--- On Tue, 7/27/10, Graeme Fowler <graeme@???> wrote:
> From: Graeme Fowler <graeme@???>
> Subject: Re: [exim] "python traceback" warning from pyzor on every SA-scanned email
> To: exim-users@???
> Date: Tuesday, July 27, 2010, 1:14 AM
> Hi
>
> Firstly - you might need to ask this on a SA list rather
> than here,
The reason I am asking here:
(1) Integration of Clamav and SA scanning from an acl is a major reason to use exim
(2) I assumed (perhaps wrongly) that exim users almost universally use these scanning capabilities -- hence would be able to offer advice on setting it up.
(3) The manual basically implies that all one has to do is enable the default acl and "it just works".
(4) I have a long-standing theory that any problem encountered when applying a widely-used tool is not unique. Somebody has been there before.
I don't have an unusual setup (at least, I don't think I do). exim daemon. spamassassin daemon. SA config is pure default. I have tried both interfaces (socket/tcp). SA is called from the dault acl with:
Same result in both cases. Everything works except pyzor.
I agree with your later comments about permissions. I will try tinkering with that. exim calls SA as "nobody", per the default acl. The SA default is to run as the user it is called as, but can be forced to run as any user. I don't know whether to change the spam acl, or force SA to use a specific user or group. The SA config info warns against running as root...
> however...
>
> On Mon, 2010-07-26 at 13:09 -0700, Phillip Carroll wrote:
> > Notice the "internal error" line for pyzor. I
> can't figure out how to get rid of this issue.
>
> OK...
>
> > and:
> > "run the following test:
> > # spamassassin -D pyzor -t < some.msg
> >
> > When the debug test is run from the console, no
> problem appears.
> > ===============snip=============================
> > Jul 26 12:45:22.275 [1139] dbg: pyzor: network tests
> on, attempting Pyzor
> > Jul 26 12:45:24.790 [1139] dbg: pyzor: pyzor is
> available: /usr/bin/pyzor
> > Jul 26 12:45:24.791 [1139] dbg: pyzor: opening pipe:
> /usr/bin/pyzor check < /tmp
> > /.spamassassin1139jQFf0Etmp
> > Jul 26 12:45:25.001 [1139] dbg: pyzor: [1140] finished
> successfully
> > Jul 26 12:45:25.001 [1139] dbg: pyzor: got response:
> public.pyzor.org:24441 (200
> > , 'OK') 191 0
> > Jul 26 12:45:25.002 [1139] dbg: pyzor: listed:
> COUNT=191/5 WHITELIST=0
> > ===============snip=============================
>
> Your debug test is running as root. Exim, and SpamAssassin,
> almost
> certainly are not. That's the first clue.
>
> > Two questions:
> > (1) Does the warning mean pyzor is not doing anything
> for me?
>
> Almost certainly.
>
> > (2) How do I find out what is causing this error,
> since it obviously works under debug.
>
> Try running it as the Exim or spamd user and see what
> happens. I would
> surmise that something in the Pyzor config is only readable
> by root, or
> it has some state file (I know little about how it works)
> which is only
> writeable by root.
I agree that this looks like a permissions-related problem. I will play around with this a bit.
>
> You may find more detail (like the traceback itself) in
> your SA logs -
> most likely in /var/log/maillog.
Nope. No detail in any log.
>
> Graeme
>
>
> --
> ## List details at http://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/
>
