Metreon deathwatch

I love the comments at the bottom -- apparently Fourth and Mission is a terrifying place where civilized people should never go without armed guards.

"They mostly come at night. Mostly."


Tags: ,


Dear Lazyweb,

How the hell do I get SpamAssassin to work properly with Postfix? I've been through this several times before, but as far as I can tell, it's never worked right. Here is what I want:

  • Postfix feeds all locally-delivered mail through SpamAssassin;
  • Each recipient user on the system can have a .spamassassin/user_prefs file that uses directives like "required_score" and "blacklist_from" and "score". (Note that I said that I want this to be per user, not global. His blacklist is not her blacklist.)

Sounds simple, right? Sounds like the setup everyone in the world must have, right?

I can't get it to ever read the user_prefs files. And my mail log is full of errors about not being able to write lock files in ~user/.spamassassin/.

<LJ-CUT text="What I've tried... --More--(31%) ">

What I've tried:

  • /etc/postfix/
    mailbox_command = /opt/local/bin/procmail

    (I see a lot of pages saying to use for this instead, but as far as I can tell, that would preclude a per-user user_prefs file ever getting consulted. Also the various FAQs on that approach make it sound flaky as all hell.)

  • /etc/procmailrc:

      | /opt/local/bin/spamc -x -s 1000000

    (I tried it with and without DROPPRIVS.)

  • spamd: I have tried launching it as either
    /opt/local/bin/spamd --user-config --username=postfix --groupname=mail

  • /Users/XX/.spamassassin/*: Owned by XX; I have also tried putting them in group "mail" and making them group-writable. Didn't help.

Here's the kind of crap that is getting logged:

    spamd: connection from localhost [] at port 61095\n
    spamd: processing message <> for caroline:27\n
    locker: safe_lock: cannot create tmp lockfile /Users/caroline/.spamassassin/ for /Users/caroline/.spamassassin/auto-whitelist.lock: Permission denied\n
    auto-whitelist: open of auto-whitelist file failed: locker: safe_lock: cannot create tmp lockfile /Users/caroline/.spamassassin/ for /Users/caroline/.spamassassin/auto-whitelist.lock: Permission denied\n
    bayes: locker: safe_lock: cannot create tmp lockfile /Users/caroline/.spamassassin/ for /Users/caroline/.spamassassin/bayes.lock: Permission denied\n
    spamd: clean message (0.0/5.0) for caroline:27 in 4.2 seconds, 24916 bytes.\n
    spamd: result: . 0 - HTML_MESSAGE scantime=4.2, size=24916, user=caroline, uid=27, required_score=5.0, rhost=localhost, raddr=, rport=61095, mid=<>, autolearn=failed\n

(I'm especially impressed at the spurious \n on each line. Kwality.)

I have no idea how to tell what's running as who at the various stages of this pipeline.

Update: I think there were at least two missing pieces: spamd needed to be launched with -H, and procmailrc needed to both DROPPRIVS and run spamc with -u $LOGNAME. So my final, working config is:

  • /etc/postfix/
    mailbox_command = /opt/local/bin/procmail
  • /etc/procmailrc:
    | /opt/local/bin/spamc -u $LOGNAME -x -s 100000000

  • /opt/local/bin/spamd -H -s local7

  • /etc/syslog.conf:
    local7.*     /var/log/spamd.log

  • /Users/XX/.spamassassin/*: Owned by XX

  • /opt/local/etc/mail/spamassassin/
    bayes_path /var/spool/spamassassin/bayes
    bayes_file_mode 0666

  • chown -R postfix:mail /var/spool/spamassassin
    chmod -R a+rw /var/spool/spamassassin

    (not sure if this is really necessary)

Tags: , , ,