Am 2014-01-28 12:41, schrieb Patrick Laimbock:
> On 28-01-14 12:23, Stevan Bajić wrote:
>> Hello Patrick,
>>
>> okay. So it segfaults right after it closes the log:
>>
>> 6403 gettimeofday({1390857119, 469600}, NULL) = 0
>> 6403 socket(PF_FILE, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 25
>> 6403 connect(25, {sa_family=AF_FILE, path="/dev/log"}, 110) = 0
>> 6403 sendto(25, "<20>Jan 27 22:11:59 dspam[6372]:"..., 119,
>> MSG_NOSIGNAL, NULL, 0) = 119
>> 6403 close(25) = 0
>> 6403 --- SIGSEGV (Segmentation fault) @ 0 (0) ---
>> 6372 +++ killed by SIGSEGV +++
>>
>>
>> What actions have you don't to trigger that segfault?
>
> Just send an email which is received by postfix which sends it to
> DSPAM.
>
Daemon mode or did you call the dspam binary directly?
>> Could you compile DSPAM with debug symbols and try the action again
>> and
>> post the backtrace here?
>
> The info above was from DSPAM built with -g and with the DSPAM-debug
> package installed.
>
This is not enough. You should at least enable the following switches as
well:
--enable-debug
--enable-verbose-debug
If you like then you can add --enable-bnr-debug as well but I think for
your problem it is not needed.
> In the Zimbra build scripts for DSPAM I noticed that it specifically
> uses CFLAGS="-g -O2" so I rebuild the RPM with those flags instead of
> the RPM optflags macro [0] and with debug enabled. This has been
> running
> fine for a few hours now. No segfaults. Maybe those optflags are
> wreaking havoc.
>
My current flags on the filter system are:
nyx ~ # dspam --version
DSPAM Anti-Spam Suite GIT (agent/library)
Copyright (C) 2002-2012 DSPAM Project
http://dspam.sourceforge.net.
DSPAM may be copied only under the terms of the GNU Affero General
Public
License, a copy of which can be found with the DSPAM distribution kit.
Configuration parameters: '--prefix=/usr' '--build=i686-pc-linux-gnu'
'--host=i686-pc-linux-gnu' '--mandir=/usr/share/man'
'--infodir=/usr/share/info' '--datadir=/usr/share' '--sysconfdir=/etc'
'--localstatedir=/var/lib' '--with-storage-driver=hash_drv,mysql_drv'
'--with-dspam-home=/var/spool/dspam' '--sysconfdir=/etc/mail/dspam'
'--enable-daemon' '--disable-external-lookup' '--enable-clamav'
'--enable-large-scale' '--disable-domain-scale' '--enable-syslog'
'--disable-debug' '--disable-bnr-debug' '--disable-verbose-debug'
'--enable-split-configuration' '--enable-long-usernames'
'--with-dspam-group=dspam' '--with-dspam-home-group=dspam'
'--with-dspam-mode=2511' '--with-logdir=/var/log/dspam'
'--with-mysql-includes=/usr/include/mysql'
'--with-mysql-libraries=/usr/lib/mysql' '--enable-virtual-users'
'--enable-preferences-extension' '--disable-homedir'
'build_alias=i686-pc-linux-gnu' 'host_alias=i686-pc-linux-gnu'
'CC=i686-pc-linux-gnu-gcc' 'CFLAGS=-march=native -O2 -pipe -fweb
-frename-registers -ftree-loop-optimize -ftree-vectorize
-ftree-vectorizer-verbose=1 -floop-interchange -floop-strip-mine
-floop-block -freorder-blocks-and-partition -fgcse-sm -fgcse-las
-maccumulate-outgoing-args -funswitch-loops -ftracer
-fprefetch-loop-arrays -fno-ident -fno-strict-overflow -mfpmath=sse
-mmmx -msse -msse2' 'LDFLAGS=-Wl,-O1 -Wl,--as-needed -Wl,-O1
-Wl,--add-needed -Wl,--as-needed -Wl,--hash-style=both
-Wl,--sort-common'
nyx ~ #
> Regards,
> Patrick
>
> [0] optflags: -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions
> -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic
>
>
Hmm.... I am not the super dupper GCC specialist but fexceptions are not
really needed in the case of DSPAM since it is mostly written in C and
not in C++ ->
http://gcc.gnu.org/onlinedocs/gcc/Code-Gen-Options.html#index-fexceptions-2562
If memory serves me right then fstack-protector, ssp-buffer-size and
-D_FORTIFY_SOURCE are GCC hardened options. Right? If you need them then
try using -D_FORTIFY_SOURCE with 1 instead of 2.
What GCC version are you using?
>
>
> ------------------------------------------------------------------------------
> WatchGuard Dimension instantly turns raw network data into actionable
> security intelligence. It gives you real-time visual feedback on key
> security issues and trends. Skip the complicated setup - simply import
> a virtual appliance and go from zero to informed in seconds.
> http://pubads.g.doubleclick.net/gampad/clk?id=123612991&iu=/4140/ostg.clktrk
> _______________________________________________
> Dspam-user mailing list
> Dspam-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/dspam-user
--
Kind Regards from Switzerland,
Stevan Bajić
------------------------------------------------------------------------------
WatchGuard Dimension instantly turns raw network data into actionable
security intelligence. It gives you real-time visual feedback on key
security issues and trends. Skip the complicated setup - simply import
a virtual appliance and go from zero to informed in seconds.
http://pubads.g.doubleclick.net/gampad/clk?id=123612991&iu=/4140/ostg.clktrk
_______________________________________________
Dspam-user mailing list
Dspam-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspam-user
