 
them manually first. Lately, all of these tools are more-or-less 
agreeing on spam/ham, so I'm adjusting the acceptance threshold accordingly.

I particularly appreciate bogofilters tri-state feature, and use 
"unsure" results to identify candidates for re-training.

I'm not sure how "correct" this all is, but it's working quite well.

- Bob