From 7ca54a2bfb12179ffbd8d0c00f44efee7d0e5a4e Mon Sep 17 00:00:00 2001
From: Joshua Tauberer <jt@occams.info>
Date: Sun, 12 Oct 2014 16:11:08 +0000
Subject: [PATCH] give dovecot antispam plugin's sa-learn-pipe script
 permission to write to the bayes files

see #231, #201, b26abc947e8d39d457f6ce098544aa1692de9a56.
---
 setup/spamassassin.sh | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/setup/spamassassin.sh b/setup/spamassassin.sh
index 8c60008e..1bef15d0 100755
--- a/setup/spamassassin.sh
+++ b/setup/spamassassin.sh
@@ -56,12 +56,28 @@ plugin {
 }
 EOF
 
-# Tell spamassassin where to load and store site-wide bayesean filtering data.
+# Configure site-wide bayesean learning. These files must be:
+#
+# * Writable by the sa-learn-pipe script which run as the 'mail' user, for manual tagging of mail as spam/ham.
+# * Readable by the spampd process ('spampd' user) during mail filtering.
+# * Writable by the debian-spamd user, which runs /etc/cron.daily/spamassassin.
+#
+# We'll have these files owned by spampd and grant access to the other two processes.
 
+# Create the storage space owned by spampd.
 mkdir -p $STORAGE_ROOT/mail/spamassassin
 chown -R spampd:spampd $STORAGE_ROOT/mail/spamassassin
 chmod -R 775 $STORAGE_ROOT/mail/spamassassin
 
+# Create empty bayes training data (if it doesn't exist) owned by spampd.
+sudo -u spampd /usr/bin/sa-learn --sync 2>/dev/null
+
+# Have dovecot execute the antispam script (and other mail processes) in the spampd group
+# (as a supplementary group) so that it can read/write these files.
+tools/editconf.py /etc/dovecot/conf.d/10-mail.conf \
+	mail_access_groups=spampd
+
+# Tell spamassassin where the file is.
 tools/editconf.py /etc/spamassassin/local.cf -s \
 	bayes_path=$STORAGE_ROOT/mail/spamassassin/bayes