User postfix refuses to run sa-learn

Sun Sep 16 17:18:46 IST 2007

On 16/09/2007, Martin Wickman <martin.wickman at xms.se> wrote:
> Glenn Steen wrote:
> > On 16/09/2007, Martin Wickman <martin.wickman at xms.se> wrote:
> >> Hi
> >>
> >> I'm running MailScanner with spamassassin and postfix. I have configured
> >> postfix to execute a script which runs sa-learn on all new mails that
> >> gets sent to the 'spam' user. The idea is to update the site-global
> >> /var/spool/MailScanner/spamassassin/bayes.* database automatically when
> >> my users forwards their spam.
> >>
> >> In postfix/master.cf I have this rule:
> >>
> >> spam unix -  n n -   -   pipe user=postfix:postfix
> >>     argv=/usr/local/bin/sa-learn-wrapper.pl spam ${sender}
> >>
> >> That says that postfix should run a command which updates the bayes
> >> database.
> >>
> >> BUT that fails horrible because postfix refuses to run commands as the
> >> postfix user...
> >>
> >> 'Run As User' is postfix and thus /var/spool/.../bayes* is also owned by
> >> postfix. Afaik I *need* to run sa-learn as postfix since the
> >> bayes-database and spamassassin is owned and ran by postfix. Its some
> >> kind of catch-22 here :(
> >>
> >> Apart from chmod 666 /var/spool/.../bayes* and using nobody:nobody, do
> >> you guys have any ideas how to fix this?
> >>
> >
> > fisrt up... What is your bayessetup in SA? bayes_path ... etc...
> > Second... When run like that, aren't you in the chroot jail? So paths
> > etc would be "wrong", so to speak...?
>
> It's a standard setup more or less. No chroot jail at the moment.
> bayes_path is /var/spool/MailScanner/spamassassin/bayes

And you don't run Postfix chrooted? That happens to be the standard on
most distros (of Linux)... So it might be something like that still.
It wouldn't show if you "su- postfix -s /bin/bash", since that
wouldn't be chrooted to (something like) /var/spool/postfix, just have
it's home dir there.

As to the "standard setup", where you put bayes isn't that much
standardised... I still wan't to know _if_ you have bayes_path etc set
in such a way that all invocations of SA will find/use that setting (I
suspect this is the case, but ... better safe than sorry:-). A classic
problems is that one lacks the mailscanner.cf link to
spam.assassin.prefs.conf, so anything set there isn't picked up by
sa-learn etc... Which would default to trying to use
$HOME/.spamassassin/... for everything bayes... and the default for
that dir (which also is the root of the jail) usually isn't writable
by the postfix user (and shouldn't be!).

> This is not a path problem, its a problem because SA runs as postfix and
> I need sa-learn to run as postfix as well, since the bayes database in
> bayes_path is postfix owned.
Fine, but do tell if you have the symbolic link from
/etc/mail/spamassassin/mailscanner.cf to
/etc/MailScanner/spam.assassin.prefs.conf, please.

If you do the su from above, can you run the script successfully by hand?
What error logs do you get?

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se