[Dovecot] DSpam plugin
I'm trying to set up Johannes's DSpam plugin for dovecot. I've compiled rc2 and the plugin, and have things installed OK. I have a X-DSPAM-Signature in my message that is delivered to Inbox. Whenever I try to move this to my spam folder (I changed source to say 'Spam' instead of 'SPAM'), my client (Thunderbird) pops up 'The current command did not succeed. The mail server responded: dspam failed.'
I've set '#define DEBUG 1' in the plugin and see this in my 'messages' log. Sep 20 09:39:03 ltsp imap: /usr/local/bin/dspam --source=error --stdout --class=spam --signature=45113fe931161804284693 '/usr/local/bin/dspam' is the location of my dspam binary.
Occasionally, though not every time I move a message, I see this in my 'messages' log. Sep 20 09:38:34 ltsp kernel: imap[3656]: segfault at 0000000000102490 rip 00002aaaaaafc589 rsp 00007fffabda5400 error 4 Sep 20 09:38:34 ltsp kernel: imap[3653]: segfault at 0000000000102490 rip 00002aaaaaafc589 rsp 00007fff31e814e0 error 4"
I also see this, though the login is successful: Sep 20 09:43:44 ltsp dovecot-auth: pam_ldap: could not open secret file /etc/ldap.secret (No such file or directory)
Can anyone point me in a direction?
Thank you, Michael Blinn
--
If this is my day of harvest, in what fields have I sowed the seed, and in what unremembered seasons?
- Kahlil Gibran
CONFIDENTIALITY NOTICE: This message, and any attachments that may accompany it, contain information that is intended for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential, or otherwise exempt from disclosure under applicable law. If the recipient of this message is not the intended recipient, any disclosure, copying, or other use of this communication or any of the information, which it contains is unauthorized and prohibited. If you have received this message in error, please notify the original sender by return mail and delete this message, along with any attachments, from your computer. Thank you.
Correction... the segfault only occurs on 'service dovecot restart' -Michael
Michael Blinn wrote:
I'm trying to set up Johannes's DSpam plugin for dovecot. I've compiled rc2 and the plugin, and have things installed OK. I have a X-DSPAM-Signature in my message that is delivered to Inbox. Whenever I try to move this to my spam folder (I changed source to say 'Spam' instead of 'SPAM'), my client (Thunderbird) pops up 'The current command did not succeed. The mail server responded: dspam failed.'
I've set '#define DEBUG 1' in the plugin and see this in my 'messages' log. Sep 20 09:39:03 ltsp imap: /usr/local/bin/dspam --source=error --stdout --class=spam --signature=45113fe931161804284693 '/usr/local/bin/dspam' is the location of my dspam binary.
Occasionally, though not every time I move a message, I see this in my 'messages' log. Sep 20 09:38:34 ltsp kernel: imap[3656]: segfault at 0000000000102490 rip 00002aaaaaafc589 rsp 00007fffabda5400 error 4 Sep 20 09:38:34 ltsp kernel: imap[3653]: segfault at 0000000000102490 rip 00002aaaaaafc589 rsp 00007fff31e814e0 error 4"
I also see this, though the login is successful: Sep 20 09:43:44 ltsp dovecot-auth: pam_ldap: could not open secret file /etc/ldap.secret (No such file or directory)
Can anyone point me in a direction?
Thank you, Michael Blinn
--
If this is my day of harvest, in what fields have I sowed the seed, and in what unremembered seasons?
- Kahlil Gibran
CONFIDENTIALITY NOTICE: This message, and any attachments that may accompany it, contain information that is intended for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential, or otherwise exempt from disclosure under applicable law. If the recipient of this message is not the intended recipient, any disclosure, copying, or other use of this communication or any of the information, which it contains is unauthorized and prohibited. If you have received this message in error, please notify the original sender by return mail and delete this message, along with any attachments, from your computer. Thank you.
I wonder if this is a permissions problem with the dspam executable. It is
-r-x--s--- 1 root mail 494628 Sep 20 12:15 /usr/local/bin/dspam
so if I 'su username' then that user gets a 'permission denied' when executing the dspam binary. I didn't see anything in the plugin wiki about dspam permissions though.. am I going in the correct direction?
I've tried this plugin with almost every dovecot source version and every dspam source version.. Has anyone had success doing the dspam plugin on x86_64 ? Any and all pointers are appreciated.
Thanks, Michael
Michael Blinn wrote:
I'm trying to set up Johannes's DSpam plugin for dovecot. I've compiled rc2 and the plugin, and have things installed OK. I have a X-DSPAM-Signature in my message that is delivered to Inbox. Whenever I try to move this to my spam folder (I changed source to say 'Spam' instead of 'SPAM'), my client (Thunderbird) pops up 'The current command did not succeed. The mail server responded: dspam failed.'
Hi.
On Wed, 20 Sep 2006 14:24:25 -0400 Michael Blinn mblinn@peopleplaces.org wrote:
I wonder if this is a permissions problem with the dspam executable. It is
-r-x--s--- 1 root mail 494628 Sep 20 12:15 /usr/local/bin/dspam
In case you don't know: this means that the group the dspam executable is running as is changed to mail on execution, and only root or members of the group mail may execute it at all. I have no idea in which case this is needed.
Assuming that dovecot has switched to the mailbox's userid (or the userid it got from the database) by the time it calls dspam I would think that simple 0755 (rwxr-xr-x) permissions for the dspam executable should be ok...
Regards, Milan
On September 20, 2006 11:10:37 PM +0200 Milan Holzäpfel listen@mjh.name wrote:
Hi.
On Wed, 20 Sep 2006 14:24:25 -0400 Michael Blinn mblinn@peopleplaces.org wrote:
I wonder if this is a permissions problem with the dspam executable. It is
-r-x--s--- 1 root mail 494628 Sep 20 12:15 /usr/local/bin/dspam
In case you don't know: this means that the group the dspam executable is running as is changed to mail on execution, and only root or members of the group mail may execute it at all.
Just root. It would need g+r for group mail to execute it.
On my system dspam is 02555 root:mail. I don't know if that's the default or if I tweaked it; probably the latter.
-frank
On Wed, 20 Sep 2006 17:29:26 -0700 Frank Cusack fcusack@fcusack.com wrote:
On September 20, 2006 11:10:37 PM +0200 Milan Holzäpfel listen@mjh.name wrote:
Hi.
On Wed, 20 Sep 2006 14:24:25 -0400 Michael Blinn mblinn@peopleplaces.org wrote:
I wonder if this is a permissions problem with the dspam executable. It is
-r-x--s--- 1 root mail 494628 Sep 20 12:15 /usr/local/bin/dspam
In case you don't know: this means that the group the dspam executable is running as is changed to mail on execution, and only root or members of the group mail may execute it at all.
Just root. It would need g+r for group mail to execute it.
You can execute an ELF (binary) executable without being able to read it. (Not the case for a perl script e.g., as the interpreter has to read the script, but for such script sticky bits normally don't matter anyway) If the permissions read -r-x--S--- (aka 2500), only root could execute it.
On my system dspam is 02555 root:mail. I don't know if that's the default or if I tweaked it; probably the latter.
Question is whether the mail group is necessary / a good idea / possibly a security risk if anyone may run dspam with that group. As mentioned, not knowing dspam I have no idea on that...
Regards, Milan
On September 21, 2006 10:35:04 AM +0200 Milan Holzäpfel listen@mjh.name wrote:
On Wed, 20 Sep 2006 17:29:26 -0700 Frank Cusack fcusack@fcusack.com wrote:
On September 20, 2006 11:10:37 PM +0200 Milan Holzäpfel listen@mjh.name wrote:
Hi.
On Wed, 20 Sep 2006 14:24:25 -0400 Michael Blinn mblinn@peopleplaces.org wrote:
I wonder if this is a permissions problem with the dspam executable. It is
-r-x--s--- 1 root mail 494628 Sep 20 12:15 /usr/local/bin/dspam
In case you don't know: this means that the group the dspam executable is running as is changed to mail on execution, and only root or members of the group mail may execute it at all.
Just root. It would need g+r for group mail to execute it.
You can execute an ELF (binary) executable without being able to read
Right you are!
it. (Not the case for a perl script e.g., as the interpreter has to read the script, but for such script sticky bits normally don't matter anyway) If the permissions read -r-x--S--- (aka 2500), only root could execute it.
2500 gives -r-x--l--- on my system (Solaris 10 x86)
I think the setuid/setgid modes without exec bit set have implementation specific behaviors. On Solaris setgid without exec turns on mandatory locking for that file.
Anyway, way off topic.
-frank
On Wed, 2006-09-20 at 14:24 -0400, Michael Blinn wrote:
I wonder if this is a permissions problem with the dspam executable. It is
-r-x--s--- 1 root mail 494628 Sep 20 12:15 /usr/local/bin/dspam
Yes, it is. Dovecot imap runs under the uid. The plugin works for my setup where things are done by each user for themselves, not centrally. I see you're trying the mysql version, might be a good idea.
johannes
participants (4)
-
Frank Cusack
-
Johannes Berg
-
Michael Blinn
-
Milan Holzäpfel