On Wed, 2006-06-07 at 17:56 +0100, Paul Howarth wrote: > On Wed, 2006-06-07 at 12:20 -0400, Daniel J Walsh wrote: > > I will be turning on dcc and razor policy in next rawhide update. This > > should cover some of the problems you are having. Please send > > me all of your policy so that I can get it in the upstream pool. > > We may need to do some rework then, since what we have, particularly for > dcc, is getting the dcc client to work in spamd when running in the > spamd domain. By turning on the dcc policy, this will all change. > > Similarly, Mark seems to be running razor from pyzor, so the policy > tweaks have been for getting razor working as pyzor_t. > > I can send you what we've got so far, but it'll be of limited > usefulness. Perhaps more useful would be if Mark could let you know > where the various files/programs are installed to in the upstream > default configuration (and his config, if different), so that the file > contexts in policy can be right first time. <snip of policies> Paul and Dan, As of this moment, now running in Enforcing Mode, the following are known to work with Paul's policies and context changes: Incoming multiple POP3 account mail via fetchmail is working. fetchmail, BTW, runs every 2 mins. from my own crontab file, not the system crontab, using ~/.fetchmailrc. Outgoing mail via company SMTP server is working Mail forwarding off my laptop via procmail/postfix is working Clamassassin is working Spamassassin is working I have not yet had any Viagra-like e-mails to be able to test the other remote servers (ie. pyzor, razor and DCC) to check for function. Hopefully some with come through today (why can't you get them when you want them.... ;-). The context changes that we made are: chcon system_u:object_r:initrc_exec_t /var/dcc/libexec/start-* chcon system_u:object_r:initrc_exec_t /var/dcc/libexec/start-* restorecon -v /usr/local/bin/clamassassin restorecon -v /var/run/utmp Running 'fixfiles check' shows no errors. As of this moment, there are no new avc messages since going to Enforcing Mode. In terms of installs: 1. SA is the default Core install 2. Pyzor is pyzor.noarch from Extras 3. ClamAV is (from Extras): clamav-devel-0.88.2-1.fc5 clamav-server-0.88.2-1.fc5 clamav-lib-0.88.2-1.fc5 clamav-update-0.88.2-1.fc5 clamav-milter-0.88.2-1.fc5 clamav-exim-0.86.2-5.fc5 clamav-data-0.88.2-1.fc5 clamav-0.88.2-1.fc5 4. Razor is perl-Razor-Agent.i386 from Extras 5. DCC is installed from the tarball at: http://www.rhyolite.com/anti-spam/dcc/ 6. Clamassassin is installed from the tarball at: http://jameslick.com/clamassassin/ There are three cron jobs that run at night as well to update the remote tests: # Run DCC Update at 1 am 00 01 * * * root /var/dcc/libexec/updatedcc > /dev/null # Run pyzor update at 1:10 am 10 01 * * * root /usr/bin/pyzor discover > /dev/null # Run razor update at 1:20 am 20 01 * * * root /usr/bin/razor-admin -discover > /dev/null And there is an hourly cron ClamAV update: # Run ClamAV Update every hour 00 * * * * root freshclam --quiet I have root's e-mail (via postfix) coming to my local account using an alias in /etc/aliases and the 'mailbox-command' in /etc/postfix/main.cf is set to /usr/bin/procmail. The contents of /etc/mail/spamassassin/v310.pre were modified to enable razor and DCC. This involved uncommenting: loadplugin Mail::SpamAssassin::Plugin::Razor2 and loadplugin Mail::SpamAssassin::Plugin::DCC SA personal settings in ~/.spamassassin/user_prefs: rewrite_header Subject [***** SPAM (_SCORE_) *****] # Enable RBL Checks skip_rbl_checks 0 # Enable Bayesian filtering and learning use_bayes 1 use_bayes_rules 1 bayes_auto_learn 1 # Pyzor Settings use_pyzor 1 # Razor Scores to override system settings # Need to modify /etc/mail/spamassassin/v310pre use_razor2 1 score RAZOR2_CHECK 0.5 score RAZOR2_CF_RANGE_51_100 0.5 score RAZOR2_CF_RANGE_E4_51_100 1.5 score RAZOR2_CF_RANGE_E8_51_100 1.5 # DCC checks to override system settings # Need to modify /etc/mail/spamassassin/v310pre use_dcc 1 score DCC_CHECK 2.17 Finally, my ~/.procmailrc (without the test forwarding) is: # Scan for viruses using ClamAV # This sets: "X-Virus-Status: Yes" :0 fw | /usr/local/bin/clamassassin # Scan with SpamAssassin :0 fw # Use spamc with spamd daemon to save CPU # This sets: "X-Spam-Status: Yes" # Size setting only scans e-mails < 256k bytes | /usr/bin/spamc -s 256000 If there is anything else you need to know, let me know. As soon as I can confirm the use and hits on DCC, razor and pyzor I will follow up. Thanks! Marc Schwartz < A slow spam day? I can't believe that I am anxiously awaiting a solicitation for an ED drug... :-) > -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list