spamass-milter questions

Matthew Seaman m.seaman at
Wed Jun 25 07:04:25 PDT 2003

On Wed, Jun 25, 2003 at 02:05:04PM +0200, Andreas Widerøe Andersen wrote:
> Hi all,
> I have two questions releated to spamass-milter on my FreeBSD box:
> 1. How do I get rid of these errors?
> Jun 25 13:54:15 server sendmail[52687]: h5PBs8Xv052687: Milter 
> (spamassassin): local socket name /var/run/spamass-milter.sock unsafe
> Jun 25 13:54:15 server sendmail[52687]: h5PBs8Xv052687: Milter 
> (spamassassin): to error state

Hmmm... Check the permissions on /, /var, /var/run and
/var/run/spamass-milter.sock -- there shouldn't be any group or world
write bits set, and all the files should be owned by root:wheel

    % ls -lad / /var /var/run /var/run/spamass-milter.sock
    drwxr-xr-x  20 root  wheel  512 Jun 21 22:46 /
    drwxr-xr-x  30 root  wheel  512 Jun 13 08:08 /var
    drwxr-xr-x   5 root  wheel  512 Jun 23 22:00 /var/run
    srwxr-xr-x   1 root  wheel    0 Jun 23 12:26 /var/run/spamass-milter.sock
> spamass-milter is started by this line in my (actually .mc 
> before compile) file:
> INPUT_MAIL_FILTER(`spamassassin', `S=local:/var/run/spamass-milter.sock, 
> F=, T=C:15m;S:4m;R:4m;E:10m')

Looks fine to me.
> 2. How can I automatically delete messages that gets the X-Spam: Yes flag 
> set? I want to do this for messages I forward to other server etc. Ie. 
> virtusertable: johnny at       joh at

It's quite tricky to do that for just some of the e-mail passing
through your system.  You can tell spamass-milter to bounce e-mail if
it scores more than a certain amount using the '-r nn' flag, which is
good for getting rid of the most egregious spams.  However that
filtering occurs with all of the e-mail passing through your system,
including stuff you're sending out.  The problem with spamass-milter
is that it's an input mail filter (input from the p.o.v. of the
sendmail MTA process), and so doesn't have the natural connection to
the user receiving the mail (hence the ability to eg. look up
preferences in the user's home dir or the like) that a delivery filter
would.  There are some hacks with the '-u' option, but they can't
distinguish local and remote addresses that happen to have the same
username, they don't deal very well with delivery to multiple
recipients and I don't think they cope very well if you use
genericstable to make your e-mail address different from your login

Probably your best bet is to install something like procmail as your
local delivery agent on the system where the mail gets finally
delivered.  You can send the objectionable stuff to /dev/null very
readily that way.  Even so, that won't save you the bandwidth required
to relay the spam from one of your mail servers to the other.

One thing I've found beneficial when running spamass-milter is to make
the spamd process it passes all the messages to run as a different
user than root/nobody.  This permits spamd and spamass-milter to use
the auto-whitelist and bayesian matching filters -- these require
write access to a chunk of disk space in order to keep previous
results.  I chose 'mailnull' as the UID to use as parts of the mail
system already run as that.  Since mailnull uses /var/spool/mqueue as
it's home dir I used the '--virtual-config-dir' option to get spamd to
keep it's working files in a different directory:

    spamd -a -c -u mailnull --virtual-config-dir=/var/spamassassin/%u -d



Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
PGP:         Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url :

More information about the freebsd-questions mailing list