[Dovecot] Dovecot antispam unable to call dspam since dovecot upgrade to 2.X
Hello,Running Gentoo AMD64 2013 with postfix, mysql, dovecot and dspam, i finally upgraded to dovecot 2.X. I'm running dovecot 2.2.6, dspam 3.10.2-r1 and dovecot-antispam-2.0_pre20130429.
My DSPAM configuration hasn't changed between dovecot 1.X and 2.X.
When i'm moving a mail to or from the Spam folder, Igot this error in my logs : Nov 14 10:33:25 srv1 dovecot: imap(ghilt@shadowprojects.org): Debug: dspam error:7751 prefix=imap(ghilt@shadowprojects.org): Nov 14 10:33:25 srv1 dovecot: imap(ghilt@shadowprojects.org): Debug: executing /usr/bin/dspam failed: 13 (uid=1001, gid=12) Nov 14 10:33:25 srv1 dovecot: imap: Error: Nov 14 10:33:25 srv1 dovecot: imap: Error:
uid 1001 is user vmail (dovecot is running under vmail) gid 12 is group mail (vmail is a member, with mail,postfix,dspam,dovecot,apache)
I enabled DSPAMdebug mode and when i move the mail, i don't see anything in the logs, meaning that dspam isn't called at all. Enabling debug in dovecot doesn't give me more informations.
Here's my dovecot plugins settings : plugin { #setting_name = value
# Selects the specific backend to be used for spam system training
antispam_backend = dspam
# Specifies whether to allow appending mails to the spam folder
# from the unknown source. Optional, default = NO.
antispam_allow_append_to_spam = NO
# Specifies whether to skip the leading "From " line of the mail
# piped to the backend processor. Optional, default = NO.
antispam_skip_from_line = NO
# semicolon-separated list of spam folders
antispam_spam = Spam
# semicolon-separated list of Trash folders (default unset i.e. none) antispam_trash = Trash
# semicolon-separated list of unsure folders (default unset i.e. none) #antispam_unsure =
# mail signature (used with any backend requiring a signature)
antispam_signature = X-DSPAM-Signature
# specifies what to do if the signature header is missing. Possible
# values: "move" (move the mail silently without training), "error"
# (display an error stating that the signature header is missing).
# Optional, default = "error".
antispam_signature_missing = error
# specifies the path to the dspam client binary.
# Optional, default = "/usr/bin/dspam".
antispam_dspam_binary = /usr/bin/dspam
# list of command line arguments to the dspam binary. Must include
# one "%%s" in order to be replaced with the signature value.
# Optional, default = "--source=error;--signature=%%s".
antispam_dspam_args = --user;%u;--deliver=;--source=error;--signature=%%s
# command line argument to specify that mail should be reclassified
# as SPAM. Optional, default = "--class=spam".
antispam_dspam_spam = --class=spam
# command line argument to specify that mail should be reclassified
# as not SPAM. Optional, default = "--class=innocent".
antispam_dspam_notspam = --class=innocent
# specifies the mail header name to derive the classification result. # Optional, default = NONE. antispam_dspam_result_header = X-DSPAM-Result
# specifies the list of classification results to avoid retraining
# for. Optional, default = NONE.
#antispam_dspam_result_blacklist = Virus;Blocklisted;Blacklisted}
USE flags : [I] mail-filter/dovecot-antispam Available versions: (~)2.0_pre20120226 (~)2.0_pre20130429 Installed versions: 2.0_pre20130429(12:26:34 04/11/2013) Homepage: http://wiki2.dovecot.org/Plugins/Antispam/ Description: A dovecot antispam plugin supporting multiple backends
[I] net-mail/dovecot Available versions: 2.0.19 2.1.9 2.1.16 (~)2.1.17 2.2.5 (~)2.2.6 {bzip2 caps cydir doc imapc ipv6 kerberos ldap lucene +maildir managesieve mbox mdbox mysql pam pop3c postgres sdbox selinux sieve solr sqlite (+)ssl static-libs suid tcpd vpopmail zlib} Installed versions: 2.2.6(12:26:15 04/11/2013)(bzip2 ipv6 maildir managesieve mysql pam sieve ssl tcpd zlib -caps -cydir -doc -imapc -kerberos -ldap -lucene -mbox -mdbox -pop3c -postgres -sdbox -selinux -solr -sqlite -static-libs -suid -vpopmail) Homepage: http://www.dovecot.org/ Description: An IMAP and POP3 server written with security primarily in mind
[I] mail-filter/dspam Available versions: 3.10.2-r1 {clamav daemon debug +domain-scale +hash large-scale ldap mysql postgres small-scale sqlite static-libs syslog user-homedirs virtual-users} Installed versions: 3.10.2-r1(10:08:06 14/11/2013)(clamav daemon domain-scale mysql syslog virtual-users -debug -hash -large-scale -ldap -postgres -small-scale -sqlite -static-libs -user-homedirs) Homepage: http://dspam.sourceforge.net/ Description: A statistical-algorithmic hybrid anti-spam filter
DSPAM binary is owned by dspam (chmod u+s) : -r-s--x--- 1 dspam dspam 96K 14 nov. 10:08 /usr/bin/dspam
And all the necessary users are trusted by DSPAM : Trust root Trust dspam Trust apache Trust mail Trust mailnull Trust smmsp Trust daemon Trust vmail Trust dovecot Trust postfix
Any idea ?
Thanks,
-- Guillaume Hilt
Guillaume Hilt skrev den 2013-11-14 12:12:
When i'm moving a mail to or from the Spam folder, Igot this error in my logs : Nov 14 10:33:25 srv1 dovecot: imap(ghilt@shadowprojects.org): Debug: dspam error:7751 prefix=imap(ghilt@shadowprojects.org):
googled "One More Thing" :)
http://www.gentoo-wiki.info/HOWTO_Spam_Filtering_with_DSPAM_and_Postfix
see the section i googled, its know problem not yet resolved :/
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Thu, 14 Nov 2013, Benny Pedersen wrote:
Guillaume Hilt skrev den 2013-11-14 12:12:
When i'm moving a mail to or from the Spam folder, Igot this error in my logs : Nov 14 10:33:25 srv1 dovecot: imap(ghilt@shadowprojects.org): Debug: dspam error:7751 prefix=imap(ghilt@shadowprojects.org):
googled "One More Thing" :)
http://www.gentoo-wiki.info/HOWTO_Spam_Filtering_with_DSPAM_and_Postfix
see the section i googled, its know problem not yet resolved :/
Is this problem the same then that one? http://www.reddit.com/r/linuxadmin/comments/1ljdq2/dovecot_virtual_users_and...
- From the problem description: " I traced problem to the fact that dovecot seems to run dspam with uid/gid of virtual user. And dspam seem to be upset by it. "
So you need the make dspam run as vmail. Do you get the error if you execute
sudo -u vmail /usr/bin/dspam ....
?
Then this advice from Benny's link might help: "One More Thing
There are a few loose ends to tie up. Without all this it wouldn't need masking after all.
mkdir /var/spool/dspam/log/ chown -R dspam:dspam /var/spool/dspam/ chmod 4511 /usr/bin/dspam
Note:- you will have to do this command again if you re-emarge or update dspam"
- -or-
Maybe just the advice about trusting users from the reddit link:
"Did you add the user to the trust list?
Trust dovecot Trust vmail
etc, etc. "
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQEVAwUBUoXL4l3r2wJMiz2NAQIjxwgAkcGR2jeu2Vmkn/8zjKy6vmQC0QifwXFv AroTc8rNka8H/H8Ba2EXnkX6tEgtgmm4Zk856O6CUsy5QVxb3t7/JwAjcY3fv65y JcRJXeLQPinki2xYP6wBS0bfZHXw7iaU1cd0ogcxbnO7GHk3Va5eRdZwgmQ38TXQ oZ/1nskuDZVCaxRPN6f6m6Cofdpt5vhhte9mrd+Y0tbJpmOAhzzSPfgtbfFfdpbd e4OLM5zpZb5aY5PTV3ZhMt9UkmuiVG2uWSK8uf9jiWJ7e0FvWcgEmTBRFqymptcY U0DvcNCu00p2/raH3k4zsEck7s4bJcdF4kdIViyyqsB11w6q1yNPOQ== =MfrR -----END PGP SIGNATURE-----
Steffen Kaiser skrev den 2013-11-15 08:23:
chmod 4511 /usr/bin/dspam
this was the only thing i changed after the ebuild merge, main problem is that only root can change uid, non privileded users need to stay as same uid while executing
Le 15/11/2013 08:23, Steffen Kaiser a écrit :
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Thu, 14 Nov 2013, Benny Pedersen wrote:
Guillaume Hilt skrev den 2013-11-14 12:12:
When i'm moving a mail to or from the Spam folder, Igot this error in my logs : Nov 14 10:33:25 srv1 dovecot: imap(ghilt@shadowprojects.org): Debug: dspam error:7751 prefix=imap(ghilt@shadowprojects.org):
googled "One More Thing" :)
http://www.gentoo-wiki.info/HOWTO_Spam_Filtering_with_DSPAM_and_Postfix
see the section i googled, its know problem not yet resolved :/
Is this problem the same then that one? http://www.reddit.com/r/linuxadmin/comments/1ljdq2/dovecot_virtual_users_and...
- From the problem description: " I traced problem to the fact that dovecot seems to run dspam with uid/gid of virtual user. And dspam seem to be upset by it. "
So you need the make dspam run as vmail. Do you get the error if you execute
sudo -u vmail /usr/bin/dspam ....
? Indeed. sudo: unable to execute /usr/bin/dspam: Permission denied
Then this advice from Benny's link might help: "One More Thing
There are a few loose ends to tie up. Without all this it wouldn't need masking after all.
mkdir /var/spool/dspam/log/ chown -R dspam:dspam /var/spool/dspam/ This was already good.
chmod 4511 /usr/bin/dspam And this one fixed my issue, thanks :) I'm going to fill a bug for Gentoo.
Note:- you will have to do this command again if you re-emarge or update dspam"
- -or-
Maybe just the advice about trusting users from the reddit link:
"Did you add the user to the trust list?
Trust dovecot Trust vmail
etc, etc. "
- -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQEVAwUBUoXL4l3r2wJMiz2NAQIjxwgAkcGR2jeu2Vmkn/8zjKy6vmQC0QifwXFv AroTc8rNka8H/H8Ba2EXnkX6tEgtgmm4Zk856O6CUsy5QVxb3t7/JwAjcY3fv65y JcRJXeLQPinki2xYP6wBS0bfZHXw7iaU1cd0ogcxbnO7GHk3Va5eRdZwgmQ38TXQ oZ/1nskuDZVCaxRPN6f6m6Cofdpt5vhhte9mrd+Y0tbJpmOAhzzSPfgtbfFfdpbd e4OLM5zpZb5aY5PTV3ZhMt9UkmuiVG2uWSK8uf9jiWJ7e0FvWcgEmTBRFqymptcY U0DvcNCu00p2/raH3k4zsEck7s4bJcdF4kdIViyyqsB11w6q1yNPOQ== =MfrR -----END PGP SIGNATURE-----
Hi all,
If I remember correctly (stopped using DSPAM some time ago), you should add a trusted user to dspam.conf: Trust root ... Trust vmail
Best wishes Eugene
-----Original Message----- From: Guillaume Hilt Sent: Friday, November 15, 2013 11:57 AM To: dovecot@dovecot.org Subject: Re: [Dovecot] Dovecot antispam unable to call dspam since dovecot upgrade to 2.X
Le 15/11/2013 08:23, Steffen Kaiser a écrit :
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Thu, 14 Nov 2013, Benny Pedersen wrote:
Guillaume Hilt skrev den 2013-11-14 12:12:
When i'm moving a mail to or from the Spam folder, Igot this error in my logs : Nov 14 10:33:25 srv1 dovecot: imap(ghilt@shadowprojects.org): Debug: dspam error:7751 prefix=imap(ghilt@shadowprojects.org):
googled "One More Thing" :)
http://www.gentoo-wiki.info/HOWTO_Spam_Filtering_with_DSPAM_and_Postfix
see the section i googled, its know problem not yet resolved :/
Is this problem the same then that one? http://www.reddit.com/r/linuxadmin/comments/1ljdq2/dovecot_virtual_users_and...
- From the problem description: " I traced problem to the fact that dovecot seems to run dspam with uid/gid of virtual user. And dspam seem to be upset by it. "
So you need the make dspam run as vmail. Do you get the error if you execute
sudo -u vmail /usr/bin/dspam ....
? Indeed. sudo: unable to execute /usr/bin/dspam: Permission denied
Then this advice from Benny's link might help: "One More Thing
There are a few loose ends to tie up. Without all this it wouldn't need masking after all.
mkdir /var/spool/dspam/log/ chown -R dspam:dspam /var/spool/dspam/ This was already good.
chmod 4511 /usr/bin/dspam And this one fixed my issue, thanks :) I'm going to fill a bug for Gentoo.
Note:- you will have to do this command again if you re-emarge or update dspam"
- -or-
Maybe just the advice about trusting users from the reddit link:
"Did you add the user to the trust list?
Trust dovecot Trust vmail
etc, etc. "
- -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQEVAwUBUoXL4l3r2wJMiz2NAQIjxwgAkcGR2jeu2Vmkn/8zjKy6vmQC0QifwXFv AroTc8rNka8H/H8Ba2EXnkX6tEgtgmm4Zk856O6CUsy5QVxb3t7/JwAjcY3fv65y JcRJXeLQPinki2xYP6wBS0bfZHXw7iaU1cd0ogcxbnO7GHk3Va5eRdZwgmQ38TXQ oZ/1nskuDZVCaxRPN6f6m6Cofdpt5vhhte9mrd+Y0tbJpmOAhzzSPfgtbfFfdpbd e4OLM5zpZb5aY5PTV3ZhMt9UkmuiVG2uWSK8uf9jiWJ7e0FvWcgEmTBRFqymptcY U0DvcNCu00p2/raH3k4zsEck7s4bJcdF4kdIViyyqsB11w6q1yNPOQ== =MfrR -----END PGP SIGNATURE-----
participants (4)
-
Benny Pedersen
-
Eugene
-
Guillaume Hilt
-
Steffen Kaiser