docker/docker-mail
1
0
Fork 0
Code Issues 4 Pull Requests Actions Projects Releases 6 Wiki Activity

amavis permissions error /var/spool/spamassassin #3

New Issue
Open
opened 2022-02-19 04:39:10 +00:00 by jon_nfc · 3 comments
jon_nfc commented 2022-02-19 04:39:10 +00:00 (Migrated from gitlab.com)
Copy Link

📝 Summary

to bypass a permissions error, folder /var/spool/spamassassin had to have its mask set to 777 so that amavis could do spam bayes checks.

even with mask 770 and amavis bieng part of group vmail, amavis still could not check the spam bayes.

Debug output

email header:

X-Spam-Status: No, score=-1 tagged_above=-999 required=6.31
	tests=[ALL_TRUSTED=-1] autolearn=unavailable autolearn_force=no

when autolearn=unavailable there is a file permission error on /var/spool/spamassassin

syslog error

Feb 19 01:41:47 test amavis[414]: (00414-01) _WARN: plugin: eval failed: bayes: (in learn) locker: safe_lock: cannot create tmp lockfile /var/spool/spamassassin/bayes.lock.test.nodomain.org.414 for /var/spool/spamassassin/bayes.lock: Permission denied

even when ensuring that amavis is part of vmail group and a file mask of 770 amavis still produces the above syslog error.

folder permissions


root@test:/# ls -la /var/spool/
total 36
drwxr-xr-x 1 root root  4096 Feb 19 01:33 .
drwxr-xr-x 1 root root  4096 Jan 25 00:00 ..
drwxr-xr-x 3 root root  4096 Feb 17 02:33 cron
lrwxrwxrwx 1 root root     7 Jan 25 00:00 mail -> ../mail
drwxr-xr-x 1 root root  4096 Feb 19 01:41 postfix
drwx------ 2 root root  4096 Feb 17  2021 rsyslog
drwxrwxrwx 2 root vmail 4096 Feb 19 01:46 spamassassin
root@test:/# 

root@test:/# ls -la /var/spool/spamassassin
total 656
drwxrwxrwx 2 root         vmail   4096 Feb 19 01:46 .
drwxr-xr-x 1 root         root    4096 Feb 19 01:33 ..
-rw-rw-rw- 1 debian-spamd vmail  90112 Feb 19 01:46 bayes_seen
-rw-rw-rw- 1 debian-spamd vmail 675840 Feb 19 01:46 bayes_toks
root@test:/#

🔗 Reference

  • discovered during work on !9

🚧 Tasks

  • figure out what the permissions should be without being world writable
## :memo: Summary to bypass a permissions error, folder `/var/spool/spamassassin` had to have its mask set to `777` so that amavis could do spam bayes checks. even with mask `770` and amavis bieng part of group vmail, amavis still could not check the spam bayes. ### Debug output email header: ```text X-Spam-Status: No, score=-1 tagged_above=-999 required=6.31 tests=[ALL_TRUSTED=-1] autolearn=unavailable autolearn_force=no ``` when `autolearn=unavailable` there is a file permission error on `/var/spool/spamassassin` syslog error ``` text Feb 19 01:41:47 test amavis[414]: (00414-01) _WARN: plugin: eval failed: bayes: (in learn) locker: safe_lock: cannot create tmp lockfile /var/spool/spamassassin/bayes.lock.test.nodomain.org.414 for /var/spool/spamassassin/bayes.lock: Permission denied ``` even when ensuring that amavis is part of `vmail` group and a file mask of `770` amavis still produces the above syslog error. folder permissions ``` bash root@test:/# ls -la /var/spool/ total 36 drwxr-xr-x 1 root root 4096 Feb 19 01:33 . drwxr-xr-x 1 root root 4096 Jan 25 00:00 .. drwxr-xr-x 3 root root 4096 Feb 17 02:33 cron lrwxrwxrwx 1 root root 7 Jan 25 00:00 mail -> ../mail drwxr-xr-x 1 root root 4096 Feb 19 01:41 postfix drwx------ 2 root root 4096 Feb 17 2021 rsyslog drwxrwxrwx 2 root vmail 4096 Feb 19 01:46 spamassassin root@test:/# root@test:/# ls -la /var/spool/spamassassin total 656 drwxrwxrwx 2 root vmail 4096 Feb 19 01:46 . drwxr-xr-x 1 root root 4096 Feb 19 01:33 .. -rw-rw-rw- 1 debian-spamd vmail 90112 Feb 19 01:46 bayes_seen -rw-rw-rw- 1 debian-spamd vmail 675840 Feb 19 01:46 bayes_toks root@test:/# ``` ### :link: Reference - discovered during work on !9 ### :construction: Tasks - [ ] figure out what the permissions should be without being world writable
jon_nfc commented 2022-02-19 04:40:18 +00:00 (Migrated from gitlab.com)
Copy Link

mentioned in merge request !9

mentioned in merge request !9
nfc_bot commented 2022-08-26 01:12:52 +00:00 (Migrated from gitlab.com)
Copy Link

mentioned in issue nofusscomputing/ops#55

mentioned in issue nofusscomputing/ops#55
nfc_bot commented 2022-09-26 00:31:13 +00:00 (Migrated from gitlab.com)
Copy Link

mentioned in issue nofusscomputing/ops#67

mentioned in issue nofusscomputing/ops#67
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
Bug
Used in discussion about a bug in comments or commits
CVE-2023-5764
Denotes items related to the CVE
CodeReview
Used in comments (issues/MR/commits) to denote code review related items
Documentation
Documentation items
Feature
Used in discussion about a Feature in comments or commits
Lint
Used in comments (issues/MR/commits) to denote lint tasks todo, done, fixed
Privacy
Used in comments (issues/MR/commits) to denote privacy related items
Security
Used in comments (issues/MR/commits) to denote Security related items
breaking-change
label used to denote that the issue/Merge Request does/will introduce a breaking change
bug::reproducable
Given to an issue when the bug has been confirmed as re-producable. Can also be used in comments and commits.
bug::unable to reproduce
Given to an issue when the bug that is not able to be reproduced. Can also be used in comments and commits.
code review::complete
code review::not started
code review::rejected
code review::underway
difficulty::Full Development
Level 3. Difficulty representing that the task to complete must be planned and created.
difficulty::Good First Issue
Level 1. Difficulty representing that the task is very simple and with limited knowledge can be completed.
difficulty::Prior Knowledge
Level 2. Difficulty representing that the task requires some prior knowledge of either the technology or the project for task completion.
documentation::complete
Issues, Merge Requests
documentation::no change required
Issues, Merge Requests and used to denote no documentation changes required
documentation::not started
Issues, Merge Requests
documentation::stalled
Issues, Merge Requests
documentation::underway
Issues, Merge Requests
impact::0
impact::1
impact::2
impact::3
impact::4
impact::5
ops::ansible-roles
OPS project tag
ops::automation
ops::gitlab-ci
OPS project tag
ops::marcas
OPS project tag
ops::python-gitlab-management
OPS project tag
ops::website
priority::0
priority::1
priority::2
priority::3
priority::4
priority::5
stage::Ready for Development
stage::develop
Stage for use in Issues and Merge Requests. Can also be used in discussion in comments and commits
stage::feedback required
stage::planning
Stage for use in Issues and Merge Requests. Can also be used in discussion in comments and commits
stage::test
Stage for use in Issues and Merge Requests. Can also be used in discussion in comments and commits
stale
Label given to issues/merge requests that are considered stale due to no collaboration and is a mark for closure.
triage
Tag given to issues/merge requests requiring triaging by the team.
triage::not_confidential
This tag is given by the triage bot so that URLs can be added to an issue/comment. A triage policy for NFC wide should remove this label.
type::CI / CD
type::automation
This type is used to denote an automation job
type::bug
Type for Issues and Merge Requests. Can also be used in discussion in comments and commits
type::compliance
type::discussion
Type for Issues. Can also be used in discussion in comments.
type::documentation
Type for Issues and Merge Requests. Can also be used in discussion in comments and commits
type::feature
type for Issues and Merge Requests. Can also be used in discussion in comments and commits
type::invalid
label given to tickets that require no action or are deem as invalid.
type::quality assurance
Type for Issues and Merge Requests. Can also be used in discussion in comments and commits
type::question
Type for Issues. Can also be used in discussion in comments.
type::security
Type for Issues and Merge Requests.
type::specification
Design specification
workflow::complete
Issues, Merge Requests
workflow::not ready
workflow::not ready::blocked
workflow::not started
Issues, Merge Requests
workflow::ready to commence
Issues, Merge Requests
workflow::stalled
Label given to issues/merge requests where no work has occured in x days iaw triage policy.
workflow::underway
Issues, Merge Requests
workflow::underway::develop
No Label
difficulty::Prior Knowledge
impact::1
priority::2
type::bug
Milestone
No items
No Milestone docker-mail - v0.1.0
Projects
Clear projects
No project
Assignees
Clear assignees
jon
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: docker/docker-mail#3
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?