Define ham and spam for spamassassin

ashceryth

I suggest to try to run inotify-spamlearn as the same user as amavis runs as.

So, edit the systemd unit file (/etc/systemd/system/inotify-spamlearn.service) and set:

User=amavis
Group=amavis

Run systemctl daemon-reload after editing and restart the service with systemctl restart inotify-spamlearn.

Check your spamd.cfg to make sure it uses the amavis group (the .eml files should then get the gid of the amavis group):

sa_group = amavis

Does it work then?

I don’t use the sa-learn command. I use Rspamd and let inotify-spamlearn send the mails via HTTP post requests with curl.

BMWfan

@ashceryth said in Define ham and spam for spamassassin:

systemctl restart inotify-spamlearn

No, this solves it not. The problem is after i change the sa_group at /etc/kopano/spamd.cfg to amavis then i get permission errors in the kopano-spamd process as here described: Kopano spamd error - PermissionError: [Errno 1] Operation not permitted

My configuration is now this:
/etc/kopano/spamd.cfg

# run as specific user
run_as_user         = kopano

# run as specific group
run_as_group        = kopano

# Spamassassin group
sa_group = kopano

/etc/systemd/system/inotify-spamlearn.service

[Service]
User=kopano
Group=kopano

but then again with this log entries:

Jan 12 16:13:10 euve264608 inotify-spamlearn.py[7348]: config: path "/dev/null/.spamassassin" is inaccessible: Not a directory
Jan 12 16:13:10 euve264608 inotify-spamlearn.py[7348]: config: path "/dev/null/.spamassassin/user_prefs" is inaccessible: Not a directory
Jan 12 16:13:14 euve264608 inotify-spamlearn.py[7348]: bayes: expire_old_tokens: locker: safe_lock: cannot create tmp lockfile /var/lib/spamassassin/bayes.lock.euve264608.serverprofi24.de.7427 for /var/lib/spamassassin/bayes.lock: Permission denied
Jan 12 16:13:14 euve264608 inotify-spamlearn.py[7348]: plugin: eval failed: bayes: (in learn) locker: safe_lock: cannot create tmp lockfile /var/lib/spamassassin/bayes.lock.euve264608.serverprofi24.de.7427 for /var/lib/spamassassin/bayes.lock: Permission denied
Jan 12 16:13:14 euve264608 inotify-spamlearn.py[7348]: ERROR: the Bayes learn function returned an error, please re-run with -D for more information at /usr/bin/sa-learn line 500.
Jan 12 16:13:14 euve264608 inotify-spamlearn.py[7348]: INFO Processing [Inotify] /var/lib/kopano/spamd/spam/72C00ABE4488476D8AF626120D868211.eml: Learned tokens from 0 message(s) (1 message(s) examined)
Jan 12 16:13:14 euve264608 inotify-spamlearn.py[7348]: INFO Removing file: /var/lib/kopano/spamd/spam/72C00ABE4488476D8AF626120D868211.eml

if i change only these entries from kopano to amavis
/etc/systemd/system/inotify-spamlearn.service

[Service]
User=amavis
Group=amavis

then i get this messages:

Jan 12 16:20:41 Servername inotify-spamlearn.py[7501]: INFO Starting inotify-spamlearn.py
Jan 12 16:20:41 Servername inotify-spamlearn.py[7501]: INFO Looking for existing files in /var/lib/kopano/spamd/spam
Jan 12 16:20:41 Servername inotify-spamlearn.py[7501]: INFO Finished looking for existing files in /var/lib/kopano/spamd/spam
Jan 12 16:20:41 Servername inotify-spamlearn.py[7501]: INFO Looking for existing files in /var/lib/kopano/spamd/ham
Jan 12 16:20:41 Servername inotify-spamlearn.py[7501]: INFO Inotify learning started
Jan 12 16:20:41 Servername inotify-spamlearn.py[7501]: INFO Finished looking for existing files in /var/lib/kopano/spamd/ham
Jan 12 16:21:00 Servername inotify-spamlearn.py[7501]: bayes: expire_old_tokens: locker: safe_lock: cannot create tmp lockfile /var/lib/spamassassin/bayes.lock.Servername.serverprofi24.de.7506 for /var/lib/spamassassin/bayes.lock: Permission denied
Jan 12 16:21:00 Servername inotify-spamlearn.py[7501]: plugin: eval failed: bayes: (in learn) locker: safe_lock: cannot create tmp lockfile /var/lib/spamassassin/bayes.lock.Servername.serverprofi24.de.7506 for /var/lib/spamassassin/bayes.lock: Permission denied
Jan 12 16:21:00 Servername inotify-spamlearn.py[7501]: ERROR: the Bayes learn function returned an error, please re-run with -D for more information at /usr/bin/sa-learn line 500.
Jan 12 16:21:00 Servername inotify-spamlearn.py[7501]: INFO Processing [Inotify] /var/lib/kopano/spamd/spam/A5D6C47FA96743C1B2DA0FE7203DA793.eml: Learned tokens from 0 message(s) (1 message(s) examined)
Jan 12 16:21:00 Servername inotify-spamlearn.py[7501]: INFO Removing file: /var/lib/kopano/spamd/spam/A5D6C47FA96743C1B2DA0FE7203DA793.eml
Jan 12 16:21:00 Servername inotify-spamlearn.py[7501]: Exception in thread Inotify Handling:
Jan 12 16:21:00 Servername inotify-spamlearn.py[7501]: Traceback (most recent call last):
Jan 12 16:21:00 Servername inotify-spamlearn.py[7501]:   File "/usr/local/sbin/inotify-spamlearn.py", line 80, in inotified
Jan 12 16:21:00 Servername inotify-spamlearn.py[7501]:     process('/'.join([watch_path, filename]), spamcmd, delete, initiator)
Jan 12 16:21:00 Servername inotify-spamlearn.py[7501]:   File "/usr/local/sbin/inotify-spamlearn.py", line 43, in process
Jan 12 16:21:00 Servername inotify-spamlearn.py[7501]:     os.remove(filename)
Jan 12 16:21:00 Servername inotify-spamlearn.py[7501]: PermissionError: [Errno 13] Permission denied: '/var/lib/kopano/spamd/spam/A5D6C47FA96743C1B2DA0FE7203DA793.eml'
Jan 12 16:21:00 Servername inotify-spamlearn.py[7501]: During handling of the above exception, another exception occurred:
Jan 12 16:21:00 Servername inotify-spamlearn.py[7501]: Traceback (most recent call last):
Jan 12 16:21:00 Servername inotify-spamlearn.py[7501]:   File "/usr/lib/python3.5/threading.py", line 914, in _bootstrap_inner
Jan 12 16:21:00 Servername inotify-spamlearn.py[7501]:     self.run()
Jan 12 16:21:00 Servername inotify-spamlearn.py[7501]:   File "/usr/lib/python3.5/threading.py", line 862, in run
Jan 12 16:21:00 Servername inotify-spamlearn.py[7501]:     self._target(*self._args, **self._kwargs)
Jan 12 16:21:00 Servername inotify-spamlearn.py[7501]:   File "/usr/local/sbin/inotify-spamlearn.py", line 85, in inotified
Jan 12 16:21:00 Servername inotify-spamlearn.py[7501]:     i.remove_watch([spam_dir, ham_dir])
Jan 12 16:21:00 Servername inotify-spamlearn.py[7501]:   File "/usr/local/lib/python3.5/dist-packages/inotify/adapters.py", line 109, in remove_watch
Jan 12 16:21:00 Servername inotify-spamlearn.py[7501]:     wd = self.__watches.get(path)
Jan 12 16:21:00 Servername inotify-spamlearn.py[7501]: TypeError: unhashable type: 'list'

These are the amavis and kopano rights under /etc/groups

amavis:x:123:clamav,kopano
kopano:x:999:kapi,konnect,amavis

ashceryth

@BMWfan said in Define ham and spam for spamassassin:

No, this solves it not. The problem is after i change the sa_group at /etc/kopano/spamd.cfg to amavis then i get permission errors in the kopano-spamd process as here described: Kopano spamd error - PermissionError: [Errno 1] Operation not permitted

Maybe because the problem described by @fbartels in this post insn’t solved for you yet?

Who is the owner/group and what are the permissions of the files in /var/lib/kopano/spamd/spam/ (just ls -la)?

And please test the sa-learn command manually as the desired user before configuring it with inotify-spamlearn to see if everything works as expected.

BMWfan

@ashceryth thanks for your reponse and hints.
Here is the suggested output:

$ /var/lib/kopano/spamd/spam# ls -la
total 8
drwxr-xr-x 2 kopano kopano 4096 Jan 12 17:05 .
drwxr-xr-x 4 kopano kopano 4096 Dec 27 10:32 ..

ashceryth

Well, at the moment your spam folder is empty. Normally the .eml files get deleted after learning by inotify-spamlearn. However, according to your log from above it wasn’t possible to remove them because of permission issues:

@BMWfan said in Define ham and spam for spamassassin:

Jan 12 16:21:00 Servername inotify-spamlearn.py[7501]:   File "/usr/local/sbin/inotify-spamlearn.py", line 43, in process
Jan 12 16:21:00 Servername inotify-spamlearn.py[7501]:     os.remove(filename)
Jan 12 16:21:00 Servername inotify-spamlearn.py[7501]: PermissionError: [Errno 13] Permission denied: '/var/lib/kopano/spamd/spam/A5D6C47FA96743C1B2DA0FE7203DA793.eml'

That’s why I’m asking. Would be interesting to see the permissions of the .eml files themselves.

BMWfan

@ashceryth i stopped in the inotify-spamlearn service and here is the suggested output:

$ /var/lib/kopano/spamd/spam# ls -la
total 12
drwxr-xr-x 2 kopano kopano 4096 Jan 14 20:39 .
drwxr-xr-x 4 kopano kopano 4096 Dec 27 10:32 ..
-rw-rw-rw- 1 kopano kopano 3643 Jan 14 20:39 600F5F44181B4F2B865EAE2A45EC2573.eml

ashceryth

The reason for the permission error messages is that your spam directory is not writable for the group. Without write permissions the .eml files cannot be removed by inotify-spamlearn running as amavis (member of kopano group).

Just run chmod g+w /var/lib/kopano/spamd/spam as well as chmod g+w /var/lib/kopano/spamd/ham and it should be working.

P.S. Having the .eml files world read and writable seems no to be optimal :-)

BMWfan

@ashceryth but inotify-spamlearn removes them already. I stopped only the process thats why i could send you the commandline output.

ashceryth

@BMWfan

Hm, that’s strange. The log messages indicate that the files can’t be removed. Are you sure inotify-spamlearn is currently running as amavis? Are you still getting the errors?

BMWfan

@ashceryth sorry. You are right. I’ve executed now the two suggested lines.

chmod g+w /var/lib/kopano/spamd/ham
chmod g+w /var/lib/kopano/spamd/ham

Depending on this failures

Jan 15 17:56:33 server inotify-spamlearn.py[19673]: bayes: expire_old_tokens: locker: safe_lock: cannot create tmp lockfile /var/lib/spamassassin/bayes.lock.server.serverprofi24.de.19887 for /var/lib/spamassassin/bayes.lock: Permission denied
Jan 15 17:56:33 server inotify-spamlearn.py[19673]: plugin: eval failed: bayes: (in learn) locker: safe_lock: cannot create tmp lockfile /var/lib/spamassassin/bayes.lock.server.server.de.19887 for /var/lib/spamassassin/bayes.lock: Permission denied
Jan 15 17:56:33 server inotify-spamlearn.py[19673]: ERROR: the Bayes learn function returned an error, please re-run with -D for more information at /usr/bin/sa-learn line 500.

i executed the following:

cd /var/lib/
chmod -R 777 spamassassin

The kopano-spamd sa_group is nevertheless kopano and the inotify-spamlearn service is running as amavis user and amavis group. But it seems to work:

/var/log/kopano/spamd.log

2019-01-15 18:22:18,025 - spamd - INFO - Learning message as SPAM, entryid: 00000000A497753E7B1B4CE3894BB06ABB7C1F45010000000500000003DDF8D9711C4B69951C3DFB80B1E72E00000000
2019-01-15 18:22:26,102 - spamd - INFO - Learning message as SPAM, entryid: 00000000A497753E7B1B4CE3894BB06ABB7C1F450100000005000000FB5BCDFF29C04459B703EE1DB71C683500000000
2019-01-15 18:22:33,175 - spamd - INFO - Learning message as SPAM, entryid: 00000000A497753E7B1B4CE3894BB06ABB7C1F45010000000500000081D6E0E8508D4CF28F88A973162719C100000000

/var/log/syslog

Jan 15 18:22:23 server inotify-spamlearn.py[20069]: INFO Processing [Inotify] /var/lib/kopano/spamd/spam/F80C680BD83440B8AA34556506BDC63D.eml: Learned tokens from 1 message(s) (1 message(s) examined)
Jan 15 18:22:23 server inotify-spamlearn.py[20069]: INFO Removing file: /var/lib/kopano/spamd/spam/F80C680BD83440B8AA34556506BDC63D.eml
Jan 15 18:22:30 server inotify-spamlearn.py[20069]: INFO Processing [Inotify] /var/lib/kopano/spamd/spam/CB8A83041D954CCB873E060165292F36.eml: Learned tokens from 1 message(s) (1 message(s) examined)
Jan 15 18:22:30 server inotify-spamlearn.py[20069]: INFO Removing file: /var/lib/kopano/spamd/spam/CB8A83041D954CCB873E060165292F36.eml
Jan 15 18:22:37 server inotify-spamlearn.py[20069]: INFO Processing [Inotify] /var/lib/kopano/spamd/spam/305A9D2637324400900B051A263CE4E3.eml: Learned tokens from 1 message(s) (1 message(s) examined)
Jan 15 18:22:37 server inotify-spamlearn.py[20069]: INFO Removing file: /var/lib/kopano/spamd/spam/305A9D2637324400900B051A263CE4E3.eml

I want to let inotify-spamlearn log into the /var/log/kopano/spamd.log file, that’s why i changed in /etc/kopano/inotify-spamlearn.cfg this line:

# empty means log to console, use journalctl to read the logs when run from systemd service
logfile = /var/log/kopano/spamd.log

I put amavis in the kopano group with gpasswd -a amavis kopano but it’s still not functioning:

Jan 15 18:54:19 server inotify-spamlearn.py[20669]: PermissionError: [Errno 13] Permission denied: '/var/log/kopano/spamd.log'

$ /var/log/kopano# ls -la
total 80
drwxr-x---  2 kopano kopano 4096 Jan 15 18:55 .
drwxr-xr-x 11 root   root   4096 Jan 15 02:16 ..
-rw-r--r--  1 kopano kopano  334 Jan 15 05:19 dagent.log
-rw-r--r--  1 kopano kopano  530 Jan 13 08:31 dagent.log.1
-rw-r--r--  1 kopano kopano  254 Jan  4 21:23 dagent.log.2.gz
-rw-r--r--  1 kopano kopano  237 Dec 30 20:41 dagent.log.3.gz
-rw-r--r--  1 kopano kopano 7393 Jan 15 17:49 server.log
-rw-r--r--  1 kopano kopano 8225 Jan 13 17:31 server.log.1
-rw-r--r--  1 kopano kopano  420 Jan  5 20:08 server.log.2.gz
-rw-r--r--  1 kopano kopano 3575 Dec 30 20:40 server.log.3.gz
-rw-r--r--  1 kopano kopano 1229 Dec 22 19:43 server.log.4.gz
-rw-r--r--  1 kopano kopano 9996 Jan 15 18:22 spamd.log
-rw-r--r--  1 kopano kopano 1148 Jan  5 20:08 spamd.log.2.gz
-rw-r--r--  1 kopano kopano  530 Dec 30 12:10 spamd.log.3.gz
-rw-r--r--  1 kopano kopano  470 Dec 28 11:39 spamd.log.4.gz

do you have a idea how i could fix this?

ashceryth

Hi

@BMWfan said in Define ham and spam for spamassassin:

cd /var/lib/
chmod -R 777 spamassassin

Every time you do this a puppy dies. In my humble opinion setting permissions to 777 is an absolute no-no. Your command makes the directory and everything below world read and writable. Are you sure you want that? :-)

do you have a idea how i could fix this?

The group has no write permission on the log file.

chmod g+w spamd.log

BMWfan

@ashceryth thanks for your help and your honestly opinion.
now, the inotifty-spamlearn log entries are in the /var/log/kopano/spamd.log

I checked the rights before i set chmod 777:

/var/lib/spamassassin# ls -la
total 24
drwxr-xr-x  6 debian-spamd debian-spamd 4096 Jan  8 20:05 .
drwxr-xr-x 50 root         root         4096 Jan  5 20:06 ..
drwx------  3 debian-spamd debian-spamd 4096 Dec 20 14:00 .spamassassin
drwxr-xr-x  6 debian-spamd debian-spamd 4096 Jan 15 03:04 3.004002
-rw-r--r--  1 root         root            0 Jan  8 19:55 bayes
drwxr-xr-x  3 debian-spamd debian-spamd 4096 Dec 20 14:01 compiled
drwx------  3 debian-spamd debian-spamd 4096 Dec 20 14:00 sa-update-keys

I set now all rights back to this ^^.
How and where could i set the permission that a file like in this example called bayes.lock.server.server.de.19887 under /var/lib/spamassassin/ has to be created by a user (amavis) which is in the same group but not the owner of this folder in which the file has to be created? I think the name of the file is dynamic assigned why i can not create a file via touch and assign this file the needed rights.

ashceryth

Hi @BMWfan

The directory is owned by user and group debian-spamd. As I am not using Amavis/SpamAssassin I cannot check myself - but is user amavis member of group debian-spamd? If that’s the case you just have to fix the group permissions. However, I suggest not to mess too much with permissions.

El Muchacho

Took a while to figure out the right settings for my debian9 …
But now all works as expected.

My config for inotify-spamlearn:

in /etc/systemd/inotify-spamlearn.service set

run_as_group = amavis

now set the rights for spam and ham folders

chown -R kopano:amavis /var/lib/kopano/spamd

and in order to delete the learned mails it’s neccessary that group amavis has the rights to delete the learned mails

chmod g+w /var/lib/kopano/spamd/spam
chmod g+w /var/lib/kopano/spamd/ham

finally we need to reload the daemons for systemctl

systemctl daemons-reload

and restart the service inotify-spamlearn

systemctl restart inotify-spamlearn

that’s all ;)

thctlo

@El-Muchacho

Thank you for the info.

chown -R kopano:amavis /var/lib/kopano/spamd
and
chmod g+w /var/lib/kopano/spamd/spam
chmod g+w /var/lib/kopano/spamd/ham

in one liner :
install -o kopano -g amavis -m 2770 -d /var/lib/kopano/spamd -d /var/lib/kopano/spamd/spam -d /var/lib/kopano/spamd/ham

Does the “World” need read access in the spamd folder ?