View previous topic :: View next topic |
Author |
Message |
fidel Guru
Joined: 16 Jul 2004 Posts: 407 Location: CH
|
Posted: Sun Sep 09, 2012 8:29 am Post subject: [SOLVED] dovecot antispam permission weirdness |
|
|
I am running a postfix - dovecot - dspam setup that has been running successully for a while. After the last update I realized that moving mails to my spam folder does not work anymore.
The setup is mainly the following:
/etc/dovecot/dovecot.conf:
Code: |
...
first_valid_gid = 12
first_valid_uid = 8
last_valid_gid = 12
last_valid_uid = 8
..
plugin {
# antispam
antispam_backend = dspam
antispam_dspam_args = --client;--user;%u;--source=error;--signature=%%s
antispam_dspam_binary = /usr/bin/dspam
antispam_signature = X-DSPAM-Signature
antispam_signature_missing = error
antispam_spam = INBOX.Spam;INBOX.Junk
antispam_spam_pattern_ignorecase = INBOX.SPAM;INBOX.JUNK
antispam_trash = INBOX.trash;trash;INBOX.Trash;Trash;INBOX.Deleted Items;Deleted Items;INBOX.Deleted Messages;Deleted Messages
antispam_trash_pattern_ignorecase = INBOX.deleted*;INBOX.gel&APY-scht*;INBOX.gelöscht*;INBOX.gel&ANY-scht*
..
service auth {
unix_listener saslauth {
group = mail
mode = 0660
user = mail
}
unix_listener auth-master {
group = mail
mode = 0600
user = mail
}
unix_listener auth-userdb {
group = mail
mode = 0600
user = mail
}
}
|
Now when I try to move a spam message to the spam folder, the message does not get dropped in the spam folder, instead it appears in the inbox again. In the logfile I can then find:
Code: | # tail /var/log/mail/current
Sep 09 09:46:07 [dspam] Unable to open file for reading: /etc/dspam/dspam.conf: Permission denied
Sep 09 09:46:07 [dspam] Unable to read dspam.conf |
I really feel stupid - why on earth this file cannot be read????
Code: |
# id dspam
uid=1002(dspam) gid=1005(dspam) Gruppen=1005(dspam),12(mail)
# id dovecot
uid=97(dovecot) gid=97(dovecot) Gruppen=97(dovecot)
|
I tried the following - none of them works!
Code: |
# ls -lh /etc/dspam/dspam.conf
-rw-r----- 1 dspam dovecot 36K 23. Aug 07:01 /etc/dspam/dspam.conf
|
Code: |
# ls -lh /etc/dspam/dspam.conf
-rw-r----- 1 dspam mail 36K 23. Aug 07:01 /etc/dspam/dspam.conf
|
I don't want the file to be world-readable, it has a database access configuration in it.
Please help - how can I find out, which user gets used for calling dspam from dovecot delivery and training? How can I configure this?...
[EDIT]
I now remember that I had to change the permissions of /usr/bin/dspam so my setup worked. I changed it to:
Code: | # l /usr/bin/dspam
-r-x--s--- 1 dspam mail 100K 22. Aug 21:46 /usr/bin/dspam |
So if the permissions of /etc/dspam/dspam.conf look like this:
Code: | # l /etc/dspam/dspam.conf
-rw-r----- 1 dspam mail 36K 23. Aug 07:01 /etc/dspam/dspam.conf |
How can this happen?:
Code: | Sep 09 11:29:06 [dspam] Unable to open file for reading: /etc/dspam/dspam.conf: Permission denied
Sep 09 11:29:06 [dspam] Unable to read dspam.conf |
??.. now I am really confused!
Last edited by fidel on Tue Sep 18, 2012 5:48 pm; edited 1 time in total |
|
Back to top |
|
|
fidel Guru
Joined: 16 Jul 2004 Posts: 407 Location: CH
|
Posted: Tue Sep 18, 2012 5:48 pm Post subject: |
|
|
Ok, I had to change the binary /usr/bin/dspam to u+s instead of g+s ..
file permissions: | # ls -lh /usr/bin/dspam
-r-sr-x--- 1 dspam mail 100K 22. Aug 21:46 /usr/bin/dspam
# ls -lh /etc/dspam/dspam.conf
-rw-r----- 1 dspam dspam 36K 23. Aug 07:01 /etc/dspam/dspam.conf |
So now everybody in the mail group can execute the binary /usr/bin/dspam and turns into user dspam doing so. Therefore the config file /etc/dspam/dspam.conf only needs to be readable by the user dspam. |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|