Package: spamassassin
Version: 3.4.2-1
Followup-For: Bug #454595
Dear Maintainer,
* What led up to the situation?
Testing a new install of SpamAssassing
* What exactly did you do (or not do) that was effective (or
ineffective)?
Submtted mail to a user without a config folder
* What was the outcome of this action?
No new folder, and an error in the log:
spamd[18039]: config: mkdir /home/vmail/mail/osric/sa failed: Insecure
dependency in mkdir while running with -T switch at
/usr/share/perl/5.28/File/Path.pm line 198, <GEN8> line 2
My perl-fu is not strong, but I tried basic untainting, replacing
mkpath($fname, 0, 0700);
with
my $clean = $fname ~= /^(*.)$/;
mkpath($clean, 0, 0700);
(around line 1925 in /usr/share/perl5/Mail/SpamAssassin.pm)
but there was no change (no new folder)
* What outcome did you expect instead?
The folder specified in --virtual-config-dir to be created per
the manpage for spamd.
-- System Information:
Debian Release: 10.0
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-5-amd64 (SMP w/1 CPU core)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8),
LANGUAGE=en_GB:en (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages spamassassin depends on:
ii adduser 3.118
ii init-system-helpers 1.56+nmu1
pn libarchive-tar-perl <none>
ii libhtml-parser-perl 3.72-3+b3
ii libhttp-date-perl 6.02-1
ii libmail-dkim-perl 0.54-1
ii libnet-dns-perl 1.19-1
ii libnetaddr-ip-perl 4.079+dfsg-1+b3
ii libsocket6-perl 0.29-1+b1
ii libsys-hostname-long-perl 1.5-1
ii libwww-perl 6.36-2
ii lsb-base 10.2019051400
ii perl 5.28.1-6
Versions of packages spamassassin recommends:
ii gnupg 2.2.12-1
ii libio-socket-inet6-perl 2.72-2
ii libmail-spf-perl 2.9.0-4
pn libsys-syslog-perl <none>
ii sa-compile 3.4.2-1
ii spamc 3.4.2-1
Versions of packages spamassassin suggests:
pn libcompress-zlib-perl <none>
pn libdbi-perl <none>
pn libencode-detect-perl <none>
pn libgeo-ip-perl <none>
ii libio-socket-ssl-perl 2.060-3
pn libnet-patricia-perl <none>
pn pyzor <none>
pn razor <none>
-- Configuration Files:
/etc/default/spamassassin changed:
OPTIONS="--allow-tell --create-prefs --nouser-config
--virtual-config-dir=/home/vmail/mail/%l/sa --username=vmail --groupname=vmail
--listen=127.0.0.1 --max-spare=2 -D"
PIDFILE="/var/run/spamd.pid"
CRON=1
/etc/spamassassin/local.cf changed:
report_safe 0
trusted_networks 127.
required_score 10.0
ifplugin Mail::SpamAssassin::Plugin::Shortcircuit
shortcircuit USER_IN_WHITELIST on
shortcircuit USER_IN_DEF_WHITELIST on
shortcircuit USER_IN_ALL_SPAM_TO on
shortcircuit SUBJECT_IN_WHITELIST on
shortcircuit USER_IN_BLACKLIST on
shortcircuit USER_IN_BLACKLIST_TO on
shortcircuit SUBJECT_IN_BLACKLIST on
shortcircuit ALL_TRUSTED on
endif # Mail::SpamAssassin::Plugin::Shortcircuit
-- no debconf information