I am finally getting around to sorting my SPAM settings. One thing I came across is that you can set SpamAssassin to run ‘Per User’ or one single instance for the whole server (Global).
My question is, what is the preferred setup, Global or ‘Per User’? Are there any Pros and cons?
thanks
I’ve always thought you have global and per user settings, its not one or the other. The per user settings so users can add there own rules on top of the global.
the 2 scenarios are (I am currently doing my notes on this so this is the outline):
/etc/spamassassin/local.cf/etc/spamassassin/local.cf is copied and used as a global for each virtual server owner accountoption 2
maybe not strictly per virtual server owner but by domain, but definitely not global
My understanding is Spamc uses less resources. It is what I use to keep my system simple.
You might find this thread useful.
@popmay thanks, I have already found this thread. I have gone through the forum for how the technology works, which i am typing up now.
My question is more about which option people have chosen and why?
I use Spamc. Simple decision since I don’t need users to manage their own spam so it simplifies the process. I host mine and several family members who don’t want to be active in the process.
I have been watching for a good while and set my own weight on rules I see being triggered and add header/body tests. My grown daughter I have to watch spam and whitelist advertising mailing lists and school newsletters etc… she likes to look at.
I do effectively catch all the poorly configured aggressive and deceptive nonsense on all the accounts.
It seems like my email doesn’t attract the same advertisers as hers and my other grown daughter’s business. So I haven’t needed to use spamassassin and multiple configs.
I think if you need to have individual rules you have to use the spamassassin option. If I needed that I would still have almost all my rules in
/etc/spamassassin/local.cf
Good to know. My experience is not with the spamassassin setting.
Seems like managing a lot of rules in many user files would become very tedious if there is no common file for the individual files to be included and override weights if rule is the same except for that. Looks like I have reading to do.
thanks for that.Very helpful.
The per virtual server option will not use the /etc/spamassassin/local.cf except when it initially copies it when the virtual server is setup.
https://cwiki.apache.org/confluence/display/SPAMASSASSIN/WritingRules
/etc/mail/spamassassin/local.cf is the place of choice for site-wide application
of a rule. Rules placed here get applied no matter what user invokes SpamAssassin.
~/.spamassassin/user_prefs is best if you want to have a rule only run when
a particular user runs SA.
Note: if you use spamd, rules placed in user_prefs will be IGNORED by default. If you add the allow_user_rules option to your local.cf you can get spamd to honor them. However, before you enable it, you should know that this is disabled by default for security reasons. In theory a malicious local user might be able to exploit spamd with a clever regex and gain root permissions. I know of no specific vulnerabilities of this type in spamassassin at this time, but it is a possibility. I’d only turn this on if you trust your local users not to try to hack root.
Spamd is a global daemon it runs once with the same set of rules for the whole server. spamc can be set up to run per user rules. as far as I remember it is one or the other not both.
The issue for you to work out is as follows. Spamd is faster and possibly uses lower resources as its always loaded. spamc however can be an issue as if 100 email arrive at the same time you will spin up 100 spamassassin threads at x meg of ram each. This take time as its reloaded from config each time. This put a huge load on CPU and possibly ram. If you only receive 1 or 2 email at the same time use what you like but you could very easily run out of ram and cpu if 100 or more email show up together and possibly crash the server.
Pick your poison.
Note: if you use spamd, rules placed in user_prefs will be IGNORED by default. If you add the allow_user_rules option to your local.cf you can get spamd to honor them. However, before you enable it, you should know that this is disabled by default for security reasons>
Thanks, that’s what it was just couldn’t remember.
I will look into this. But I thought it was either global with the one config file, or per-domain with per-email config. if you can have global with per-email config this should be added to the notes.
Since you are keeping a public journal I would think you probably want to get it right.
From the Apache Software Foundation wiki:
https://cwiki.apache.org/confluence/display/SPAMASSASSIN/WritingRules
Where to add them
Before we start writing rules, I have a warning for you. Do NOT add your rules to the .cf files in /usr/share/spamassassin. The reason for this warning is simple. When you upgrade SA (and you should do so somewhat regularly), all the existing rules in
/usr/share/spamassassin will be deleted and replaced by the new default ruleset. All your hard work and customization will be lost. I’d only put changes in those files if it’s a temporary fix for a bug in a rule that you expect will be fixed in the next version of SA. (ie: if there’s a typo-fix in CVS, you might edit your .cf to match it). So where do you put your rules if not in /usr/share/spamassassin? Well, there’s two places. And your choice of place depends on how your copy of SpamAssassin is set up, and what you want the rules to do:
/etc/mail/spamassassin/local.cf is the place of choice for site-wide application of a rule. Rules placed here get applied no matter what user invokes SpamAssassin.
~/.spamassassin/user_prefs is best if you want to have a rule only run when a particular user runs SA.
This definitely says Spamassassin pulls rules from multiple files. Apache man pages support this but the way they word things can be a challenge to understand. There is more info in man pages as to what kinds of rules are used in user_prefs.
Note: if you use spamd, rules placed in user_prefs will be IGNORED by default. If you add the allow_user_rules option to your local.cf you can get spamd to honor them. However, before you enable it, you should know that this is disabled by default for security reasons. In theory a malicious local user might be able to exploit spamd with a clever regex and gain root permissions. I know of no specific vulnerabilities of this type in spamassassin at this time, but it is a possibility. I’d only turn this on if you trust your local users not to try to hack root.
Spamc is the client half of the spamc/spamd pair. Spamed runs as root. Allowing a malicious user to put code in a root app config could really have bad results!
This is why Webmin/Virtualmin will set up user_prefs with spamassassin (Standalone program) not spamc.
It’s also very easy to have a typographical error in your rules. A bad typo can cause SpamAssassin to have to silently skip large chunks of your config files before it can make sense of the rules again.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.
