Re: [exim] Exim and spamd

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Bill Hacker
Dátum:  
Címzett: exim
Tárgy: Re: [exim] Exim and spamd
George wrote:

*trimmed*

>>
>> [1] Perhaps implied, but not clearly stated: Does spamd succeed in
>> utilizing the socket at other times?
>
> Yes, every time.
>>
>> - Presuming Exim and spamd are running as different users, are they at
>> least in the same group?
>
> No. My perimeters for spamd start up are: /usr/bin/spamd -d -x -q -L -m
> 10 -u amavisd --socketpath=/tmp/spamd
>
>>
>> - do both, probably by group perms, have r/w access rights to the socket?
>
>
> socket is created by spamd as root/wheel automatically and the child
> processes are amavisd (it's just a username, no amavisd)
>


If the socket is *really* created as root:wheel that could create a problem.

But the ...-u amavisd ... indicates it is being created wuth EUID:EGID
of amavisd:<some non-wheel group>

Try an ls -lF on /temp/spamd/*. to confirm.

>>
>> - might either be leaving the socket set with ownership and/or perm
>> settings that block the other?
>
>
> No. Upon the next call it works.


That is exactly why I am suspicious that there is a point during which
the socket is being accessed and locked by some process with higher priv
levels, then released again.

As you are not using an IP connection to spamd, there should be a very
small list of suspects.

> I looked in crash logs, reporters,
> system logs not a trace other than in the panic log and mail log.
>


Usually shows up in /var/log/exim/paniclog, /var/log/maillog,
/var/log/messages and/or /var/log/console.log

*trim*

>> - does Exim always run as the same UID:GID, or does it adopt the
>> UID:GID of, for example, an
>> authenticated MUA user,
>
>
> Exim is fixed user. Authentication is mysql based. No system users.
>


>>
>> - if so, is that done before or after the point at which you invoke
>> spamd?
>
>
> Before...
> During data acl
>
>     warn   message       = X-Spam-Status: $spam_report\n\
>                            X-New-Subject: [***SPAM***] $h_subject:
>            condition     = ${if <{$message_size}{80k}{1}{0}}
>            spam          = $acl_m0:true

>


Where you have 'acl_m0:true', many Exim examples have 'nobody:true', and
I use 'spamd:true'

Logs will show spamd made the run as user {number} for whomever that
user is.

That is where I would look - see if acl_m0 "sometimes" furnishes a
non-existent system user, or one that has no rights to the socket.

Adding:

logwrite = spamd invoked by users $acl_m0

- to that acl will log it in mainlog (at least).

*trimmed*

HTH

Bill Hacker