Upgrade fron 4.61.7 to 4.74.13-2

Dave Filchak dave.filchak at senecac.on.ca
Thu Jan 8 23:42:07 GMT 2009

Hello all again,

Glenn Steen wrote:
> 2009/1/8 Kai Schaetzl <maillists at conactive.com>:
>> Dave Filchak wrote on Thu, 08 Jan 2009 11:32:47 -0500:
>>>>> Unfortunately, the user Postfix is set to nologin ( postfix:x:80:80:Postfix
>>>>> Mail Server:/:/sbin/nologin ) so I cannot sudo to it )
>> look at the homedir!
> Indeed;)
>>> su - postfix -s /bin/bash
>>> -bash-3.00$ spamassassin --lint
>>> [19715] warn: config: path "//.spamassassin/user_prefs" is inaccessible:
>>> Permission denied
>>> -bash-3.00$
>> you get this strange path because your postfix user has the wrong homedir. It
>> should be /var/spool/postfix (That also shows that you don't have to su to
>> postfix, it's running as postfix, anyway.)
>> If your mail is still not flowing that might also be the reason for it.
> I'm leaning toward one of the classics here:
> Since the directory SA (as the postfix user) tries to write things to
> (user prefs, razor-agent thing, pyzor discover thing etc), some of
> that cr*p end up being written somewhere the postfix user _can_ write
> ... the hold queue... So Dave should perhaps look at that directory
> for non-queue files ... and remove them.
> How to make sure they never reappear?
> First: Set a more reasonable home directory for postfix, like
> /var/spool/postfix. Edit /etc/passwd with something safe like vipw
> Temporarily make that directory writable by the postfix user
> su - postfix -s /bin/bash
> spamassassin --lint
> spamassassin -t -D < /path/to/a/message
> exit
> Make the directory non-writable by postfix.
> You should now have all the needed directories, like .razor .pyzor and
> .spamassassin
> Create the directories by hand (in ~postfix) and make them owned by
> postfix and writable by postfix.
> Use the settings suggested in spam.assassin.prefs.conf (a.k.a.
> /etc/mail/spamassassin/mailscanner.cf) to explicitly set a directory
> to use for this. Look in the wiki for similar details for razor and
> pyzor (unless they're already in mailscanner.cf ... I fail to
> remember).
> Any of the alternatives would likely do.
> Then, as said, go check/clean your /var/spool/postfix/hold directory
> for/from files that aren't Postfix queue files.
Sorry I have not responded in the past few hours. I had to get a couple 
of hours of sleep as I was not able to think anymore.
>>> I am
>>> stumped.
>> This error is absolutely non-critical and can be ignored:
>> [14255] dbg: config: mkdir /var/spool/postfix/.spamassassin failed: mkdir
>> /var/spool/postfix/.spamassassin: Permission denied at
>> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin.pm line 1577
>> [14255] dbg: config: Permission denied
> I wouldn't exactly call it non-critical, since it might indicate the
> error-situation mentioned above:)
>> I'm just wondering why you get this error shown at all. It shouldn't show up
>> with a simple "spamassassin --lint" (you wrote you ran that, without -D), only
>> with "spamassassin --lint -D". I wonder if you have a mix of an older and newer
>> SA on your system. The output level of --lint has been changed several times
>> during the last year or so, so that it stops outputting uncritical errors. I
>> would really advise to remove the SA package, upgrade your CentOS and then
>> reapply it. I have to say that I'm not using the "easy install" package provided
>> by Jules. I always role my own which is *very* easy to do as they provide a
>> working spec file in their source. You just build it with the command given on
>> the download page and it works. You may want to try it this way. Maybe Jules has
>> an idea, what's wrong with your SA installation (if there is anything wrong).
I really cannot do this as it is a live server and I simply would not 
have time. I am going to build a new one and replace this in the first 
half of this year but need to get this up and running for the time 
being. What I cannot understand is: all of this was just fine (other 
than being out of date) before I upgraded.
> Might be worth doing:-)
> Oh, and before you jump on it, somewhere halfway through ... this
> stopped being an answer to your mail solely;-) But you saw that...:-P
So, I have a few more clues to pass on while I try and make sense of all 
your messages. We also run MailWatch and when looking at the quarantine, 
MS seems holding everything as spam, even if the SA score is 0. When I 
released a message from the quarantine, it gives me the following error:

SA Learn: error code 13 returned from sa-learn: bayes: cannot open bayes 
databases /etc/MailScanner/bayes/bayes_* R/O: tie failed: Permission 
denied bayes: expire_old_tokens: locker: safe_lock: cannot create 
lockfile /etc/MailScanner/bayes/bayes.mutex: Permission denied bayes: 
locker: safe_lock: cannot create lockfile 
/etc/MailScanner/bayes/bayes.mutex: Permission denied Learned tokens 
from 0 message(s) (1 message(s) examined)

Obviously some permission issues. It also shows every message as being 
listed in one of the RBLs I am using ... which I doubt. I noticed some 
others talking about some new lock file script?

I am going to study this message and see what makes sense for me to do.


More information about the MailScanner mailing list