SpamAssassin permissions

[sparek-3]

I have upgraded a couple of our servers to cPanel 11. Ever since then I have noticed a few issues with our spam. Its like a few spam messages are not being flagged as spam as they are suppose to. I also had trouble with the user_prefs file being recognized, which I traced back to a permission problem on the /home/<user>/.spamassassin directory. But I'm still seeming to have a few problems.

I'm wondering what the correct permissions and ownership settings should be for the files and directory under /home/<user>/.spamassassin should be?

It looks as if cPanel 11 changed the way SpamAssassin is running and it is now running as the user nobody as opposed to the user root in cPanel 10. This is probably a much better solution security wise, but I think it is interferes with the permissions.

I noticed in my maillog that spamd seemed to be having trouble accessing the auto-whitelist and bayes_* files in the .spamassassin directory. When I investigated this, it appeared as if this was because the files were not owned correctly or did not have the correct settings. It also appears that the nobody user/group needs to have read/write/execute permissions to this directory in order to create lock files.

I have set the permissions to these files and directories as follows:

Code:

drwxrwxr-x    2 <user> nobody       4096 Jul 11 12:58 ./
drwx--x--x   12 <user> <user>     4096 Jul 11 11:54 ../
-rw-------    1 nobody   nobody    2654208 Jul 11 12:58 auto-whitelist
-rw-------    1 nobody   nobody    2617344 Jul 11 12:58 bayes_seen
-rw-------    1 nobody   nobody   41680896 Jul 11 12:58 bayes_toks
-rw-r--r--    1 <user> <user>     6013 Jul 11 12:33 user_prefs

and this appears to have solved all of the errors and permission problems in the maillog file.

I am just wondering if anyone else has noticed this problem or if there is another, better solution.

Or perhaps I am the only one that is experiencing this. I do have a lot of custom exim ACLs, but I have removed all of those and reset everything back to default to test this.

[sparek-3]

After some investigation in this matter, it appears that there are two different ways that SpamAssassin is running.

If you restart SpamAssassin with exim by running:

/scripts/restartsrv_exim

Then SpamAssassin continues to run as root:

Code:

/usr/bin/spamd -d --allowed-ips=127.0.0.1

If you restart just SpamAssassin by running:

/scripts/restartsrv_spamd

Then SpamAssassin is running as nobody:

Code:

/usr/bin/spamd -d -u nobody --allowed-ips=127.0.0.1

I'm not sure which way is right.

I have verified that this appears to be an issue with 11.6.0-RELEASE_15076.

Anybody else seeing this behavior? I suppose a Bugzilla entry needs to be made, but I'm not sure which way is correct and I'm not sure if anyone else is having this problem.

[sparek-3]

I have made a bugzilla entry for this.

http://bugzilla.cpanel.net/show_bug.cgi?id=5652

In case anybody happens to run across this thread.

[sparek-3]

Anybody else have any feedback on this. I'm actually hoping to bump this thread up and see if any cPanel people will respond. What user should spamd be running as on cPanel 11?

I tried the latest cPanel Current and this does not appear to be corrected one way or another.

[EdP]

Yes, same problem as you. Have had to tweak permissions but would love to know what the 'correct' ones are.

Ed

[ncrossland]

I found the same thing -- will keep on eye on what happens!

[paiolhosting]

I have the same problem..

=(

[sparek-3]

This should be fixed in the latest Release that was updated this morning.

[WebHostDog]

Hello,
Using the latest cPanel Release and the message is still there:



Feb 27 07:33:11 server spamd[4659]: spamd: processing message <GTUBE1.1010101@example.net> for root:99
Feb 27 07:33:12 server spamd[4659]: auto-whitelist: open of auto-whitelist file failed: locker: safe_lock: cannot create tmp lockfile /.spamassassin/auto-whitelist.lock.server.host.com.4659 for /.spamassassin/auto-whitelist.lock: No such file or directory
Feb 27 07:33:12 server spamd[4659]: spamd: identified spam (1001.4/7.0) for root:99 in 0.4 seconds, 834 bytes.


Any ideas ?

[Kent Brockman]

Same question here. Is it normal?
We run cPanel 11.24.4-S33345 - WHM 11.24.2 - X 3.9

[sparek-3]

What spamd line are you seeing when you run:

Code:

ps aux | grep spamd

As far as I know this was resolved back in 2007 with 11.8.0-C15601. This resolved the issue where spamd was running as root and sometimes running as nobody.

[Kent Brockman]

Hi, I see this:

Code:

root     11631  0.2  3.5 31128 27596 ?       S    21:56   0:04 spamd child
root     21993  0.0  2.8 26604 22200 ?       Ss   01:02   0:01 /usr/bin/spamd -d --allowed-ips=127.0.0.1 --max-conn-per-child=20 --pidfile=/var/run/spamd.pid --max-children=2 --max-spare=1

I have lots of lines in /var/log/messages saying:

Code:

Feb 12 22:22:09 servidor spamd[11631]: auto-whitelist: open of auto-whitelist file failed: locker: safe_lock: cannot create tmp lockfile /.spamassassin/auto-whitelist.lock.xxxxxxxxxxxxxxx.com.11631 for /.spamassassin/auto-whitelist.lock: No such file or directory

Is this related is any way with the thread issue?
What is it looking for at /.spamassassin/auto-whitelist.lock ?

[Kent Brockman]

no more news about this?

[cronist]

i am having same issue.

what is the way to solve this?

[PDW]

Ditto - just got a different server and having a few issues surrounding

auto-whitelist: open of auto-whitelist file failed: locker: safe_lock: cannot create tmp lockfile /.spamassassin/auto-whitelist.lock: No such file or directory

using
cPanel 11.24.4-R35075 - WHM 11.24.2 - X 3.9
CENTOS 5.3 i686 standard on s6

Also have this

spamd: still running as root: user not specified with -u, not found, or set to root, falling back to nobody