This is a bug in spamd. No I have not opened a bugzilla report yet, I am
buried in work. But a fellow list member, helped me troubleshoot this.
Paul Rushing explained to me:
###
#### Begin included text
###
Your problem rests in spamd. Look at this:
>From the spamd option text you get the idea that -q only works with -x
(which is correct)
-q Enable SQL config (only useful with -x)
But, in the comments he specifically states that if -x is not present check
the config file and then check SQL... sounds good but, that is not in the
code. So, you can only use -q with -x, otherwise it's ignored.
# lookups. If $opt_x is NOT true, we need to try
# their config file and then do the SQL lookup.
# If $opt_x IS true, we skip the conf file and
# only need to do the SQL lookup if $opt_q IS
# true. (I got that wrong the first time.)
Which comes to your problem, if you use the -x -q options the program logic
jumps to handle_user_sql, if you don't use -x then you get handle_user.
I've copied them below. If you'll notice handle_user also takes care of
setting the UID of the child process, whereas handle_user_sql does not set
the UID. Following that logic you then get the child spamd uid set to
nobody for scanning that mail... thus spamd in your setup does not inherit
the proper environment / permissions and thus cannot use the
auto-whitelisting files. In most setups this is probably the desired
behavior, if you setup a second machine to scan these emails you might not
want to recreate the user directories on the second system, or even have all
those user accounts on the second system.
here are the 2 original subs from spamd, at the bottom i've included a
modified one.
sub handle_user
{
my $username = shift;
$current_user = $username;
my ($name,$pwd,$uid,$gid,$quota,$comment,$gcos,$dir,$etc) =
getpwnam($username);
if ( !$spamtest->{paranoid} && !defined($uid) ) {
#if we are given a username, but can't look it up,
#Maybe NIS is down? lets break out here to allow
#them to get 'defaults' when we are not running paranoid.
logmsg "handle_user() -> unable to find user [$username]!\n";
return 0;
}
if ($setuid_to_user) {
$> = $uid;
if ($> != $uid) {
logmsg "setuid to $uid failed";
die; # make it fatal to avoid security breaches
}
}
my $cf_file = $dir."/.spamassassin/user_prefs";
create_default_cf_if_needed ($cf_file, $username);
$spamtest->read_scoreonly_config ($cf_file);
return 1;
}
sub handle_user_sql
{
$current_user = shift;
$spamtest->load_scoreonly_sql ($current_user);
return 1;
}
Below is a modified version of handle_user_sql that should set the UID based
on the username that spamc has passed. This does expect the usernames to
exist on the machine running spamd. You can put this in /usr/bin/spamd to
replace the handle_user_sql that's there.
sub handle_user_sql
{
$current_user = shift;
my ($name,$pwd,$uid,$gid,$quota,$comment,$gcos,$dir,$etc) =
getpwnam($current_user);
if ( !$spamtest->{paranoid} && !defined($uid) ) {
#if we are given a username, but can't look it up,
#Maybe NIS is down? lets break out here to allow
#them to get 'defaults' when we are not running paranoid.
logmsg "handle_user() -> unable to find user [$username]!\n";
return 0;
}
if ($setuid_to_user) {
$> = $uid;
if ($> != $uid) {
logmsg "setuid to $uid failed";
die; # make it fatal to avoid security breaches
}
}
$spamtest->load_scoreonly_sql ($current_user);
return 1;
}
###
#### End included text
###
On Wed, 3 Apr 2002, Eric S. Johansson wrote:
> spamassassin 2.11 would fail for me if I tried to run it as a demon and
> with auto white list. When running it with debugging turn on (spamd -D -c
> -a) I would get the error message included below. It looks like it's
> failing to calculate the path to the recipients home directory. Pointers
> to solutions would be greatly appreciated. I'm currently running with auto
> white list turned off in order to garner the other benefits of spamassassin.
>
> ---eric
>
>
> debug: running header regexp tests; score so far=0
> debug: running body-text per-line regexp tests; score so far=0
> debug: running raw-body-text per-line regexp tests; score so far=0
> debug: running full-text regexp tests; score so far=0
> debug: Razor is available
> debug: Razor Agents 1.19, protocol version 2.
> debug: Read server list from /.razor.lst
> debug: 172500 seconds before closest server discovery
> debug: Closest server is 64.90.187.2
> 194.109.217.74
>
> debug: Connecting to 64.90.187.2
> 194.109.217.74
> ...
> debug: Connection established
> debug: Signature: 4e1243bd22c66e76c2ba9eddc1f91394e57f9f83
> debug: Server version: 1.11, protocol version 2
> debug: Server response: Negative 4e1243bd22c66e76c2ba9eddc1f91394e57f9f83
> debug: Message 1 NOT found in the catalogue.
> debug: Agent terminated
> debug: trying Received header date for real time: Wed, 3 Apr 2002 15:28:21
> -0500
> debug: no Received headers found, not raising flag
> debug: is Net::DNS::Resolver unavailable? 0
> debug: DNS MX records found: 1
> debug: checking RBL orbs.dorkslayers.com., set relay
> debug: checking RBL inputs.orbz.org., set relay
> debug: checking RBL relays.osirusoft.com., set relay
> debug: checking RBL relays.ordb.org., set relay
> debug: checking RBL ipwhois.rfc-ignorant.org., set rfci
> debug: checking RBL relays.visi.com., set relay
> debug: checking RBL results in set relay for 127.0.0.6
> debug: checking RBL results in set relay for 127.0.0.4
> Cannot create tmp lockfile //.spamassassin/auto-whitelist.lock : No such
> file or directory
>
>
> _______________________________________________
> Spamassassin-talk mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
>
-----------------------------------------------
Brian Feeny, CCIE #8036 e: [EMAIL PROTECTED]
Network Engineer p: 318.222.2638x109
ShreveNet Inc. f: 318.221.6612
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
