[Dspam-user] Looking for a little post-upgrade troubleshooting help

[Phil Stracchino]

Hi folks,
Apologies in advance, this is a little long.


I just completed an update of the mail system on my primary mail server,
including new builds of Berkeley DB, libpcre, Postfix, and DSpam.  The
primary purpose was to update Postfix from 2.8.3 to 2.9.4, but as long
as I was at it I figured I should update the other components as well
and build everything 64-bit.  DSpam (3.10.1) was already a 64-bit, but
the existing Postfix, BDB and libpcre were all 32-bit, and my BDB was
badly outdated.

Everything worked fine after the rebuild, as long as I had DSpam
disabled.  As soon as I enabled DSpam, Postfix died every time it sent a
message through dspam for processing (the postfix master process
received a SIGTERM).

I have DSpam integrated into Postfix as follows:

smtp            inet    n       -       n       -       -       smtpd
        -o content_filter=dspam:
dspam           unix    -       n       n       -       -       pipe
        flags=Rhq user=dspam argv=/usr/bin/dspamfilter -f ${sender} -- 
${recipient}

The dspamfilter called above looks like this:

#!/bin/bash
USER=`echo $4 | cut -d@ -f1`
HOST=`echo $4 | cut -d@ -f2`

if [ -f /etc/dspam/nodspam ] ; then
{
    # Passthrough because Dspam deactivated
    echo "Passthrough at `date`: dspam turned off" >>
/var/log/dspamfilter.log
    /usr/lib/sendmail -i "$@"
}
elif [ -n "`echo $4 | grep
'\(nejob\|-\(bounces\|request\|admin\)\?\)\@caerllewys.net'`" ] ; then
{
    # pass MailMan traffic through
    echo "Passthrough at `date`: Mailman traffic for $4" >>
/var/log/dspamfilter.log
    /usr/lib/sendmail -i "$@"
}
elif [ -n "`echo $HOST | grep caerllewys.net`" ] ; then
{
    # Process all other external mail through dspam
    echo "Mail for $4 processed by dspam at `date`" >>
/var/log/dspamfilter.log
    /usr/bin/dspam --deliver=innocent --stdout --user $USER |
/usr/lib/sendmail -i "$@"
}
else
{
    # Passthrough local mail
    echo "Passthrough at `date`: local delivery" >> /var/log/dspamfilter.log
    /usr/lib/sendmail -i "$@"
    USER=$4
}
fi;

exit $?


This has been working for years.  All of the permissions are correct,
nothing else has changed, etc.


Anyway, since it appeared to me there was some kind of problem with
dspam-3.10.2, I backed out to 3.10.1 and retested, and everything worked
fine again.  I'd processed half a dozen messages with no failures before
I realized that I'd slightly flubbed the configure invocation on 3.10.1,
and as a result I'd just compiled a 3.10.1 /usr/bin/dspam that was
linked against 3.10.2's /usr/lib/64/libdspam, *and it was still working
anyway*.  So I reconfigured 3.10.1 properly against its own libdspam,
recompiled and reinstalled again, and that continued to work.


So, then I recompiled and reinstalled 3.10.2 again.  And kaboom:

Sep  7 16:05:25 babylon4 postfix/smtpd[28396]: [ID 197553 mail.info]
connect from fritter.limelight.ca[96.53.88.246]
Sep  7 16:05:26 babylon4 postfix/smtpd[28396]: [ID 197553 mail.info]
A089B56DF8: client=fritter.limelight.ca[96.53.88.246]
Sep  7 16:05:26 babylon4 postfix/cleanup[28399]: [ID 197553 mail.info]
A089B56DF8: message-id=<20120907200525.19950.qm...@fritter.novylen.net>
Sep  7 16:05:27 babylon4 postfix/qmgr[15345]: [ID 197553 mail.info]
A089B56DF8: from=<ala...@fritter.novylen.net>, size=1798, nrcpt=1 (queue
active)
Sep  7 16:05:27 babylon4 postfix/smtpd[28396]: [ID 197553 mail.info]
disconnect from fritter.limelight.ca[96.53.88.246]
Sep  7 16:05:27 babylon4 postfix/pickup[15344]: [ID 197553 mail.info]
2AD2C56DFA: uid=406 from=<ala...@fritter.novylen.net>
Sep  7 16:05:27 babylon4 postfix/cleanup[28399]: [ID 197553 mail.info]
2AD2C56DFA: message-id=<20120907200527.2ad2c56...@smtp.caerllewys.net>
Sep  7 16:05:27 babylon4 postfix/pipe[28400]: [ID 197553 mail.info]
A089B56DF8: to=<ph...@caerllewys.net>, relay=dspam, delay=1,
delays=0.91/0.01/0/0.12, dsn=2.0.0, status=sent (delivered via dspam
service)
Sep  7 16:05:27 babylon4 postfix/qmgr[15345]: [ID 197553 mail.info]
A089B56DF8: removed
Sep  7 16:05:27 babylon4 postfix/qmgr[15345]: [ID 197553 mail.info]
2AD2C56DFA: from=<ala...@fritter.novylen.net>, size=256, nrcpt=1 (queue
active)
Sep  7 16:05:27 babylon4 postfix/local[28419]: [ID 197553 mail.info]
2AD2C56DFA: to=<ph...@caerllewys.net>, relay=local, delay=0.08,
delays=0.04/0.02/0/0.03, dsn=2.0.0, status=sent (delivered to mailbox)
Sep  7 16:05:27 babylon4 postfix/qmgr[15345]: [ID 197553 mail.info]
2AD2C56DFA: removed
Sep  7 16:05:27 babylon4 postfix/postfix-script[28424]: [ID 197553
mail.info] stopping the Postfix mail system
Sep  7 16:05:27 babylon4 postfix/master[15343]: [ID 197553 mail.info]
terminating on signal 15
Sep  7 16:05:28 babylon4 postfix/postfix-script[28494]: [ID 197553
mail.info] starting the Postfix mail system
Sep  7 16:05:28 babylon4 postfix/master[28495]: [ID 197553 mail.info]
daemon started -- version 2.9.4, configuration /etc/postfix

(The log says "delivered", but the "delivered" message has an empty
Subject line and is truncated after the Date: header.)

Put 3.10.1 back, and everything is fine again:


Sep  7 16:07:18 babylon4 postfix/smtpd[28501]: [ID 197553 mail.info]
connect from fritter.limelight.ca[96.53.88.246]
Sep  7 16:07:18 babylon4 postfix/smtpd[28501]: [ID 197553 mail.info]
8D20056F09: client=fritter.limelight.ca[96.53.88.246]
Sep  7 16:07:19 babylon4 postfix/cleanup[3863]: [ID 197553 mail.info]
8D20056F09: message-id=<20120907200717.20128.qm...@fritter.novylen.net>
Sep  7 16:07:19 babylon4 postfix/qmgr[28497]: [ID 197553 mail.info]
8D20056F09: from=<ala...@fritter.novylen.net>, size=1798, nrcpt=1 (queue
active)
Sep  7 16:07:19 babylon4 postfix/smtpd[28501]: [ID 197553 mail.info]
disconnect from fritter.limelight.ca[96.53.88.246]
Sep  7 16:07:19 babylon4 postfix/pickup[28496]: [ID 197553 mail.info]
4018D56F0B: uid=406 from=<ala...@fritter.novylen.net>
Sep  7 16:07:19 babylon4 postfix/cleanup[3863]: [ID 197553 mail.info]
4018D56F0B: message-id=<20120907200717.20128.qm...@fritter.novylen.net>
Sep  7 16:07:19 babylon4 postfix/pipe[3864]: [ID 197553 mail.info]
8D20056F09: to=<ph...@caerllewys.net>, relay=dspam, delay=1,
delays=0.8/0.01/0/0.21, dsn=2.0.0, status=sent (delivered via dspam service)
Sep  7 16:07:19 babylon4 postfix/qmgr[28497]: [ID 197553 mail.info]
8D20056F09: removed
Sep  7 16:07:19 babylon4 postfix/qmgr[28497]: [ID 197553 mail.info]
4018D56F0B: from=<ala...@fritter.novylen.net>, size=2704, nrcpt=1 (queue
active)
Sep  7 16:07:19 babylon4 postfix/local[3882]: [ID 197553 mail.info]
4018D56F0B: to=<ph...@caerllewys.net>, relay=local, delay=0.15,
delays=0.12/0.01/0/0.01, dsn=2.0.0, status=sent (delivered to mailbox)
Sep  7 16:07:19 babylon4 postfix/qmgr[28497]: [ID 197553 mail.info]
4018D56F0B: removed


Here's the file and linking information for the 3.10.2 dspam binary and
libdspam:

-rw-r--r--  1 root root 330946 Sep  7 16:04 /usr/lib/64/libdspam.a
-rwxr-xr-x+ 1 root root   1101 Sep  7 16:04 /usr/lib/64/libdspam.la*
lrwxrwxrwx  1 root root     17 Sep  7 16:04 /usr/lib/64/libdspam.so ->
libdspam.so.7.0.0*
lrwxrwxrwx  1 root root     17 Sep  7 16:04 /usr/lib/64/libdspam.so.7 ->
libdspam.so.7.0.0*
-rwxr-xr-x+ 1 root root 224464 Sep  7 16:04 /usr/lib/64/libdspam.so.7.0.0*
-r-s--s--x+ 1 dspam mail 159800 Sep  7 16:04 /usr/bin/dspam*
        libdspam.so.7 =>         /usr/lib/64/libdspam.so.7
        libm.so.2 =>     /usr/lib/64/libm.so.2
        libmysqlclient.so.16 =>  /opt/mysql/mysql/lib/libmysqlclient.so.16
        libsocket.so.1 =>        /usr/lib/64/libsocket.so.1
        libnsl.so.1 =>   /usr/lib/64/libnsl.so.1
        libpthread.so.1 =>       /usr/lib/64/libpthread.so.1
        libc.so.1 =>     /usr/lib/64/libc.so.1
        libthread.so.1 =>        /lib/64/libthread.so.1
        librt.so.1 =>    /lib/64/librt.so.1
        libmp.so.2 =>    /lib/64/libmp.so.2
        libmd.so.1 =>    /lib/64/libmd.so.1
        libscf.so.1 =>   /lib/64/libscf.so.1
        libaio.so.1 =>   /lib/64/libaio.so.1
        libdoor.so.1 =>  /lib/64/libdoor.so.1
        libuutil.so.1 =>         /lib/64/libuutil.so.1
        libgen.so.1 =>   /lib/64/libgen.so.1

And here's 3.10.1:

-rw-r--r--  1 root root 331450 Sep  7 16:06 /usr/lib/64/libdspam.a
-rwxr-xr-x+ 1 root root   1101 Sep  7 16:06 /usr/lib/64/libdspam.la*
lrwxrwxrwx  1 root root     17 Sep  7 16:06 /usr/lib/64/libdspam.so ->
libdspam.so.7.0.0*
lrwxrwxrwx  1 root root     17 Sep  7 16:06 /usr/lib/64/libdspam.so.7 ->
libdspam.so.7.0.0*
-rwxr-xr-x+ 1 root root 224928 Sep  7 16:06 /usr/lib/64/libdspam.so.7.0.0*
-r-s--s--x+ 1 dspam mail 158704 Sep  7 16:06 /usr/bin/dspam*
        libdspam.so.7 =>         /usr/lib/64/libdspam.so.7
        libm.so.2 =>     /usr/lib/64/libm.so.2
        libmysqlclient.so.16 =>  /opt/mysql/mysql/lib/libmysqlclient.so.16
        libsocket.so.1 =>        /usr/lib/64/libsocket.so.1
        libnsl.so.1 =>   /usr/lib/64/libnsl.so.1
        libpthread.so.1 =>       /usr/lib/64/libpthread.so.1
        libc.so.1 =>     /usr/lib/64/libc.so.1
        libthread.so.1 =>        /lib/64/libthread.so.1
        librt.so.1 =>    /lib/64/librt.so.1
        libmp.so.2 =>    /lib/64/libmp.so.2
        libmd.so.1 =>    /lib/64/libmd.so.1
        libscf.so.1 =>   /lib/64/libscf.so.1
        libaio.so.1 =>   /lib/64/libaio.so.1
        libdoor.so.1 =>  /lib/64/libdoor.so.1
        libuutil.so.1 =>         /lib/64/libuutil.so.1
        libgen.so.1 =>   /lib/64/libgen.so.1


And this is the configure invocation used in both cases:

CC=/usr/bin/cc CXX=/usr/bin/CC \
CFLAGS='-fast -xarch=generic -xtarget=generic -xcache=generic -m64' \
CPPFLAGS='-fast -xarch=generic -xtarget=generic -xcache=generic -m64' \
LDFLAGS='-m64 -L/usr/lib/64 -R/usr/lib/64 -L/usr/ucblib/amd64
-R/usr/ucblib/amd64 -L/opt/mysql/mysql/lib -R/opt/mysql/mysql/lib' \
./configure --prefix=/usr --libdir=/usr/lib/64 --sysconfdir=/etc/dspam
--mandir=/usr/share/man --enable-daemon --enable-clamav --enable-syslog
--enable-preferences-extension --with-dspam-home=/var/spool/dspam
--with-storage-driver=mysql_drv
--with-mysql-includes=/opt/mysql/mysql64/include
--with-mysql-libraries=/opt/mysql/mysql64/lib --with-dspam-mode=6511
--with-dspam-owner=dspam --with-dspam-group=mail

Build environment is Solaris Studio 12u2.


So.  We have a puzzle.

dspam 3.10.1 + libdspam 3.10.1 works.
dspam 3.10.1 + libdspam 3.10.2 works.
dspam 3.10.2 + libdspam 3.10.2 fails and kills Postfix.

At no point does anything untoward appear in /var/spool/dspam/system.log.


Anyone got any ideas on this one?  Because I'm baffled.



By the way:  Overall accuracy since last reset, 99.449%, with spam catch
rate 98.498%.  Go DSpam.  :)  (And that's AFTER Postfix rejects all the
nonexistent source domains and forged senders...)


-- 
  Phil Stracchino
  Babylon Communications
  ph...@caerllewys.net
  p...@co.ordinate.org
  Landline: 603.293.8485

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Dspam-user mailing list
Dspam-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspam-user