You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Steve Bergman <sb...@gmail.com> on 2014/07/02 20:47:55 UTC
Pyzor with aliases.
I've been watching today, and have pretty much confirmed that if you use
Pyzor with spamass-milter, and have it run as the recipient user, you do
need to include a "pyzor --homedir /whateverdir/" in local.cf. Otherwise
you will get mysterious, and unlogged crashes, with unfindable
backtraces, from pyzor, which let the email through to the recipient,
but also result in an embarrassing bounce message back to the sender.
Many here may already know all this. But I wanted to have it all here,
succinctly, for new folks facing the same issues that I was earlier this
week.
-Steve Bergman
Re: Pyzor with aliases.
Posted by Steve Bergman <sb...@gmail.com>.
On 07/03/2014 03:52 AM, Axb wrote:
> and for spamd it only applies IF you don't want to place the Pyzor
> config in ~/.pyzor in the spamd's user homedir.
Actually, it's placing the Pyzor config in a single known directory
which I can easily monitor the permissions on. SA does the spam
checking, but punts on integration with anything else. spamass-milter
calls spamc as the recipient user (or passes a spamc option to do the same).
I don't see any need to have pyzor servers files be "per user".
Re: Pyzor with aliases.
Posted by Axb <ax...@gmail.com>.
On 07/03/2014 09:31 AM, Matus UHLAR - fantomas wrote:
> On 02.07.14 13:47, Steve Bergman wrote:
>> I've been watching today, and have pretty much confirmed that if you
>> use Pyzor with spamass-milter, and have it run as the recipient user,
>> you do need to include a "pyzor --homedir /whateverdir/" in local.cf.
>
> pardon me, but spamass-milter uses spamc, so pyzor is called from spamd.
> That means, the above should apply for spamd, not spamass-milter.
>
and for spamd it only applies IF you don't want to place the Pyzor
config in ~/.pyzor in the spamd's user homedir.
Re: Pyzor with aliases.
Posted by Steve Bergman <sb...@gmail.com>.
On 07/04/2014 11:21 AM, Matus UHLAR - fantomas wrote:
> there is no reason why sa-milter should know about users - it would require
> adding new useless code to it. Especially not when there is no local user,
> which is something spamd must take care about, so there's no need to
> duplicate this job in sa-milter.
> are you going to blame spamassassin people for not creating milter
> interface, so you can't blame them for bugs that still do not belong to the
> milter interface, but they can easily be fixed in spamd that already has a
> bug report about that?
> you are free to create your own version of sa-milter that would do an
> username expansion, or patch existing sa-milter to do that (bug it still
> would not solve the issue in spamd).
> you are free to work around spamd issue by specifying pyzor config
> globally. But don't blame sa-milter when you refuse to understand the
> nature of the
> issue.
>
> I gave you description of the real problem and pointed to a place where it
> could be fixed easily.
> I really don't want to explain it to you again...
The basic nature of the issue is not in a specific bug report noted
here. It's an issue of "Frankenstein Frameworks".
Now, I'm a Unix guy from the 1980s. And there is something to be said
about simple tools which do one thing and do it well. Which I've always
had relative success in using to build up into my own Frankenstein
Frameworks.
I'm honestly not sure who to blame here, or even who I'd like to blame.
I guess that makes me a bit non-partisan.
I'd like to be able to apt-get or yum a meta-package that pulls in
enough packages and "glue" to create a mail server, with spam control,
which doesn't have too many embarrassing bugs. So now I'm pointing at
the distro maintainers, too.
If I stayed in this environment, I suspect that I would end up a raving
lunatic. I appreciate that some other people here are more...
emotionally resilient. LOL.
-Steve Bergman
Re: Pyzor with aliases.
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
>On 07/04/2014 07:02 AM, Matus UHLAR - fantomas wrote:
>>I have read the man page multiple times. spamass-milter passes the local
>>part of mail recipient to spamd, which is not necessarily a username.
>>
>>spamass-milter even can call "sendmail -bv" to get the user, but it still
>>may not be local user.
On 04.07.14 11:00, Steve Bergman wrote:
>If it can't get a proper local user, it's supposed to fall back to
>the user explicitly specified as an argument to the -u option. It's
>not like the system's /etc/passwd file is root 0600 or anything.
>spamass-milter can know all about the local users.
there is no reason why sa-milter should know about users - it would require
adding new useless code to it. Especially not when there is no local user,
which is something spamd must take care about, so there's no need to
duplicate this job in sa-milter.
>Then again, if the SA project had an official milter interface then
>there might be less room for finger pointing.
are you going to blame spamassassin people for not creating milter
interface, so you can't blame them for bugs that still do not belong to the
milter interface, but they can easily be fixed in spamd that already has a
bug report about that?
you are free to create your own version of sa-milter that would do an
username expansion, or patch existing sa-milter to do that (bug it still
would not solve the issue in spamd).
>At any rate, specifying an explicit pyzor homedir in SA's local.cf
>seems to steer one clear of problems. It's not like we need a zillion
>"servers" files when one will do.
you are free to work around spamd issue by specifying pyzor config globally.
But don't blame sa-milter when you refuse to understand the nature of the
issue.
I gave you description of the real problem and pointed to a place where it
could be fixed easily.
I really don't want to explain it to you again...
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Windows 2000: 640 MB ought to be enough for anybody
Re: Pyzor with aliases.
Posted by Steve Bergman <sb...@gmail.com>.
On 07/04/2014 07:02 AM, Matus UHLAR - fantomas wrote:
> I have read the man page multiple times. spamass-milter passes the local
> part of mail recipient to spamd, which is not necessarily a username.
>
> spamass-milter even can call "sendmail -bv" to get the user, but it still
> may not be local user.
If it can't get a proper local user, it's supposed to fall back to the
user explicitly specified as an argument to the -u option. It's not like
the system's /etc/passwd file is root 0600 or anything. spamass-milter
can know all about the local users.
Then again, if the SA project had an official milter interface then
there might be less room for finger pointing.
At any rate, specifying an explicit pyzor homedir in SA's local.cf seems
to steer one clear of problems. It's not like we need a zillion
"servers" files when one will do.
-Steve
Re: Pyzor with aliases.
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
>On 07/04/2014 05:27 AM, Matus UHLAR - fantomas wrote:
>> I repeat: spamass-milter does not (and can not) know about local users.
On 04.07.14 06:30, Steve Bergman wrote:
>SPAMASS_MILTER(8)
I have read the man page multiple times. spamass-milter passes the local
part of mail recipient to spamd, which is not necessarily a username.
spamass-milter even can call "sendmail -bv" to get the user, but it still
may not be local user.
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
It's now safe to throw off your computer.
Re: Pyzor with aliases.
Posted by Steve Bergman <sb...@gmail.com>.
On 07/04/2014 05:27 AM, Matus UHLAR - fantomas wrote:
> I repeat: spamass-milter does not (and can not) know about local users.
SPAMASS_MILTER(8)
-u defaultuser
Pass the username part of the first recipient to spamc with the
-u flag. This allows user preferences files to be used. If the
message is addressed to multiple recipients, the username
defaultuser is passed instead.
Note that spamass-milter does not know whether an email is incom‐
ing or outgoing, so a message from ⟨user1@localdomain.com⟩ to
⟨user2@yahoo.com⟩ will make spamass-milter pass -u user2 to
spamc.
-Steve
Re: Pyzor with aliases.
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
>>>https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6995
>On 07/03/2014 09:38 AM, Matus UHLAR - fantomas wrote:
>>I see you are next person (after me) who encountered this issue. Maybe you
>>could comment (or at least +1) the bug.
On 03.07.14 09:57, Steve Bergman wrote:
>What do you think would happen if I didn't use -u with spamass-milter?
spamass-milter would apparently not pass usernames to spamd and use the user
it's running under
I'm guessing, the man page is not clear enough...
>I'm fine with +1'ing the the bug report, once I understand what was
>going on. I think that one of the issues we're dealing with here is
>the common open-source one of "Frankenstein Framework". Bug "A" in
>spamass-milter triggers Bug "B" in SA.
There's no bug "A" in spamass-milter here.
I repeat: spamass-milter does not (and can not) know about local users.
spamass-milter passes recipient's username (or specified default for
multiple recipients) to spamd. If the recipient does not locally exist (it's
an alias), it's not spamass-milter to check.
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"One World. One Web. One Program." - Microsoft promotional advertisement
"Ein Volk, ein Reich, ein Fuhrer!" - Adolf Hitler
Re: Pyzor with aliases.
Posted by Steve Bergman <sb...@gmail.com>.
On 07/03/2014 09:38 AM, Matus UHLAR - fantomas wrote:
> On 03.07.14 09:28, Steve Bergman wrote:
>> https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6995
>
>> On 07/03/2014 09:17 AM, Matus UHLAR - fantomas wrote:
>>
>>> I have explained my position in the bug, link to which you removed.
>>
>> Yes. I saw that you did.
>
> then you should understand why I do not agree what you said in your
> previous
> mail - it's a spamd issue and spamass-milter has (and should have) nothing
> with it...
>
> I see you are next person (after me) who encountered this issue. Maybe you
> could comment (or at least +1) the bug.
What do you think would happen if I didn't use -u with spamass-milter?
I'm fine with +1'ing the the bug report, once I understand what was
going on. I think that one of the issues we're dealing with here is the
common open-source one of "Frankenstein Framework". Bug "A" in
spamass-milter triggers Bug "B" in SA.
Although Bug "B" in SA might be triggered in other ways.
Am I getting anywhere close to your position now?
-Steve
Re: Pyzor with aliases.
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
On 03.07.14 09:28, Steve Bergman wrote:
>https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6995
>On 07/03/2014 09:17 AM, Matus UHLAR - fantomas wrote:
>
>>I have explained my position in the bug, link to which you removed.
>
>Yes. I saw that you did.
then you should understand why I do not agree what you said in your previous
mail - it's a spamd issue and spamass-milter has (and should have) nothing
with it...
I see you are next person (after me) who encountered this issue. Maybe you
could comment (or at least +1) the bug.
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Due to unexpected conditions Windows 2000 will be released
in first quarter of year 1901
Re: Pyzor with aliases.
Posted by Steve Bergman <sb...@gmail.com>.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6995
On 07/03/2014 09:17 AM, Matus UHLAR - fantomas wrote:
> I have explained my position in the bug, link to which you removed.
Yes. I saw that you did.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6995
I try to trim my posts for clarity. But I don't always get it right.
-Steve
Re: Pyzor with aliases.
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
>On 07/03/2014 07:53 AM, Matus UHLAR - fantomas wrote:
>>Aha, this seems to be spamd fallback to 'nobody' user, usually with homedir
>>/nonexistent. spamc and spamass-milter have nothing to do with it.
>>I have modified my spamd to use different user as fallback.
On 03.07.14 08:43, Steve Bergman wrote:
>/nonexistent rings a bell. I can see where this might be a sort of
>"comedy of errors". spamd "should" have a sane fallback behavior. But
>when spamass-milter gets a mail to an alias, it's supposed to either
>su itself to a the default user I specify with -u, or send that along
>as options to spamc.
>
>If there's not a bug in spamass-milter, I shouldn't have been
>triggering a bug in SA.
I have explained my position in the bug, link to which you removed.
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
WinError #98652: Operation completed successfully.
Re: Pyzor with aliases.
Posted by Steve Bergman <sb...@gmail.com>.
On 07/03/2014 07:53 AM, Matus UHLAR - fantomas wrote:
> Aha, this seems to be spamd fallback to 'nobody' user, usually with homedir
> /nonexistent. spamc and spamass-milter have nothing to do with it.
> I have modified my spamd to use different user as fallback.
/nonexistent rings a bell. I can see where this might be a sort of
"comedy of errors". spamd "should" have a sane fallback behavior. But
when spamass-milter gets a mail to an alias, it's supposed to either su
itself to a the default user I specify with -u, or send that along as
options to spamc.
If there's not a bug in spamass-milter, I shouldn't have been triggering
a bug in SA.
-Steve
Re: Pyzor with aliases.
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
>On 07/03/2014 02:31 AM, Matus UHLAR - fantomas wrote:
>>pardon me, but spamass-milter uses spamc, so pyzor is called from spamd.
>>That means, the above should apply for spamd, not spamass-milter.
On 03.07.14 07:26, Steve Bergman wrote:
>The issue seems to be spamc (and thus pyzor) running as the recipient
>user, when the message is actually to a postfix alias. It's supposed
>to be running as a fallback user in this case, whose servers file has
>666 permissions. But strace shows it getting a "permission denied"
>error. Go figure.
Aha, this seems to be spamd fallback to 'nobody' user, usually with homedir
/nonexistent. spamc and spamass-milter have nothing to do with it.
I have modified my spamd to use different user as fallback.
check out the issue I have filled some time ago:
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6995
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Christian Science Programming: "Let God Debug It!".
Re: Pyzor with aliases.
Posted by Steve Bergman <sb...@gmail.com>.
On 07/03/2014 02:31 AM, Matus UHLAR - fantomas wrote:
> pardon me, but spamass-milter uses spamc, so pyzor is called from spamd.
> That means, the above should apply for spamd, not spamass-milter.
The issue seems to be spamc (and thus pyzor) running as the recipient
user, when the message is actually to a postfix alias. It's supposed to
be running as a fallback user in this case, whose servers file has 666
permissions. But strace shows it getting a "permission denied" error. Go
figure.
Anyway, I've had about enough of dealing with SA/SAM flakiness. It's
working now, more or less. And so I'm leaving this stack the way it is.
And I'll probably be outsourcing for a spam control stack that really
works stably, reliably, and well.
-Steve
Re: Pyzor with aliases.
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
On 02.07.14 13:47, Steve Bergman wrote:
>I've been watching today, and have pretty much confirmed that if you
>use Pyzor with spamass-milter, and have it run as the recipient user,
>you do need to include a "pyzor --homedir /whateverdir/" in local.cf.
pardon me, but spamass-milter uses spamc, so pyzor is called from spamd.
That means, the above should apply for spamd, not spamass-milter.
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
2B|!2B, that's a question!