The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

spamd erros on /var/log/maillog

Discussion in 'E-mail Discussions' started by nocbr.com, May 1, 2006.

  1. nocbr.com

    nocbr.com Member

    Joined:
    May 1, 2006
    Messages:
    22
    Likes Received:
    0
    Trophy Points:
    1
    Hi, I am having some erros on my /var/log/maillog. see:

    Sometimes my load goes to 20, and on top command i see spamd. Could be becouse the erros above? Someone knows how to fix it?

    Since know, thanks a lot.
     
  2. forlinuxsupport

    forlinuxsupport Well-Known Member
    PartnerNOC

    Joined:
    Dec 22, 2004
    Messages:
    386
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    Hi

    I have the same problem, any luck with fixing it ?

    cheers
    andy
     
  3. danimal

    danimal Well-Known Member

    Joined:
    Jul 14, 2003
    Messages:
    79
    Likes Received:
    0
    Trophy Points:
    6
    me too

    Me too...

    I'm still digging. Any thoughts/resolutions?

    I see that spamassassin does a setuid to root, but then "falls back" to nobody. So trying to "mkdir /root/.spamassassin" would fail for user nobody.

    I can probably force a fix here, but I'm not sure what spamassassin _should_ be doing. Should it be running as root? what should the settings be? Is this fixable via WHM or does it require some other changes?

    Anyway, I welcome any thoughts/advice.

    Thanks!

    -Danimal :cool:
     
  4. jalal

    jalal Active Member

    Joined:
    Jun 15, 2005
    Messages:
    33
    Likes Received:
    0
    Trophy Points:
    6
    Do you get those errors regularly? On mine it is about every 20mins or so...

    I suspect that they are triggered by cPanels chksrvd process which makes sure the services are running. It does the check as root, which spamd doesn't like. Most of the time spamd is run as the mail user I think, or the user getting the mail.

    Just a guess....

    :D
     
  5. danimal

    danimal Well-Known Member

    Joined:
    Jul 14, 2003
    Messages:
    79
    Likes Received:
    0
    Trophy Points:
    6
    no, it's about every 20 minutes or so for me.

    I'm not worried, particularly if it's something with chksrv and not a general spamd failure. What's interesting to me is that the processing seems to be the same email every time:

    Code:
    Jun  6 12:17:56 sapphire spamd[5678]: spamd: connection from localhost [127.0.0.1] at port 55466
    Jun  6 12:17:56 sapphire spamd[5678]: spamd: setuid to root succeeded
    Jun  6 12:17:56 sapphire spamd[5678]: spamd: still running as root: user not specified with -u, not found, or set to root, falling back to nobody at /usr/bin/spamd line 1152, <GEN14> line 4.
    Jun  6 12:17:56 sapphire spamd[5678]: spamd: processing message <GTUBE1.1010101@example.net> for root:99
    Jun  6 12:17:56 sapphire spamd[5678]: mkdir /root/.spamassassin: Permission denied at /usr/lib/perl5/site_perl/5.8.7/Mail/SpamAssassin.pm line 1469
    Jun  6 12:17:56 sapphire spamd[5678]: locker: safe_lock: cannot create tmp lockfile /root/.spamassassin/auto-whitelist.lock.sapphire.myserver.net.5678 for /root/.spamassassin/auto-whitelist.lock: Permission denied
    Jun  6 12:17:56 sapphire spamd[5678]: auto-whitelist: open of auto-whitelist file failed: locker: safe_lock: cannot create tmp lockfile /root/.spamassassin/auto-whitelist.lock.sapphire.myserver.net.5678 for /root/.spamassassin/auto-whitelist.lock: Permission denied
    Jun  6 12:17:56 sapphire spamd[5678]: spamd: identified spam (1000.0/5.0) for root:99 in 0.0 seconds, 834 bytes.
    Jun  6 12:17:56 sapphire spamd[5678]: spamd: result: Y 999 - GTUBE,NO_RECEIVED,NO_RELAYS scantime=0.0,size=834,user=root,uid=99,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=55466,mid=<GTUBE1.1010101@example.net>,autolearn=no
    Jun  6 12:17:56 sapphire spamd[5677]: prefork: child states: II
    
    I don't know what this message is and whether it's the same one that gets processed each time or a new one that looks the same.

    This is on a fairly new server with the latest (or close to latest) version of cpanel/whm. The interesting thing is that the spamd happens right after the following lines (i.e. these are in the log file right before the ones above:

    Code:
    Jun  6 12:26:18 sapphire imapd[8601]: Logout user=??? domain=??? host=localhost [127.0.0.1]
    Jun  6 12:26:18 sapphire cpanelpop[8611]: Connection from host=127.0.0.1 to ip=127.0.0.1
    Jun  6 12:26:18 sapphire cpanelpop[8611]: Session Closed host=127.0.0.1 ip= user= realuser= totalxfer=57
    
    Any thoughts?

    -Danimal :cool:
     
  6. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    You can usually fix that with:

    rm -Rfv /root/.spamassassin
    spamassassin --lint
     
  7. danimal

    danimal Well-Known Member

    Joined:
    Jul 14, 2003
    Messages:
    79
    Likes Received:
    0
    Trophy Points:
    6
    Thanks!

    Chirpy,

    Thanks!

    I ran that on both servers. No config errors, so that's good. I also discovered what the GTUBE bit was:

    http://spamassassin.apache.org/gtube/

    The funny thing is that even though I remove /root/.spamassassin (and everything under it) it gets recreated the next run. It's not a big deal, though. It's certainly not sucking up processor or memory or disk, so in the grand scheme of things, it's probably a pretty low priority.

    Anyway...

    -Danimal :cool:
     
  8. forlinuxsupport

    forlinuxsupport Well-Known Member
    PartnerNOC

    Joined:
    Dec 22, 2004
    Messages:
    386
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
  9. claven177

    claven177 Well-Known Member

    Joined:
    Sep 3, 2003
    Messages:
    61
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Taipei
    Last week I upgrade my box from RH9 to RedHat Enterprise 4.

    Compare to old box,
    I found the new box's spamd eat my CPU and sometime load go to 7~8
    and tail -300 /var/log/maillog.1

    There are some error messages for every account
    How to fix them ?

    auto-whitelist: open of auto-whitelist file failed: auto-whitelist: cannot open auto_whitelist_path /home/paranolik/.spamassassin/auto-whitelist: Inappropriate ioctl for device





    #tail -300 /var/log/maillog.1

    Code:
    Jun 12 10:47:52 p2006 spamd[25406]:[B] auto-whitelist: cannot open auto_whitelist_path /home/paranolik/.spamassassin/auto-whitelist: Inappropriate ioctl for device[/B]Jun 12 10:47:52 p2006 spamd[25406]: auto-whitelist: open of auto-whitelist file failed: auto-whitelist: cannot open auto_whitelist_path /home/paranolik/.spamassassin/auto-whitelist: Inappropriate ioctl for device
    Jun 12 10:47:52 p2006 spamd[25406]: spamd: clean message (0.3/10.0) for paranolik:32124 in 2.9 seconds, 6842 bytes.
    Jun 12 10:47:52 p2006 spamd[25406]: spamd: result: . 0 - BAYES_50,HTML_50_60,HTML_FONT_FACE_BAD,HTML_MESSAGE scantime=2.9,size=6842,user=paranolik,uid=32124,required_score=10.0,rhost=localhost,raddr=127.0.0.1,rport=44694,mid=<00ad01c68dca$8e815a70$de04000a@Leo>,bayes=0.49999999967779,autolearn=no
    Jun 12 10:47:52 p2006 spamd[24749]: prefork: child states: II
    Jun 12 10:47:59 p2006 spamd[25406]: spamd: connection from localhost [127.0.0.1] at port 44705
    Jun 12 10:47:59 p2006 spamd[25406]: spamd: setuid to coopnet succeeded
    Jun 12 10:47:59 p2006 spamd[25406]: spamd: processing message <ZKESRCHLAOAEQJDVFKVCVCC@hotmail.com> for coopnet:32107
    Jun 12 10:55:00 p2006 spamd[30497]: spamd: connection from localhost [127.0.0.1] at port 45363
    Jun 12 10:55:00 p2006 spamd[30497]: spamd: setuid to gotomac succeeded
    Jun 12 10:55:00 p2006 spamd[30497]: spamd: processing message <20060612025453.A2B471C7061CC@mst.epaper.com.tw> for gotomac:32123
    Jun 12 10:55:00 p2006 spamd[30549]: spamd: connection from localhost [127.0.0.1] at port 45366
    Jun 12 10:55:00 p2006 spamd[30549]: spamd: setuid to xdna succeeded
    Jun 12 10:55:01 p2006 spamd[30549]: spamd: processing message <BUAHUHCFLAELEXFCUQKBNPVSH@umail.hinet.net> for xdna:32103
    Jun 12 10:55:09 p2006 spamd[30549]: auto-whitelist: cannot open auto_whitelist_path /home/xdna/.spamassassin/auto-whitelist: Inappropriate ioctl for device
    Jun 12 10:55:09 p2006 spamd[30549]: auto-whitelist: open of auto-whitelist file failed: auto-whitelist: cannot open auto_whitelist_path /home/xdna/.spamassassin/auto-whitelist: Inappropriate ioctl for device
    Jun 12 10:55:10 p2006 spamd[30549]: spamd: identified spam (45.8/9.0) for xdna:32103 in 8.7 seconds, 4085 bytes.
    Jun 12 10:55:10 p2006 spamd[30549]: spamd: result: Y 45 - BAYES_99,DATE_IN_FUTURE_96_XX,FORGED_MUA_OUTLOOK,FORGED_OUTLOOK_HTML,FORGED_OUTLOOK_TAGS,FORGED_RCVD_HELO,FROM_ILLEGAL_CHARS,HEAD_ILLEGAL_CHARS,HTML_MESSAGE,HTML_MIME_NO_HTML_TAG,MIME_BOUND_DD_DIGITS,MIME_HTML_ONLY,MIME_HTML_ONLY_MULTI,MISSING_MIMEOLE,MSGID_SPAM_CAPS,RCVD_DOUBLE_IP_SPAM,RCVD_NUMERIC_HELO,REPTO_QUOTE_YAHOO,SUBJ_ILLEGAL_CHARS,UNPARSEABLE_RELAY,URIBL_SBL scantime=8.7,size=4085,user=xdna,uid=32103,required_score=9.0,rhost=localhost,raddr=127.0.0.1,rport=45366,mid=<BUAHUHCFLAELEXFCUQKBNPVSH@umail.hinet.net>,bayes=0.999989992741023,autolearn=no
    Jun 12 10:55:10 p2006 spamd[30050]: prefork: child states: BI
    Jun 12 10:55:10 p2006 spamd[30549]: spamd: connection from localhost [127.0.0.1] at port 45376
    Jun 12 10:55:10 p2006 spamd[30549]: spamd: setuid to paranolik succeeded
    Jun 12 10:55:10 p2006 spamd[30549]: spamd: processing message <l4mmM3i0v0XbH@timbre> for paranolik:32124
    Jun 12 10:55:15 p2006 spamd[30549]: [B]auto-whitelist: cannot open auto_whitelist_path /home/paranolik/.spamassassin/auto-whitelist: Inappropriate ioctl for device[/B]
    Jun 12 10:55:15 p2006 spamd[30549]: auto-whitelist: open of auto-whitelist file failed: auto-whitelist: cannot open auto_whitelist_path /home/paranolik/.spamassassin/auto-whitelist: Inappropriate ioctl for device
    Jun 12 10:55:15 p2006 spamd[30549]: spamd: identified spam (22.5/10.0) for paranolik:32124 in 5.5 seconds, 1801 bytes.
    Jun 12 10:55:15 p2006 spamd[30549]: spamd: result: Y 22 - BAYES_99,FROM_LOCAL_NOVOWEL,HELO_DYNAMIC_IPADDR2,HELO_DYNAMIC_SPLIT_IP,HTML_MESSAGE,MIME_BOUND_DIGITS_15,RCVD_NUMERIC_HELO,SUBJ_ILLEGAL_CHARS,UNPARSEABLE_RELAY,X_MAILER_SPAM scantime=5.5,size=1801,user=paranolik,uid=32124,required_score=10.0,rhost=localhost,raddr=127.0.0.1,rport=45376,mid=<l4mmM3i0v0XbH@timbre>,bayes=1,autolearn=no
    Jun 12 10:55:15 p2006 spamd[30050]: prefork: child states: BI
    Jun 12 10:55:18 p2006 spamd[30497]: auto-whitelist: cannot open auto_whitelist_path /home/gotomac/.spamassassin/auto-whitelist: Inappropriate ioctl for device
    Jun 12 10:55:18 p2006 spamd[30497]: auto-whitelist: open of auto-whitelist file failed: auto-whitelist: cannot open auto_whitelist_path /home/gotomac/.spamassassin/auto-whitelist: Inappropriate ioctl for device
    Jun 12 10:55:18 p2006 spamd[30497]: spamd: identified spam (10.7/9.0) for gotomac:32123 in 18.6 seconds, 116673 bytes.
    Jun 12 10:55:18 p2006 spamd[30497]: spamd: result: Y 10 - BAYES_99,DATE_IN_PAST_03_06,EXTRA_MPART_TYPE,HTML_90_100,HTML_FONT_LOW_CONTRAST,HTML_IMAGE_RATIO_02,HTML_MESSAGE,MIME_BASE64_NO_NAME,MIME_BASE64_TEXT,MIME_HTML_MOSTLY,URIBL_SBL scantime=18.6,size=116673,user=gotomac,uid=32123,required_score=9.0,rhost=localhost,raddr=127.0.0.1,rport=45363,mid=<20060612025453.A2B471C7061CC@mst.epaper.com.tw>,bayes=1,autolearn=no
    Jun 12 10:55:18 p2006 spamd[30050]: prefork: child states: II
    Jun 12 10:55:59 p2006 spamd[30497]: spamd: connection from localhost [127.0.0.1] at port 45427
    Jun 12 10:55:59 p2006 spamd[30497]: spamd: setuid to paranolik succeeded
    Jun 12 10:55:59 p2006 spamd[30497]: spamd: processing message <53k08c$2blk6h@ms1.digitimes.com.tw> for paranolik:32124
    Jun 12 10:56:05 p2006 spamd[30497]: [B]auto-whitelist: cannot open auto_whitelist_path /home/paranolik/.spamassassin/auto-whitelist: Inappropriate ioctl for device[/B]Jun 12 10:56:05 p2006 spamd[30497]: auto-whitelist: open of auto-whitelist file failed: auto-whitelist: cannot open auto_whitelist_path /home/paranolik/.spamassassin/auto-whitelist: Inappropriate ioctl for device
    Jun 12 10:56:05 p2006 spamd[30497]: spamd: identified spam (14.3/10.0) for paranolik:32124 in 6.5 seconds, 16141 bytes.
    Jun 12 10:56:06 p2006 spamd[30497]: spamd: result: Y 14 - BAYES_99,FROM_ILLEGAL_CHARS,HTML_MESSAGE,MIME_HTML_ONLY,RCVD_IN_WHOIS_BOGONS,SUBJ_ILLEGAL_CHARS scantime=6.5,size=16141,user=paranolik,uid=32124,required_score=10.0,rhost=localhost,raddr=127.0.0.1,rport=45427,mid=<53k08c$2blk6h@ms1.digitimes.com.tw>,bayes=1,autolearn=no
    Jun 12 10:56:06 p2006 spamd[30050]: prefork: child states: II
    Jun 12 10:56:29 p2006 spamd[30497]: spamd: connection from localhost [127.0.0.1] at port 45465
    Jun 12 10:56:29 p2006 spamd[30497]: spamd: setuid to itpmcom succeeded
    Jun 12 10:56:29 p2006 spamd[30497]: spamd: processing message <YBOAXKYJOQPCDKPSRPYLPN@msa.hinet.net> for itpmcom:32044
    Jun 12 10:56:30 p2006 spamd[30497]: auto-whitelist: cannot open auto_whitelist_path /home/itpmcom/.spamassassin/auto-whitelist: Inappropriate ioctl for device
    Jun 12 10:56:30 p2006 spamd[30497]: [B]auto-whitelist: open of auto-whitelist file failed: auto-whitelist: cannot open auto_whitelist_path /home/itpmcom/.spamassassin/auto-whitelist: Inappropriate ioctl for device[/B]
    Jun 12 10:56:30 p2006 spamd[30497]: spamd: identified spam (27.4/9.0) for itpmcom:32044 in 0.7 seconds, 3268 bytes.
    Jun 12 10:56:30 p2006 spamd[30497]: spamd: result: Y 27 - DATE_IN_FUTURE_96_XX,FORGED_MUA_OUTLOOK,FROM_ILLEGAL_CHARS,HEAD_ILLEGAL_CHARS,MIME_BOUND_DD_DIGITS,MISSING_MIMEOLE,MSGID_SPAM_CAPS,PLING_PLING,RCVD_DOUBLE_IP_SPAM,SUBJ_ILLEGAL_CHARS,UNPARSEABLE_RELAY,UPPERCASE_25_50,URIBL_WS_SURBL scantime=0.7,size=3268,user=itpmcom,uid=32044,required_score=9.0,rhost=localhost,raddr=127.0.0.1,rport=45465,mid=<YBOAXKYJOQPCDKPSRPYLPN@msa.hinet.net>,autolearn=no
    Jun 12 10:56:30 p2006 spamd[30050]: prefork: child states: II
     
    #9 claven177, Jun 11, 2006
    Last edited: Jun 11, 2006
  10. bgpdownc

    bgpdownc Registered

    Joined:
    Jun 12, 2006
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    I think spamassassin unable to write to .spamassasin in the user homedir. Try change owner of those directory to the corressponding user.

    Or try to disable bayes learning (I guess).
     
  11. ladylinux

    ladylinux Member

    Joined:
    Jun 22, 2003
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Baltimore, Maryland
    Hello,

    This is because of a incompatible auto_whitelist db file.

    I fixed mine on Centos 4.X like so

    yum install db4-utils

    cd /root/.spamassassin/

    db_upgrade auto_whitelist

    Restart spamd ..

    Hope this helps .. It only gets you past this error .. You may still get some permission errors .. But I am not happy with my fix for that to be honest which involves opening this dir and the white list file to unprivledged users .. So I don't recommend this unless someone who knows more about this can comment and either come up with a more elegant solution or say that is ok here which I doubt.

    Francesca
     
  12. websnail.net

    websnail.net Active Member

    Joined:
    Mar 24, 2002
    Messages:
    35
    Likes Received:
    0
    Trophy Points:
    6
    Been seeing the same issue on my own server while trying to work out how to resolve a few other issues a client is seeing.

    Seems rather un-security conscious to be running the process as root though and that question has been asked a few dozen times now with no answer as to why it hasn't been changed to a dedicated user. It would certainly clear up a few of the issues that seem to be around and increase security.


    After a bit more digging it seems that the error is purely down to the system trying to testing Spamassassin using this Gtube which is mentioned in another thread. I'm guessing here but it seems spamd doesn't like running as root when it comes to actually dealing with the thing so it drops to user Nobody and you get the old access denied error for the /root/.spamassassin folder.


    None of the suggestions provided in the forums to-date have worked though so it seems you just have to live with it..
     
    #12 websnail.net, Oct 10, 2006
    Last edited: Oct 10, 2006
Loading...

Share This Page