Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 150997 - amavisd-new + SpamAssassin + MySQL backend permission oddity
Summary: amavisd-new + SpamAssassin + MySQL backend permission oddity
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: New packages (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Antivirus Team
Depends on:
Reported: 2006-10-12 04:37 UTC by Janne Pikkarainen
Modified: 2006-12-24 15:10 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Janne Pikkarainen 2006-10-12 04:37:40 UTC
Maybe I'm just losing my mind. Maybe not. Anyway I think I just found a very odd bug, or if it's a feature, it definitely should be documented somewhere more clearly.

The setup
- amavisd-2.4.3
- SpamAssassin v3.1.6
- SpamAssassin uses MySQL for AWL/Bayes
- SA MySQL connection information is in /etc/mail/spamassassin/ 

The situation
MySQL backend has been working fine all the time, AWL+Bayes information gets there. But as far as I understand, if you make SA to use MySQL as its backend, BerkeleyDB-based AWL/Bayes should became disabled.

Unfortunately, for me this is not the case in the default installation. What happens is that both backends, BDB and MySQL, will be used at the same time! At least BDB files gets bigger and bigger over time and they get updated all the time.

The fix
What seems to be going on is that amavis user needs read access to /etc/mail/spamassassin/ I entered

chgrp amavis /etc/mail/spamassassin/
chmod 440 /etc/mail/spamassassin/

and restarted amavisd-new. MySQL backend continued to work, BDB activity stopped. Then I entered

chmod 400 /etc/mail/spamassassin/

and restarted amavisd-new again. MySQL backend continued to work and BDB activity started. Yet another

chmod 440 /etc/mail/spamassassin/

and after amavisd-new restart MySQL backend continued working, and BDB stopped.

This is odd.
Comment 1 Janne Pikkarainen 2006-10-12 04:43:19 UTC
Oh. Originally I changed from BDB to MySQL because of performance reasons. Performance has been ok ever since (for a year or so already), so I suspect BDB just gets used for writes and MySQL for both reads and writes. But this is only a feeling, not a verified fact. :-)
Comment 2 Jakub Moc (RETIRED) gentoo-dev 2006-10-12 04:45:35 UTC
The 0400 permissions are correct. And we no longer install, only with the above permissions that are proper for storing sensitive info that may be contained there.
Comment 3 Janne Pikkarainen 2006-10-12 04:54:07 UTC
Yes, my 440 fix should of course be considered as a temporary work-around. But I just wonder what is to blame here: amavisd-new? SpamAssassin? And how to make this work properly with 400 permissions...
Comment 4 Janne Pikkarainen 2006-10-12 05:38:04 UTC
Ok. I enabled MySQL query logging and I can see this is not my day.

With 0400 permissions MySQL backend actually stops working. Earlier I was just looking at MySQL process list and saw lots of spamassassin clients accessing it, but actually it was just amavisd-new querying its user policies, and not SpamAssassin.

Still the problem remains, even if it just changed its nature a bit. The problem is this:

* (At least with amavisd-new) SpamAssassin MySQL backend cannot be used with 0400 permissions.
Comment 5 Andrej Kacian (RETIRED) gentoo-dev 2006-12-24 15:10:52 UTC
Marking as CANTFIX, because I can't see anything we can do about it on packaging level. Try taking it up with upstream.

If I'm incorrect, feel free to reopen.