Upgrade fron 4.61.7 to 4.74.13-2

[Glenn Steen]

2009/1/9 Dave Filchak <dave.filchak at senecac.on.ca>:
> Glenn,
>
> Glenn Steen wrote:
>>
>> 2009/1/8 Kai Schaetzl <maillists at conactive.com>:
>>
>>>
>>> Dave Filchak wrote on Thu, 08 Jan 2009 11:32:47 -0500:
>>>
>>>
>>>>>>
>>>>>> Unfortunately, the user Postfix is set to nologin (
>>>>>> postfix:x:80:80:Postfix
>>>>>> Mail Server:/:/sbin/nologin ) so I cannot sudo to it )
>>>>>>
>>>
>>> look at the homedir!
>>>
>>
>> Indeed;)
>>
>>
>>>>
>>>> su - postfix -s /bin/bash
>>>> -bash-3.00$ spamassassin --lint
>>>> [19715] warn: config: path "//.spamassassin/user_prefs" is inaccessible:
>>>> Permission denied
>>>> -bash-3.00$
>>>>
>>>
>>> you get this strange path because your postfix user has the wrong
>>> homedir. It
>>> should be /var/spool/postfix (That also shows that you don't have to su
>>> to
>>> postfix, it's running as postfix, anyway.)
>>> If your mail is still not flowing that might also be the reason for it.
>>>
>>>
>>
>> I'm leaning toward one of the classics here:
>> Since the directory SA (as the postfix user) tries to write things to
>> (user prefs, razor-agent thing, pyzor discover thing etc), some of
>> that cr*p end up being written somewhere the postfix user _can_ write
>> ... the hold queue... So Dave should perhaps look at that directory
>> for non-queue files ... and remove them.
>>
>
> Actually ... the only thing in the hold directory is the razor-agent.log.
This is the one most usual culprit! Remove it, and configure razor so
that it cannot ever happen again.

> Nothing else. There is also nothing in the incoming directory either. The
> server is not delivering any mail now. Though I do not see ANY errors in the
> logs. I can send myself an email and I see it being delivered to my maildir.
> But it will not deliver it.
What does MailWatch say about the incoming messages? Are they all
clased as spam? If so ... do you by any chance have ORDB, or some
other dead BL, in Spam Lists (in MailScanner.conf)...? That might
explain that, so to speak.
Simplest fix:
mkdir /var/spool/postfix/.razor
mkdir /var/spool/postfix/.spamassassin
mkdir /var/spool/postfix/.pyzor
chown postfix.postfix /var/spool/postfix/.razor
/var/spool/postfix/.pyzor /var/spool/postfix/.spamassassin
... and make sure to change
postfix:x:80:80:Postfix Mail Server:/:/sbin/nologin
to
postfix:x:80:80:Postfix Mail Server:/var/spool/postfix:/sbin/nologin

The above is "Alternative 2" spelled out;-).
>>
>> How to make sure they never reappear?
>> First: Set a more reasonable home directory for postfix, like
>> /var/spool/postfix. Edit /etc/passwd with something safe like vipw
>>
>> ALTERNATIVE 1
>> Temporarily make that directory writable by the postfix user
>> su - postfix -s /bin/bash
>> spamassassin --lint
>> spamassassin -t -D < /path/to/a/message
>> exit
>> Make the directory non-writable by postfix.
>> You should now have all the needed directories, like .razor .pyzor and
>> .spamassassin
>>
>> ALTERNATIVE 2
>>
>> Create the directories by hand (in ~postfix) and make them owned by
>> postfix and writable by postfix.
>>
>
> Currently, the /var/spool/postfix directory itself is owned by root:root
> Inside this directory, most everything is owned by postfix and group root
> but is only rwx for user only.
Which is fine.
>
> So, if I create the needed folders in here and set them up as the same
> permissions ... should that work?
Yes.

>>
>> ALTERNATIVE 3
>>
>> Use the settings suggested in spam.assassin.prefs.conf (a.k.a.
>> /etc/mail/spamassassin/mailscanner.cf) to explicitly set a directory
>> to use for this. Look in the wiki for similar details for razor and
>> pyzor (unless they're already in mailscanner.cf ... I fail to
>> remember).
>>
>> Any of the alternatives would likely do.
>>
>> Then, as said, go check/clean your /var/spool/postfix/hold directory
>> for/from files that aren't Postfix queue files.
>>
>
> See above.
>
> Dave
>
> <snip>
>

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se