You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Steeve McCauley <st...@oneguycoding.com> on 2009/06/04 17:29:36 UTC
spamc not defaulting to my user
I just spent the better part of the last month trying to figure
out why my baysian filtering was not working on a new mail server
setup. I noticed yesterday, after adding the following header,
add_header all Bayes bayes=_BAYES_ tokens=_TOKENSUMMARY_ new=_BAYESTC_ seen=_BAYESTCLEARNED_ spammy=_BAYESTCSPAMMY_ hammy=_BAYESTCHAMMY_
that tokens was always being set to "Bayes not run". But there
was no indication anywhere (that I could find) why it was not being
run. Most of the list traffic associated with this particular
problem seemed to be associated with people using mysql as their
data store, not something that I am doing. I had verified that
sa-learn was working properly and updating my database and that
the database version was good, and that I had enough of both ham
and spam in the database, etc.
spammassassin -D --lint all looked good when run from the command
line.
Today on a whim I decided to add -u <username> to the spamc
command line in my procmail filter and bayes started working.
This is how my daemon is running,
/openpkg/bin/spamd
--daemonize
--siteconfigpath=/openpkg/etc/spamassassin
--pidfile=/openpkg/var/spamassassin/spamassassin.pid
--syslog=/openpkg/var/spamassassin/spamassassin.log
--listen-ip=127.0.0.1
--port=783
-A 127.
--local
I discovered in the syslog the following difference before and
after the change,
Thu Jun 4 07:40:03 2009 [29789] info: spamd: setuid to openpkg-r succeeded
Thu Jun 4 08:15:02 2009 [29789] info: spamd: setuid to steeve succeeded
so it's now obvious that it was running as user openpkg-r, rather
than my user own user name, which is the user under which spamd is
running. Now the man page states that it is using the Effective UID
of the caller, which I had assumed was my user name.
-u username, --username=username
To have spamd use per-user-config files, run spamc as the user whose config files spamd should load; by default the effective
user-ID is sent to spamd. If you’re running spamc as some other user, though, (eg. root, mail, nobody, cyrus, etc.) then you may
use this flag to override the default.
spamc -h is a little less ambiguous,
-u, --username username
User for spamd to process this message under.
[default: current user]
The mystery for me is why spamd was doing setuid to it's own uid rather
than my uid, unless I forced it with the -u switch. I know that procmail
is not running as user openpkg-r which just adds to the mystery.
Any ideas?
--
Steeve McCauley steeve@oneguycoding.com
:wq http://oneguycoding.com
"I like a man who grins when he fights."
- Winston Churchill
Re: spamc not defaulting to my user
Posted by Karsten Bräckelmann <gu...@rudersport.de>.
On Thu, 2009-06-04 at 21:41 +0200, Karsten Bräckelmann wrote:
> On Thu, 2009-06-04 at 15:15 -0400, Steeve McCauley wrote:
> > Procmail is running as "steeve",
> >
> > Hello, I am steeve.
>
> Weird. :) Honestly, I quickly pulled LOGNAME out of the man page. I'm
> not entirely sure this really reflects the UID. I guess I'd alter that
Err, scratch that. It really should. :)
> > It woudl have been incredbily perplexing if procmail were running
> > as an openpkg user since it's not an openpkg package.
>
> But spamc is. Not that that really should matter, but there's a link.
> Any chance it's a setuid executable?
>
> Can you try to have a glimpse at the user spamc is running as, as called
> by procmail? That requires some fairly good timing. :) Or faking a
> spamd by using 'nc' and checking the User header...
So procmail is running as your user, but spamc isn't...
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: spamc not defaulting to my user
Posted by Steeve McCauley <st...@oneguycoding.com>.
On Thu, Jun 04, 2009 at 10:04:46PM +0200, Karsten Bräckelmann wrote:
> On Thu, 2009-06-04 at 15:54 -0400, Steeve McCauley wrote:
> > On Thu, Jun 04, 2009 at 09:41:48PM +0200, Karsten Bräckelmann wrote:
>
> > > > It woudl have been incredbily perplexing if procmail were running
> > > > as an openpkg user since it's not an openpkg package.
> > >
> > > But spamc is. Not that that really should matter, but there's a link.
> > > Any chance it's a setuid executable?
> >
> > That's it, mystery solved :)
>
> Yay!
>
> > [steeve@oneguycoding .procmail]$ ls -l /openpkg/bin/spamc
> > -rwsr-xr-x 1 openpkg-r openpkg 393128 Apr 23 12:27 /openpkg/bin/spamc
> >
> > Thanks for your help, I was pulling my hair out for a while
> > on this one.
>
> No problem. :) And please blame your packager, this is not default. ;)
Done.
--
Steeve McCauley steeve@oneguycoding.com
:wq http://oneguycoding.com
A gift of flower will soon be made to you.
Re: spamc not defaulting to my user
Posted by Karsten Bräckelmann <gu...@rudersport.de>.
On Thu, 2009-06-04 at 15:54 -0400, Steeve McCauley wrote:
> On Thu, Jun 04, 2009 at 09:41:48PM +0200, Karsten Bräckelmann wrote:
> > > It woudl have been incredbily perplexing if procmail were running
> > > as an openpkg user since it's not an openpkg package.
> >
> > But spamc is. Not that that really should matter, but there's a link.
> > Any chance it's a setuid executable?
>
> That's it, mystery solved :)
Yay!
> [steeve@oneguycoding .procmail]$ ls -l /openpkg/bin/spamc
> -rwsr-xr-x 1 openpkg-r openpkg 393128 Apr 23 12:27 /openpkg/bin/spamc
>
> Thanks for your help, I was pulling my hair out for a while
> on this one.
No problem. :) And please blame your packager, this is not default. ;)
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: spamc not defaulting to my user
Posted by Steeve McCauley <st...@oneguycoding.com>.
On Thu, Jun 04, 2009 at 09:41:48PM +0200, Karsten Bräckelmann wrote:
> > > > Any ideas?
> > >
> > > Just to verify, try adding something like this to your procmailrc, right
> > > before the recipe that filters through spamc. Then check the log. (Note,
> > > linebreak intended.)
> > >
> > > LOG = "Hello, I am ${LOGNAME}.
> > > "
> >
> > Procmail is running as "steeve",
> >
> > Hello, I am steeve.
>
> Weird. :) Honestly, I quickly pulled LOGNAME out of the man page. I'm
> not entirely sure this really reflects the UID. I guess I'd alter that
> debugging log line, to dump some other information, to track this down.
>
> BTW, is this a site-wide procmailrc or a user one? Did you DROPPRIVS
> before that, in case of site-wide?
It's my user .procmailrc.
>
> > >From MedicalHairRestorationvsk@hairproonline.com Thu Jun 4 14:05:08 2009
> > Subject: [SPAM 4.6] RE: Hair news : Free DVD
> > Folder: /var/mail/steeve 341674
> >
> > It woudl have been incredbily perplexing if procmail were running
> > as an openpkg user since it's not an openpkg package.
>
> But spamc is. Not that that really should matter, but there's a link.
> Any chance it's a setuid executable?
That's it, mystery solved :)
[steeve@oneguycoding .procmail]$ ls -l /openpkg/bin/spamc
-rwsr-xr-x 1 openpkg-r openpkg 393128 Apr 23 12:27 /openpkg/bin/spamc
Thanks for your help, I was pulling my hair out for a while
on this one.
Cheers,
steeve
--
Steeve McCauley steeve@oneguycoding.com
:wq http://oneguycoding.com
What this country needs is a good five cent microcomputer.
Re: spamc not defaulting to my user
Posted by Karsten Bräckelmann <gu...@rudersport.de>.
On Thu, 2009-06-04 at 15:15 -0400, Steeve McCauley wrote:
> On Thu, Jun 04, 2009 at 06:28:18PM +0200, Karsten Bräckelmann wrote:
> > > Today on a whim I decided to add -u <username> to the spamc
> > > command line in my procmail filter and bayes started working.
> >
> > > I discovered in the syslog the following difference before and
> > > after the change,
> > >
> > > Thu Jun 4 07:40:03 2009 [29789] info: spamd: setuid to openpkg-r succeeded
> > > Thu Jun 4 08:15:02 2009 [29789] info: spamd: setuid to steeve succeeded
> > >
> > > so it's now obvious that it was running as user openpkg-r, rather
> > > than my user own user name, which is the user under which spamd is
> >
> > I believe this is wrong. spamd appears to be running as root. Otherwise,
> > it would not have setuid'ed to the user in the first place.
>
> spamd is running as root, but it does a setuid to openpkg-r
> when recieving from spamc, unless I use -u steeve.
Yep, spamd will setuid to the user it scans the mail for, as told by
spamc.
The -u option is just a way to override it. By default, spamc tells
spamd which user it (that is spamc) is running as. So I still believe
spamc at that point does not run as your user, for some reason.
> > > The mystery for me is why spamd was doing setuid to it's own uid rather
> > > than my uid, unless I forced it with the -u switch. I know that procmail
> > > is not running as user openpkg-r which just adds to the mystery.
> >
> > My guess is, this assumption is wrong. :) At least at the point in the
> > procmail recipe where spamc is being called, procmail appears to run as
> > the openpkg-r user.
> >
> > spamc tells the user it is running as by default.
> >
> >
> > > Any ideas?
> >
> > Just to verify, try adding something like this to your procmailrc, right
> > before the recipe that filters through spamc. Then check the log. (Note,
> > linebreak intended.)
> >
> > LOG = "Hello, I am ${LOGNAME}.
> > "
>
> Procmail is running as "steeve",
>
> Hello, I am steeve.
Weird. :) Honestly, I quickly pulled LOGNAME out of the man page. I'm
not entirely sure this really reflects the UID. I guess I'd alter that
debugging log line, to dump some other information, to track this down.
BTW, is this a site-wide procmailrc or a user one? Did you DROPPRIVS
before that, in case of site-wide?
> >From MedicalHairRestorationvsk@hairproonline.com Thu Jun 4 14:05:08 2009
> Subject: [SPAM 4.6] RE: Hair news : Free DVD
> Folder: /var/mail/steeve 341674
>
> It woudl have been incredbily perplexing if procmail were running
> as an openpkg user since it's not an openpkg package.
But spamc is. Not that that really should matter, but there's a link.
Any chance it's a setuid executable?
Can you try to have a glimpse at the user spamc is running as, as called
by procmail? That requires some fairly good timing. :) Or faking a
spamd by using 'nc' and checking the User header...
> Something is weird here between spamc and spamd.
>
> Thanks for the reply,
guenther
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: spamc not defaulting to my user
Posted by Steeve McCauley <st...@oneguycoding.com>.
On Thu, Jun 04, 2009 at 06:28:18PM +0200, Karsten Bräckelmann wrote:
> On Thu, 2009-06-04 at 11:29 -0400, Steeve McCauley wrote:
> > I just spent the better part of the last month trying to figure
> > out why my baysian filtering was not working on a new mail server
> > setup. [...]
>
> > Today on a whim I decided to add -u <username> to the spamc
> > command line in my procmail filter and bayes started working.
>
> > I discovered in the syslog the following difference before and
> > after the change,
> >
> > Thu Jun 4 07:40:03 2009 [29789] info: spamd: setuid to openpkg-r succeeded
> > Thu Jun 4 08:15:02 2009 [29789] info: spamd: setuid to steeve succeeded
> >
> > so it's now obvious that it was running as user openpkg-r, rather
> > than my user own user name, which is the user under which spamd is
>
> I believe this is wrong. spamd appears to be running as root. Otherwise,
> it would not have setuid'ed to the user in the first place.
spamd is running as root, but it does a setuid to openpkg-r
when recieving from spamc, unless I use -u steeve.
> > of the caller, which I had assumed was my user name.
>
> > spamc -h is a little less ambiguous,
> >
> > -u, --username username
> > User for spamd to process this message under.
> > [default: current user]
> >
> > The mystery for me is why spamd was doing setuid to it's own uid rather
> > than my uid, unless I forced it with the -u switch. I know that procmail
> > is not running as user openpkg-r which just adds to the mystery.
>
> My guess is, this assumption is wrong. :) At least at the point in the
> procmail recipe where spamc is being called, procmail appears to run as
> the openpkg-r user.
>
> spamc tells the user it is running as by default.
>
>
> > Any ideas?
>
> Just to verify, try adding something like this to your procmailrc, right
> before the recipe that filters through spamc. Then check the log. (Note,
> linebreak intended.)
>
> LOG = "Hello, I am ${LOGNAME}.
> "
Procmail is running as "steeve",
Hello, I am steeve.
>From MedicalHairRestorationvsk@hairproonline.com Thu Jun 4 14:05:08 2009
Subject: [SPAM 4.6] RE: Hair news : Free DVD
Folder: /var/mail/steeve 341674
It woudl have been incredbily perplexing if procmail were running
as an openpkg user since it's not an openpkg package.
Something is weird here between spamc and spamd.
Thanks for the reply,
steeve
--
Steeve McCauley steeve@oneguycoding.com
:wq http://oneguycoding.com
The mistake you make is in trying to figure it out.
- Tenessee Williams
Re: spamc not defaulting to my user
Posted by Karsten Bräckelmann <gu...@rudersport.de>.
On Thu, 2009-06-04 at 11:29 -0400, Steeve McCauley wrote:
> I just spent the better part of the last month trying to figure
> out why my baysian filtering was not working on a new mail server
> setup. [...]
> Today on a whim I decided to add -u <username> to the spamc
> command line in my procmail filter and bayes started working.
> I discovered in the syslog the following difference before and
> after the change,
>
> Thu Jun 4 07:40:03 2009 [29789] info: spamd: setuid to openpkg-r succeeded
> Thu Jun 4 08:15:02 2009 [29789] info: spamd: setuid to steeve succeeded
>
> so it's now obvious that it was running as user openpkg-r, rather
> than my user own user name, which is the user under which spamd is
I believe this is wrong. spamd appears to be running as root. Otherwise,
it would not have setuid'ed to the user in the first place.
> running. Now the man page states that it is using the Effective UID
> of the caller, which I had assumed was my user name.
> spamc -h is a little less ambiguous,
>
> -u, --username username
> User for spamd to process this message under.
> [default: current user]
>
> The mystery for me is why spamd was doing setuid to it's own uid rather
> than my uid, unless I forced it with the -u switch. I know that procmail
> is not running as user openpkg-r which just adds to the mystery.
My guess is, this assumption is wrong. :) At least at the point in the
procmail recipe where spamc is being called, procmail appears to run as
the openpkg-r user.
spamc tells the user it is running as by default.
> Any ideas?
Just to verify, try adding something like this to your procmailrc, right
before the recipe that filters through spamc. Then check the log. (Note,
linebreak intended.)
LOG = "Hello, I am ${LOGNAME}.
"
If the spamc filter is part of the system-wide procmailrc, the fix
probably is to have DROPPRIVS before the filter, so it will be run on
behalf of the recipient. See man procmailrc. You shouldn't need the -u
switch after that.
guenther
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}