| View previous topic :: View next topic |
| Author |
Message |
Hu
Moderator
Joined: 06 Mar 2007
Posts: 21624
|
 Posted: Wed Apr 06, 2022 5:02 pm Post subject: |
 |
|
| If the pid file exists, then the process started and wrote a pid file. The process may have died shortly thereafter and not cleaned out the pid file. |
|
| Back to top |
|
 |
MoonWalker
Guru
Joined: 04 Jul 2002
Posts: 510
|
| Posted: Wed Apr 06, 2022 5:25 pm Post subject: |
|
|
| Hu wrote: | | If the pid file exists, then the process started and wrote a pid file. The process may have died shortly thereafter and not cleaned out the pid file. |
Is there any way I can trace this actually is happening? I am doubtful, because wouldn't that mean /usr/sbin/amavisd would run and make a log entry?
_________________
/Joakim
Living on earth is expensive, but it includes a free trip around the sun
every year. |
|
| Back to top |
|
|
papahuhn
l33t
Joined: 06 Sep 2004
Posts: 626
|
| Posted: Thu Apr 07, 2022 9:55 am Post subject: |
|
|
@MoonWalker, I can reproduce your symptoms on a fresh "generic/gentoo" Vagrantbox. In mail.log I see
| Quote: | | Apr 7 09:52:34 gentoo amavis[14002]: (!)Net::Server: 2022/04/07-09:52:34 Can't connect to UNIX socket at file /var/amavis/amavisd.sock [No such file or directory]\n at line 66 in file /usr/lib64/perl5/vendor_perl/5.34/Net/Server/Proto/UNIX.pm |
This helps:
| Quote: | | $MYHOME = '/var/lib/amavishome'; |
_________________
Death by snoo-snoo! |
|
| Back to top |
|
|
MoonWalker
Guru
Joined: 04 Jul 2002
Posts: 510
|
| Posted: Fri Apr 08, 2022 12:38 am Post subject: |
|
|
I already have | Quote: | | $MYHOME = '/var/lib/amavishome'; |
in amavisd.conf, so that's not the problem, and yes the problem hasn't gone away.
Meanwhile, I have updated my system so it now uses profile 17.1, recompiled everything, but no change. amavisd simply doesn't start and it doesn't leave any clue in the logs, nothing! I am lost 
Also, the bug I opened hasn't yielded anything. It was assigned but the assignee hasn't showed up... but hey, my issue is clearly not the same as the OP and the topic has also been marked as [SOLVED], so I will stop adding here and open my own thread instead.
_________________
/Joakim
Living on earth is expensive, but it includes a free trip around the sun
every year. |
|
| Back to top |
|
|
MoonWalker
Guru
Joined: 04 Jul 2002
Posts: 510
|
| Posted: Fri Apr 08, 2022 9:58 am Post subject: |
|
|
Actually, wont open a new topic as I found the cause of the issue and was able to solve it, sort of.
Not sure why I didn't come to think of this earlier, but eventually I got the idea to run /use/sbin/amavisd directly from the command line, which resulted in
| Quote: | merc ~ # amavisd
Error in config file "/etc/amavisd.conf": Can't open PEM file /var/db/dkim/mydomain-com.key.pem: Permission denied at /usr/sbin/amavisd line 639. |
so after commenting out | Quote: | #$enable_dkim_verification = 1; # enable DKIM signatures verification
#$enable_dkim_signing = 1; # load DKIM signing code, keys defined by dkim_key
#dkim_key('astrocalc.com', 'mydkim', '/var/db/dkim/mydomain-com.key.pem', k=>'rsa'); |
amavisd now starts and runs properly, and emails are delivered, although this is not a long term plausible solution.
_________________
/Joakim
Living on earth is expensive, but it includes a free trip around the sun
every year. |
|
| Back to top |
|
|
papahuhn
l33t
Joined: 06 Sep 2004
Posts: 626
|
| Posted: Fri Apr 08, 2022 10:38 am Post subject: |
|
|
| Quote: | | amavisd now starts and runs properly, and emails are delivered, although this is not a long term plausible solution. |
The long term solution would be to make the pem file readable for amavis, I guess?
_________________
Death by snoo-snoo! |
|
| Back to top |
|
|
papahuhn
l33t
Joined: 06 Sep 2004
Posts: 626
|
| Posted: Fri Apr 08, 2022 10:48 am Post subject: |
|
|
| Quote: | | So from what I can understand, something external must have changed here related to this. Not quite sure what yet, but I will take it to the forums as I see now that this most likely isn't an amavisd bug. |
Amavis changed.
| Quote: | amavis-2.12.2 release notes
Resolve crash on reload with insufficient permissions. Amavis now tests whether it is able read and evaluate its configuration files with dropped privileges. In case it cannot, amavis fails to start and refuses to reload. |
https://gitlab.com/amavis/amavis/-/issues/10
_________________
Death by snoo-snoo! |
|
| Back to top |
|
|
MoonWalker
Guru
Joined: 04 Jul 2002
Posts: 510
|
| Posted: Fri Apr 08, 2022 5:16 pm Post subject: |
|
|
| papahuhn wrote: | | Quote: | | amavisd now starts and runs properly, and emails are delivered, although this is not a long term plausible solution. |
The long term solution would be to make the pem file readable for amavis, I guess? |
I suppose so, but I'm not up-to-date on this stuff as my dkim PEMs were created in 2009 and I don't even remember how I created them.
_________________
/Joakim
Living on earth is expensive, but it includes a free trip around the sun
every year. |
|
| Back to top |
|
|
MoonWalker
Guru
Joined: 04 Jul 2002
Posts: 510
|
| Posted: Fri Apr 08, 2022 5:24 pm Post subject: |
|
|
| papahuhn wrote: | | Quote: | | So from what I can understand, something external must have changed here related to this. Not quite sure what yet, but I will take it to the forums as I see now that this most likely isn't an amavisd bug. |
Amavis changed.
| Quote: | amavis-2.12.2 release notes
Resolve crash on reload with insufficient permissions. Amavis now tests whether it is able read and evaluate its configuration files with dropped privileges. In case it cannot, amavis fails to start and refuses to reload. |
https://gitlab.com/amavis/amavis/-/issues/10 |
Great dig up, thanks. I will take a look at that bug and see what I can learn. It's a bit odd though as I learned from grepping through the emerge.log, amavis didn't start to misbehave directly after I installed 2.12.2 but some days later, and right after I installed glibc-2.35-r2
Anyway, now I know what the issue is and the simple solution right now is probably to change ownership of those PEM files. However, as they are owned by root:root you don't just want to get on to that right away but do some investigation first.
_________________
/Joakim
Living on earth is expensive, but it includes a free trip around the sun
every year. |
|
| Back to top |
|
|
freke
l33t
Joined: 23 Jan 2003
Posts: 977
Location: Somewhere in Denmark
|
| Posted: Sat Apr 09, 2022 8:35 am Post subject: |
|
|
| MoonWalker wrote: | | papahuhn wrote: | | Quote: | | So from what I can understand, something external must have changed here related to this. Not quite sure what yet, but I will take it to the forums as I see now that this most likely isn't an amavisd bug. |
Amavis changed.
| Quote: | amavis-2.12.2 release notes
Resolve crash on reload with insufficient permissions. Amavis now tests whether it is able read and evaluate its configuration files with dropped privileges. In case it cannot, amavis fails to start and refuses to reload. |
https://gitlab.com/amavis/amavis/-/issues/10 |
Great dig up, thanks. I will take a look at that bug and see what I can learn. It's a bit odd though as I learned from grepping through the emerge.log, amavis didn't start to misbehave directly after I installed 2.12.2 but some days later, and right after I installed glibc-2.35-r2
Anyway, now I know what the issue is and the simple solution right now is probably to change ownership of those PEM files. However, as they are owned by root:root you don't just want to get on to that right away but do some investigation first. |
I would expect that root:amavis (and a 640 permission) for the PEMs should work. |
|
| Back to top |
|
|
MoonWalker
Guru
Joined: 04 Jul 2002
Posts: 510
|
| Posted: Sat Apr 09, 2022 11:27 am Post subject: |
|
|
| freke wrote: | | I would expect that root:amavis (and a 640 permission) for the PEMs should work. |
Yes, that's what I ended up with as I don't think they are used by anyone else. It would be postfix and/or dovecot in such case but hasn't noticed anything so far.
_________________
/Joakim
Living on earth is expensive, but it includes a free trip around the sun
every year. |
|
| Back to top |
|
|
|
Networking & Security
