Re: [exim] Exim and spamd

Top Page
Delete this message
Reply to this message
Author: George
Date:  
To: Bill Hacker
CC: exim-users
Subject: Re: [exim] Exim and spamd
*trim*

>If the socket is *really* created as root:wheel that could create a problem.
>
>But the ...-u amavisd ... indicates it is being created wuth
>EUID:EGID of amavisd:<some non-wheel group>


amavisd:amavisd (it has it's own group)

>
>Try an ls -lF on /temp/spamd/*. to confirm.



/tmp/spamd is the socket file...

srw-rw-rw-   1 root      wheel   0 Dec  9 12:50 /tmp/spamd=


>
>>>
>>>- might either be leaving the socket set with ownership and/or
>>>perm settings that block the other?
>>
>>
>>No. Upon the next call it works.
>
>That is exactly why I am suspicious that there is a point during which
>the socket is being accessed and locked by some process with higher
>priv levels, then released again.


I've captured two messages in debug on spamd upon a fresh start of
which the first one immediately showed up in the exim panic log and
second was processed with no problem. So I guess it's the message
that triggers something.

2005-12-09 13:42:12 IR92YC-0007MF-2Z spam acl condition: Resource
temporarily unavailable on spamd socket

Here is the detail log for the 2 messages: captainnet.net/spamd_details.txt

*trim*
>>I looked in crash logs, reporters, system logs not a trace other
>>than in the panic log and mail log.
>>
>
>Usually shows up in /var/log/exim/paniclog, /var/log/maillog,
>/var/log/messages and/or /var/log/console.log


I couldn't find anything else that would point to the problem.


*trim*
>>During data acl
>>
>>     warn   message       = X-Spam-Status: $spam_report\n\
>>                            X-New-Subject: [***SPAM***] $h_subject:
>>            condition     = ${if <{$message_size}{80k}{1}{0}}
>>            spam          = $acl_m0:true

>>
>
>Where you have 'acl_m0:true', many Exim examples have 'nobody:true',
>and I use 'spamd:true'


acl_m0:true compares user name in mysql which is the users full email
address, however, I run SA only on a "per domain" basis, so
"spamd:true" would only allow me system wide settings. That works out
fine, as there is no message rejection. SA tags are used to filter
the messages.

>
>Logs will show spamd made the run as user {number} for whomever that user is.
>
>That is where I would look - see if acl_m0 "sometimes" furnishes a
>non-existent system user, or one that has no rights to the socket.
>
>Adding:
>
>logwrite = spamd invoked by users $acl_m0


It shows up in mail.log anyway, but I'll do some tests later on to compare.

George

>
>- to that acl will log it in mainlog (at least).
>
>*trimmed*
>
>HTH
>
>Bill Hacker
>
>--
>## List details at http://www.exim.org/mailman/listinfo/exim-users
>## Exim details at http://www.exim.org/
>## Please use the Wiki with this list - http://www.exim.org/eximwiki/