Kopano spamd error - PermissionError: [Errno 1] Operation not permitted



  • itis working now.



  • @ckruijntjens and what was now the solution? My problem is on the kopano-spamd process and you mixed your problems with inotify also in this topic why i lost a little the overview here.

    On my Debian 9 Server:

    If i choose a mail in mail inbox to sort it in the junk mail folder i get this messages in /var/log/kopano/spamd.log:

    2019-01-12 08:17:57,330 - spamd - INFO - Learning message as SPAM, entryid: 00000000A497753E7B1B4CE3894BB06ABB7C1F450100000005000000D451EC976A324DCAA23AF88AB788EAD800000000
    2019-01-12 08:17:57,356 - spamd - ERROR - Traceback (most recent call last):
      File "/usr/lib/python3/dist-packages/kopano/log.py", line 103, in log_exc
        try: yield
      File "/usr/lib/python3/dist-packages/kopano_spamd/__init__.py", line 83, in update
        self.learn(item, searchkey, True)
      File "/usr/lib/python3/dist-packages/kopano_spamd/__init__.py", line 106, in learn
        os.chown(emlfilename, uid, gid)
    PermissionError: [Errno 1] Operation not permitted: '/var/lib/kopano/spamd/spam/9DFD4A4E633343C081465B7B8EDBCBE4.eml'
    

    i installed the python 3 deamon via apt-get install python3-daemon.

    I have spamassassin, clamav and amavis running that’s why i assigned kopano to the amavis group via gpasswd -a kopano amavis.

    i can execute this command sudo -H -u kopano chown kopano:amavis /var/lib/kopano/spamd/spam/9DFD4A4E633343C081465B7B8EDBCBE4.eml
    so the rights should be correct, or?

    So, what could it be?



  • What @BMWfan describes is exactly the origin problem.



  • @BMWfan

    Hi,
    Wat i did was adding kopano to my rspamd group and rspamd to kopano group.

    The sa_group is kopano

    Now its working for me



  • Hi, the hint of @ckruijntjens was the last piece of the puzzle to the solution. After changing sa_group to kopano, kopano-spamd runs without errors.



  • @ckruijntjens thank you, this works for me now also after i changed the sa_group to kopano in the configuration etc/kopano/spamd.cfg but now is my inotify-spamlearn not more functioning as here described define-ham-and-spam-for-spamassassin, or what could i do that i could use amavis as the sa_group?



  • @BMWfan

    Glad it worked👍👍👍



  • @cblaha @ckruijntjens @BMWfan

    Guys, I think what you did is a workaround. Since you set the sa_group to kopano there is no change when executing chown (https://github.com/Kopano-dev/kopano-core/blob/master/ECtools/spamd/kopano_spamd/__init__.py#L104 line 104 onwards) on the files as they’re already owned by kopano:kopano. So, this way the original problem discussed in this thread isn’t triggered (that’s just what I think). Of course it works the other way round if you add amavis to the kopano group and then run inotify-spamlearn as user amavis. This way the user amavis has read and write permissions on the files as the user is member of the kopano group. Just my two cents.

    And please don’t mix up spamd and inotify-spamlearn. These are two different things.



  • @ashceryth thanks for your opinion. You are right i think. I added kopano as described in my post before in the amavis group but the problem exists still if i configure this sa_group = amavis.
    I can execute this manually sudo -H -u kopano chown kopano:amavis /var/lib/kopano/spamd/spam/9DFD4A4E633343C081465B7B8EDBCBE4.eml but the script gives us the following error if it has to execute it triggerd by the mail displacements in Kopano Webapp.

    PermissionError: [Errno 1] Operation not permitted: '/var/lib/kopano/spamd/spam/9DFD4A4E633343C081465B7B8EDBCBE4.eml'



  • @mark-dufour do you need more informations to reproduce this issue?


  • Kopano

    This ultimately seems to be an issue with/experienced through systemd. The permission denied when chown’ing comes from systemd denying it.

    We will still need to think about alternative approaches for this.



  • @fbartels thanks for your answer. Should i open a request anywhere or what are the next steps?


  • Kopano

    @cblaha @ckruijntjens @BMWfan Did some further thinking today and the simplest approach is probably the easiest.

    Could you try the following (assuming you need your eml files to be kopano:amavis in the end):

    in spamd.cfg
    -> set run_as_group to amavis
    -> sa_group should then be amavis as well

    make sure kopano is member of the amavis group (writing this out i am not 100% this is really a requirement)
    make sure that /var/lib/kopano/spamd (recursively) is owned by kopano:amavis

    If this works for you as well, then we will remove the sa_group option and its related mechanism from kopano-spamd and adopt documentation accordingly.



  • @fbartels : I will try it tomorrow



  • @fbartels: Sorry, that I am reporting so late. Your solution works perfect for me. Thank you



  • for me this is also working. Except i am using rspamd so for me the group is _rspamd

    This works as expected!



  • Works for me too!
    Many thanks for your support!


Log in to reply