[hcoop/zz_old/ikiwiki] / SpamAssassinAdmin.mdwn

Here's how we set up our site-wide Spam``Assassin bayes database, including the ability for users to train it.\r
\r
 1. Create a new user `spamd` with home `/var/local/lib/spamd`.\r
 1. Add "spamd" to `/etc/cron.allow`.\r
 1. Perform the following as `spamd`:\r
   1. `cd ~spamd`\r
   1. `maildirmake -S Maildir`, to create the shared Spam``Assassin mailbox.\r
   1. `maildirmake -f SiteSpam -s write Maildir`, to create a writable folder for misclassified spam (or if extracting from a tarball, make sure it has the sticky bit set by doing the following).\r
      {{{\r
find ~spamd/Maildir/.SiteSpam -type d -exec chmod o+t {} \;\r
}}}\r
   1. `maildirmake -f SiteHam -s write Maildir`, to create a writable folder for misclassified ham (or if extracting from a tarball, make sure it has the sticky bit set by doing the following).\r
      {{{\r
find ~spamd/Maildir/.SiteHam -type d -exec chmod o+t {} \;\r
}}}\r
 1. Add the following to `~spamd/.crontab` to learn from and delete messages in those shared folders every five minutes (changing MACHINENAME to be the name of the local machine):\r
    {{{\r
MAILTO=logs@MACHINENAME.hcoop.net\r
\r
# Learn from submitted spam\r
0,10,20,30,40,50 * * * * ~spamd/scripts/learn-spam --spam\r
# Learn from submitted ham\r
0,10,20,30,40,50 * * * * ~spamd/scripts/learn-spam --ham\r
# Remove any tmp cruft\r
3 3 * * * find ~spamd/Maildir/.SiteHam/tmp -type f -delete ; find ~spamd/Maildir/.SiteSpam/tmp -type f -delete\r
}}}\r
    '''Be sure there's a newline after the last line, or it won't be processed.'''\r
 1. Copy the `learn-spam` script from the `spam` directory of the hcoop "misc" repository into the directory `~spamd/scripts`.\r
 1. Modify `/etc/spamassassin/local.cf` with the directive:\r
    {{{\r
# Location of bayes data\r
bayes_path /var/local/lib/spamd/bayes/.spamassassin/bayes\r
\r
# Fix bayes permissions\r
bayes_file_mode 0770\r
\r
# Directives from old setup\r
# [any custom stuff from the old /etc/spamassassin/local.cf that you want to keep]\r
}}}\r
 1. Modify `/etc/default/spamassassin` by setting `OPTIONS` and `ENABLED`as follows.  The `-x` prevents `spamd` from trying to look for per-user configuration, which would be silly because it always runs as the same user here.  Without this flag, the cron job triggered every 5 minutes would log an error message, which would lead to an e-mail being sent to the `spamd` user.\r
    {{{\r
# Change to one to enable spamd\r
ENABLED=1\r
\r
OPTIONS="--create-prefs --max-children 5 --helper-home-dir=/var/local/lib/spamd -u spamd -x -s /var/log/spamd.log"\r
\r
PIDFILE="/var/local/lib/spamd/pid"\r
}}}\r
 1. Make a file called `/etc/logrotate.d/spamd` with the following contents.\r
    {{{\r
/var/log/spamd.log {\r
        weekly\r
                missingok\r
                create 0640 root adm\r
                rotate 4\r
                compress\r
                delaycompress\r
                sharedscripts\r
                postrotate\r
                [ -f '/var/local/lib/spamd/pid' ] && (kill -HUP `cat /var/local/lib/spamd/pid`) || exit 0\r
                endscript\r
}\r
}}}\r
 1. Start the daemon by doing {{{/etc/init.d/spamassassin start}}}.  Check `/var/log/spamd.log` to be sure that it started OK.\r
 1. Install the `.crontab` entries that you wrote earlier by doing {{{crontab -u spamd ~spamd/.crontab}}} as root.  Do this every time that you make changes to `~spamd/.crontab`.\r
 1. Edit {{{/etc/courier/shared/index}}} as follows, being sure to separate each column with a single TAB character.  The second column is UID, and third column is GID -- consult `/etc/passwd` and `/etc/group` to make these match the `spamd` user and group.\r
    {{{\r
spamd   116     119     /var/local/lib/spamd\r
}}}\r
 1. Restart courier's IMAP process: {{{runsv restart courier-imap}}}\r
 1. Test by checking to see if you can access {{{shared.SpamAssassin.SiteHam}}} and {{{shared.SpamAssassin.SiteSpam}}} from IMAP.  If not, do {{{maildirmake --add SpamAssassin=~spamd/Maildir ~/Maildir}}} as your normal user from the machine that does courier (and presumably spamassassin as well).  You might need to replace `~` with `~USERNAME` if you are using sudo to do this, where USERNAME is your normal username.\r
 1. Now copy some spammy mail into the {{{SiteSpam}}} directory, wait 5 minutes, and check to see if the mail got learned and deleted.\r
 1. If so, edit {{{~spamd/.crontab}}} to pipe the output of sa-learn to /dev/null, and run crontab as specified earlier to propogate this change.\r
\r
----\r
CategorySystemAdministration\r
Commit	Line	Data
ee25310d	1	Here's how we set up our site-wide Spam``Assassin bayes database, including the ability for users to train it.\r
	2	\r
	3	1. Create a new user `spamd` with home `/var/local/lib/spamd`.\r
	4	1. Add "spamd" to `/etc/cron.allow`.\r
	5	1. Perform the following as `spamd`:\r
	6	1. `cd ~spamd`\r
	7	1. `maildirmake -S Maildir`, to create the shared Spam``Assassin mailbox.\r
	8	1. `maildirmake -f SiteSpam -s write Maildir`, to create a writable folder for misclassified spam (or if extracting from a tarball, make sure it has the sticky bit set by doing the following).\r
	9	{{{\r
	10	find ~spamd/Maildir/.SiteSpam -type d -exec chmod o+t {} \;\r
	11	}}}\r
	12	1. `maildirmake -f SiteHam -s write Maildir`, to create a writable folder for misclassified ham (or if extracting from a tarball, make sure it has the sticky bit set by doing the following).\r
	13	{{{\r
	14	find ~spamd/Maildir/.SiteHam -type d -exec chmod o+t {} \;\r
	15	}}}\r
	16	1. Add the following to `~spamd/.crontab` to learn from and delete messages in those shared folders every five minutes (changing MACHINENAME to be the name of the local machine):\r
	17	{{{\r
	18	MAILTO=logs@MACHINENAME.hcoop.net\r
	19	\r
	20	# Learn from submitted spam\r
	21	0,10,20,30,40,50 * * * * ~spamd/scripts/learn-spam --spam\r
	22	# Learn from submitted ham\r
	23	0,10,20,30,40,50 * * * * ~spamd/scripts/learn-spam --ham\r
	24	# Remove any tmp cruft\r
	25	3 3 * * * find ~spamd/Maildir/.SiteHam/tmp -type f -delete ; find ~spamd/Maildir/.SiteSpam/tmp -type f -delete\r
	26	}}}\r
	27	'''Be sure there's a newline after the last line, or it won't be processed.'''\r
	28	1. Copy the `learn-spam` script from the `spam` directory of the hcoop "misc" repository into the directory `~spamd/scripts`.\r
	29	1. Modify `/etc/spamassassin/local.cf` with the directive:\r
	30	{{{\r
	31	# Location of bayes data\r
	32	bayes_path /var/local/lib/spamd/bayes/.spamassassin/bayes\r
	33	\r
	34	# Fix bayes permissions\r
	35	bayes_file_mode 0770\r
	36	\r
	37	# Directives from old setup\r
	38	# [any custom stuff from the old /etc/spamassassin/local.cf that you want to keep]\r
	39	}}}\r
	40	1. Modify `/etc/default/spamassassin` by setting `OPTIONS` and `ENABLED`as follows. The `-x` prevents `spamd` from trying to look for per-user configuration, which would be silly because it always runs as the same user here. Without this flag, the cron job triggered every 5 minutes would log an error message, which would lead to an e-mail being sent to the `spamd` user.\r
	41	{{{\r
	42	# Change to one to enable spamd\r
	43	ENABLED=1\r
	44	\r
	45	OPTIONS="--create-prefs --max-children 5 --helper-home-dir=/var/local/lib/spamd -u spamd -x -s /var/log/spamd.log"\r
	46	\r
	47	PIDFILE="/var/local/lib/spamd/pid"\r
	48	}}}\r
	49	1. Make a file called `/etc/logrotate.d/spamd` with the following contents.\r
	50	{{{\r
	51	/var/log/spamd.log {\r
	52	weekly\r
	53	missingok\r
	54	create 0640 root adm\r
	55	rotate 4\r
	56	compress\r
	57	delaycompress\r
	58	sharedscripts\r
	59	postrotate\r
	60	[ -f '/var/local/lib/spamd/pid' ] && (kill -HUP `cat /var/local/lib/spamd/pid`) \|\| exit 0\r
	61	endscript\r
	62	}\r
	63	}}}\r
	64	1. Start the daemon by doing {{{/etc/init.d/spamassassin start}}}. Check `/var/log/spamd.log` to be sure that it started OK.\r
65	1. Install the `.crontab` entries that you wrote earlier by doing {{{crontab -u spamd ~spamd/.crontab}}} as root. Do this every time that you make changes to `~spamd/.crontab`.\r
66	1. Edit {{{/etc/courier/shared/index}}} as follows, being sure to separate each column with a single TAB character. The second column is UID, and third column is GID -- consult `/etc/passwd` and `/etc/group` to make these match the `spamd` user and group.\r
67	{{{\r
68	spamd 116 119 /var/local/lib/spamd\r
69	}}}\r
70	1. Restart courier's IMAP process: {{{runsv restart courier-imap}}}\r
71	1. Test by checking to see if you can access {{{shared.SpamAssassin.SiteHam}}} and {{{shared.SpamAssassin.SiteSpam}}} from IMAP. If not, do {{{maildirmake --add SpamAssassin=~spamd/Maildir ~/Maildir}}} as your normal user from the machine that does courier (and presumably spamassassin as well). You might need to replace `~` with `~USERNAME` if you are using sudo to do this, where USERNAME is your normal username.\r
72	1. Now copy some spammy mail into the {{{SiteSpam}}} directory, wait 5 minutes, and check to see if the mail got learned and deleted.\r
73	1. If so, edit {{{~spamd/.crontab}}} to pipe the output of sa-learn to /dev/null, and run crontab as specified earlier to propogate this change.\r
74	\r
75	----\r
76	CategorySystemAdministration\r