You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Yves Goergen <no...@unclassified.de> on 2008/04/04 20:46:02 UTC
auto-whitelist: open of auto-whitelist file failed
Hello,
I have upgraded SpamAssassin from 3.1.8 to 3.2.4 today. First I got
errors about a "nonexistent" path all the time. Then I added the path to
the auto_whitelist directory in local.cf. Now I get this error message
every few seconds:
Apr 4 20:01:36 mond spamd[14283]: auto-whitelist: open of
auto-whitelist file failed: locker: safe_lock: cannot create lockfile
/root/.spamassassin/auto-whitelist.mutex: Permission denied
This time, I couldn't find a solution on the web. Here's the directory
listing:
20:35 root@mond ~/.spamassassin > ls -al
total 516
drwx------ 2 root root 4096 Apr 4 16:35 ./
drwxr-xr-x 14 root root 4096 Apr 4 19:03 ../
-rw------- 1 root root 12288 Apr 4 16:42 auto-whitelist
-rw------- 1 root root 6 Apr 4 19:03 auto-whitelist.mutex
-rw------- 1 root root 350 Apr 4 17:42 bayes.mutex
-rw------- 1 root root 24576 Apr 4 17:42 bayes_seen
-rw------- 1 root root 647168 Apr 4 17:42 bayes_toks
What's the problem? Before the upgrade, I removed all traces from SA on
the system (locate & rm -rf). It was previously installed through CPAN.
But I don't think that CPAN is that "comprehensive" at all and decided
not to use it again where I can. This SA was installed from the tarball.
The /root/.spamassassin directory was created automatically then.
So if it doesn't work out of the box, what can I do next?
--
Yves Goergen "LonelyPixel" <no...@unclassified.de>
Visit my web laboratory at http://beta.unclassified.de
Re: auto-whitelist: open of auto-whitelist file failed
Posted by Yves Goergen <no...@unclassified.de>.
> On 06.04.2008 03:26 CE(S)T, Matt Kettler wrote:
>> The "new fangled" way would be to use spamc for learning instead of
>> sa-learn.
And yes, it's a lot faster I believe.
--
Yves Goergen "LonelyPixel" <no...@unclassified.de>
Visit my web laboratory at http://beta.unclassified.de
Re: auto-whitelist: open of auto-whitelist file failed
Posted by Yves Goergen <no...@unclassified.de>.
On 06.04.2008 03:26 CE(S)T, Matt Kettler wrote:
> Yves Goergen wrote:
>>> Just remember to su to that user when running sa-learn.
>> This is getting a problem now! My spamd user has no access on the
>> mailbox directories from which I am usually learning. What's the
>> proposed solution for that?
> The "new fangled" way would be to use spamc for learning instead of
> sa-learn.
>
> If you start spamd with the --allow-tell parameter, you can the use
> spamc -L ham, spamc -L spam or spamc -L forget on the message, and it
> will pass it to spamd for learning.
Thank you again for that. It works almost perfectly. spamc is supposed
to return a value of 5 or 6 when it's done, but it always returns 0
(says my script). But I can also live with the message spamc prints out,
reading that it was successful or the message was already known.
--
Yves Goergen "LonelyPixel" <no...@unclassified.de>
Visit my web laboratory at http://beta.unclassified.de
Re: auto-whitelist: open of auto-whitelist file failed
Posted by Matt Kettler <mk...@verizon.net>.
Yves Goergen wrote:
>
>> Just remember to su to that user when running sa-learn.
>
> This is getting a problem now! My spamd user has no access on the
> mailbox directories from which I am usually learning. What's the
> proposed solution for that?
Well, there's a couple of ways to deal with that..
The "new fangled" way would be to use spamc for learning instead of
sa-learn.
If you start spamd with the --allow-tell parameter, you can the use
spamc -L ham, spamc -L spam or spamc -L forget on the message, and it
will pass it to spamd for learning.
This way you guarantee that the learning runs as the same user you scan
as. It's also very slightly faster as you don't have to load a perl
interpreter instance.
Other ways would be:
Make use of groups to grant the user spamd runs as rights to the
mailboxes. If all the mailboxes have the same group ownership, or you
can create a group and set them all to it, then just add that to spamd
user as a supplemental group.
You could also make use of a root cronjob to copy/chown the files
somewhere that your learner can get to them.
Both of those last approaches have some limitations and won't work in
all situations, hence I'd suggest the spamc -L method.. However, I do
caveat that it's a somewhat new feature and I personally have never
tested it, but several others do use it.
Re: auto-whitelist: open of auto-whitelist file failed
Posted by Yves Goergen <no...@unclassified.de>.
On 05.04.2008 01:18 CE(S)T, Matt Kettler wrote:
> Spamd will never be able to access anything in /root/. 3.1.8 shouldn't
> have been able to do so any more than 3.2.4 could, but that might have
> been a bug..
Must have been a bug, yes.
> If you're always scanning mail as one user, you can create a
> non-privileged user account and pass that after the -u parameter to
> either spamd (ie: in your startup script) or to spamc (ie: in your
> scan-time calls).
Okay, that works. I've created a new user+group with its own home
directory, moved the .spamassassin directory from /root into there,
chown'ed it and then started spamd again.
> Just remember to su to that user when running sa-learn.
This is getting a problem now! My spamd user has no access on the
mailbox directories from which I am usually learning. What's the
proposed solution for that?
>> What's the problem? Before the upgrade, I removed all traces from SA
>> on the system (locate & rm -rf).
> That was probably unnecessary.. SA will blow itself away if it's already
> present when you go to install it. The only time you run into trouble is
> if you change the PREFIX, and end up with one installed in /usr/ and the
> other in /usr/local.
Switching from CPAN to the tarball, I wasn't sure if this would change.
--
Yves Goergen "LonelyPixel" <no...@unclassified.de>
Visit my web laboratory at http://beta.unclassified.de
Re: auto-whitelist: open of auto-whitelist file failed
Posted by Matt Kettler <mk...@verizon.net>.
Yves Goergen wrote:
> Hello,
>
> I have upgraded SpamAssassin from 3.1.8 to 3.2.4 today. First I got
> errors about a "nonexistent" path all the time. Then I added the path
> to the auto_whitelist directory in local.cf. Now I get this error
> message every few seconds:
>
> Apr 4 20:01:36 mond spamd[14283]: auto-whitelist: open of
> auto-whitelist file failed: locker: safe_lock: cannot create lockfile
> /root/.spamassassin/auto-whitelist.mutex: Permission denied
Spamd will never be able to access anything in /root/. 3.1.8 shouldn't
have been able to do so any more than 3.2.4 could, but that might have
been a bug..
If spamd finds itself running as root when it's time to scan mail, it
will setuid itself to nobody for security.
If you're always scanning mail as one user, you can create a
non-privileged user account and pass that after the -u parameter to
either spamd (ie: in your startup script) or to spamc (ie: in your
scan-time calls).
Just remember to su to that user when running sa-learn.
>
> This time, I couldn't find a solution on the web. Here's the directory
> listing:
>
> 20:35 root@mond ~/.spamassassin > ls -al
> total 516
> drwx------ 2 root root 4096 Apr 4 16:35 ./
> drwxr-xr-x 14 root root 4096 Apr 4 19:03 ../
> -rw------- 1 root root 12288 Apr 4 16:42 auto-whitelist
> -rw------- 1 root root 6 Apr 4 19:03 auto-whitelist.mutex
> -rw------- 1 root root 350 Apr 4 17:42 bayes.mutex
> -rw------- 1 root root 24576 Apr 4 17:42 bayes_seen
> -rw------- 1 root root 647168 Apr 4 17:42 bayes_toks
>
> What's the problem? Before the upgrade, I removed all traces from SA
> on the system (locate & rm -rf).
That was probably unnecessary.. SA will blow itself away if it's already
present when you go to install it. The only time you run into trouble is
if you change the PREFIX, and end up with one installed in /usr/ and the
other in /usr/local.
> It was previously installed through CPAN. But I don't think that CPAN
> is that "comprehensive" at all and decided not to use it again where I
> can. This SA was installed from the tarball. The /root/.spamassassin
> directory was created automatically then.
>
> So if it doesn't work out of the box, what can I do next?
Don't use root with spamd :)