Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[SOLVED] dovecot antispam permission weirdness
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
fidel
Guru
Guru


Joined: 16 Jul 2004
Posts: 391
Location: CH

PostPosted: Sun Sep 09, 2012 8:29 am    Post subject: [SOLVED] dovecot antispam permission weirdness Reply with quote

I am running a postfix - dovecot - dspam setup that has been running successully for a while. After the last update I realized that moving mails to my spam folder does not work anymore.
The setup is mainly the following:
/etc/dovecot/dovecot.conf:
Code:

...
first_valid_gid = 12
first_valid_uid = 8
last_valid_gid = 12
last_valid_uid = 8
..
plugin {
    # antispam
    antispam_backend = dspam
    antispam_dspam_args = --client;--user;%u;--source=error;--signature=%%s
    antispam_dspam_binary = /usr/bin/dspam
    antispam_signature = X-DSPAM-Signature
    antispam_signature_missing = error
    antispam_spam = INBOX.Spam;INBOX.Junk
    antispam_spam_pattern_ignorecase = INBOX.SPAM;INBOX.JUNK
    antispam_trash = INBOX.trash;trash;INBOX.Trash;Trash;INBOX.Deleted Items;Deleted Items;INBOX.Deleted Messages;Deleted Messages
    antispam_trash_pattern_ignorecase = INBOX.deleted*;INBOX.gel&APY-scht*;INBOX.gelöscht*;INBOX.gel&ANY-scht*
..
service auth {
    unix_listener saslauth {
        group = mail
        mode = 0660
        user = mail
    }
    unix_listener auth-master {
        group = mail
        mode = 0600
        user = mail
    }
    unix_listener auth-userdb {
        group = mail
        mode = 0600
        user = mail
    }
}

Now when I try to move a spam message to the spam folder, the message does not get dropped in the spam folder, instead it appears in the inbox again. In the logfile I can then find:
Code:
 # tail /var/log/mail/current
Sep 09 09:46:07 [dspam] Unable to open file for reading: /etc/dspam/dspam.conf: Permission denied
Sep 09 09:46:07 [dspam] Unable to read dspam.conf


I really feel stupid - why on earth this file cannot be read????
Code:

# id dspam
uid=1002(dspam) gid=1005(dspam) Gruppen=1005(dspam),12(mail)
# id dovecot
uid=97(dovecot) gid=97(dovecot) Gruppen=97(dovecot)

I tried the following - none of them works!
Code:

# ls -lh /etc/dspam/dspam.conf
-rw-r----- 1 dspam dovecot 36K 23. Aug 07:01 /etc/dspam/dspam.conf

Code:

# ls -lh /etc/dspam/dspam.conf
-rw-r----- 1 dspam mail 36K 23. Aug 07:01 /etc/dspam/dspam.conf


I don't want the file to be world-readable, it has a database access configuration in it.

Please help - how can I find out, which user gets used for calling dspam from dovecot delivery and training? How can I configure this?...

[EDIT]
I now remember that I had to change the permissions of /usr/bin/dspam so my setup worked. I changed it to:
Code:
# l /usr/bin/dspam
-r-x--s--- 1 dspam mail 100K 22. Aug 21:46 /usr/bin/dspam

So if the permissions of /etc/dspam/dspam.conf look like this:
Code:
# l /etc/dspam/dspam.conf
-rw-r----- 1 dspam mail 36K 23. Aug 07:01 /etc/dspam/dspam.conf

How can this happen?:
Code:
Sep 09 11:29:06 [dspam] Unable to open file for reading: /etc/dspam/dspam.conf: Permission denied
Sep 09 11:29:06 [dspam] Unable to read dspam.conf


??.. now I am really confused! :?


Last edited by fidel on Tue Sep 18, 2012 5:48 pm; edited 1 time in total
Back to top
View user's profile Send private message
fidel
Guru
Guru


Joined: 16 Jul 2004
Posts: 391
Location: CH

PostPosted: Tue Sep 18, 2012 5:48 pm    Post subject: Reply with quote

Ok, I had to change the binary /usr/bin/dspam to u+s instead of g+s .. :oops:
file permissions:
# ls -lh /usr/bin/dspam
-r-sr-x--- 1 dspam mail 100K 22. Aug 21:46 /usr/bin/dspam
# ls -lh /etc/dspam/dspam.conf
-rw-r----- 1 dspam dspam 36K 23. Aug 07:01 /etc/dspam/dspam.conf


So now everybody in the mail group can execute the binary /usr/bin/dspam and turns into user dspam doing so. Therefore the config file /etc/dspam/dspam.conf only needs to be readable by the user dspam.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum