The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SpamAssassin permissions

Discussion in 'E-mail Discussions' started by sparek-3, Jul 11, 2007.

  1. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,384
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    I have upgraded a couple of our servers to cPanel 11. Ever since then I have noticed a few issues with our spam. Its like a few spam messages are not being flagged as spam as they are suppose to. I also had trouble with the user_prefs file being recognized, which I traced back to a permission problem on the /home/<user>/.spamassassin directory. But I'm still seeming to have a few problems.

    I'm wondering what the correct permissions and ownership settings should be for the files and directory under /home/<user>/.spamassassin should be?

    It looks as if cPanel 11 changed the way SpamAssassin is running and it is now running as the user nobody as opposed to the user root in cPanel 10. This is probably a much better solution security wise, but I think it is interferes with the permissions.

    I noticed in my maillog that spamd seemed to be having trouble accessing the auto-whitelist and bayes_* files in the .spamassassin directory. When I investigated this, it appeared as if this was because the files were not owned correctly or did not have the correct settings. It also appears that the nobody user/group needs to have read/write/execute permissions to this directory in order to create lock files.

    I have set the permissions to these files and directories as follows:

    Code:
    drwxrwxr-x    2 <user> nobody       4096 Jul 11 12:58 ./
    drwx--x--x   12 <user> <user>     4096 Jul 11 11:54 ../
    -rw-------    1 nobody   nobody    2654208 Jul 11 12:58 auto-whitelist
    -rw-------    1 nobody   nobody    2617344 Jul 11 12:58 bayes_seen
    -rw-------    1 nobody   nobody   41680896 Jul 11 12:58 bayes_toks
    -rw-r--r--    1 <user> <user>     6013 Jul 11 12:33 user_prefs
    and this appears to have solved all of the errors and permission problems in the maillog file.

    I am just wondering if anyone else has noticed this problem or if there is another, better solution.

    Or perhaps I am the only one that is experiencing this. I do have a lot of custom exim ACLs, but I have removed all of those and reset everything back to default to test this.
     
  2. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,384
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    After some investigation in this matter, it appears that there are two different ways that SpamAssassin is running.

    If you restart SpamAssassin with exim by running:

    /scripts/restartsrv_exim

    Then SpamAssassin continues to run as root:

    Code:
    /usr/bin/spamd -d --allowed-ips=127.0.0.1
    If you restart just SpamAssassin by running:

    /scripts/restartsrv_spamd

    Then SpamAssassin is running as nobody:

    Code:
    /usr/bin/spamd -d -u nobody --allowed-ips=127.0.0.1
    I'm not sure which way is right.

    I have verified that this appears to be an issue with 11.6.0-RELEASE_15076.

    Anybody else seeing this behavior? I suppose a Bugzilla entry needs to be made, but I'm not sure which way is correct and I'm not sure if anyone else is having this problem.
     
  3. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,384
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
  4. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,384
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Anybody else have any feedback on this. I'm actually hoping to bump this thread up and see if any cPanel people will respond. What user should spamd be running as on cPanel 11?

    I tried the latest cPanel Current and this does not appear to be corrected one way or another.
     
  5. EdP

    EdP Member

    Joined:
    Dec 19, 2006
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Buckinghamshire, UK
    Yes, same problem as you. Have had to tweak permissions but would love to know what the 'correct' ones are.

    Ed
     
  6. ncrossland

    ncrossland Member

    Joined:
    Sep 23, 2003
    Messages:
    21
    Likes Received:
    0
    Trophy Points:
    1
    I found the same thing -- will keep on eye on what happens!
     
  7. paiolhosting

    paiolhosting Registered

    Joined:
    Aug 8, 2007
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    I have the same problem..

    =(
     
  8. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,384
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    This should be fixed in the latest Release that was updated this morning.
     
  9. WebHostDog

    WebHostDog Well-Known Member

    Joined:
    Sep 3, 2006
    Messages:
    144
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Website Owner
    Hello,
    Using the latest cPanel Release and the message is still there:



    Feb 27 07:33:11 server spamd[4659]: spamd: processing message <GTUBE1.1010101@example.net> for root:99
    Feb 27 07:33:12 server spamd[4659]: auto-whitelist: open of auto-whitelist file failed: locker: safe_lock: cannot create tmp lockfile /.spamassassin/auto-whitelist.lock.server.host.com.4659 for /.spamassassin/auto-whitelist.lock: No such file or directory
    Feb 27 07:33:12 server spamd[4659]: spamd: identified spam (1001.4/7.0) for root:99 in 0.4 seconds, 834 bytes.


    Any ideas ?
     
  10. Kent Brockman

    Kent Brockman Well-Known Member

    Joined:
    Jan 20, 2008
    Messages:
    1,130
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Buenos Aires, Argentina
    cPanel Access Level:
    Root Administrator
    Twitter:
    Same question here. Is it normal?
    We run cPanel 11.24.4-S33345 - WHM 11.24.2 - X 3.9
     
  11. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,384
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    What spamd line are you seeing when you run:

    Code:
    ps aux | grep spamd
    As far as I know this was resolved back in 2007 with 11.8.0-C15601. This resolved the issue where spamd was running as root and sometimes running as nobody.
     
  12. Kent Brockman

    Kent Brockman Well-Known Member

    Joined:
    Jan 20, 2008
    Messages:
    1,130
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Buenos Aires, Argentina
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hi, I see this:

    Code:
    root     11631  0.2  3.5 31128 27596 ?       S    21:56   0:04 spamd child
    root     21993  0.0  2.8 26604 22200 ?       Ss   01:02   0:01 /usr/bin/spamd -d --allowed-ips=127.0.0.1 --max-conn-per-child=20 --pidfile=/var/run/spamd.pid --max-children=2 --max-spare=1
    I have lots of lines in /var/log/messages saying:

    Code:
    Feb 12 22:22:09 servidor spamd[11631]: auto-whitelist: open of auto-whitelist file failed: locker: safe_lock: cannot create tmp lockfile /.spamassassin/auto-whitelist.lock.xxxxxxxxxxxxxxx.com.11631 for /.spamassassin/auto-whitelist.lock: No such file or directory
    Is this related is any way with the thread issue?
    What is it looking for at /.spamassassin/auto-whitelist.lock ?
     
  13. Kent Brockman

    Kent Brockman Well-Known Member

    Joined:
    Jan 20, 2008
    Messages:
    1,130
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Buenos Aires, Argentina
    cPanel Access Level:
    Root Administrator
    Twitter:
    no more news about this?
     
  14. cronist

    cronist Member

    Joined:
    Apr 19, 2009
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    same issue

    i am having same issue.

    what is the way to solve this?
     
  15. PDW

    PDW Well-Known Member

    Joined:
    Dec 29, 2003
    Messages:
    119
    Likes Received:
    0
    Trophy Points:
    16
    Ditto - just got a different server and having a few issues surrounding

    using
    cPanel 11.24.4-R35075 - WHM 11.24.2 - X 3.9
    CENTOS 5.3 i686 standard on s6

    Also have this
     
    #15 PDW, May 10, 2009
    Last edited: May 10, 2009
  16. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,281
    Likes Received:
    37
    Trophy Points:
    48
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    Nothing to worry about - that's my guess. If you look at the logs directly preceding it, you'll see mention of the GTUBE test message. That's the _only_ time these occur in my logs and there is no real problem.

    Mike
     
Loading...

Share This Page