On 28-01-14 13:40, Stevan Bajić wrote:
> Am 2014-01-28 12:41, schrieb Patrick Laimbock:
>> On 28-01-14 12:23, Stevan Bajić wrote:
>>> Hello Patrick,
>>>
>>> okay. So it segfaults right after it closes the log:
>>>
>>> 6403 gettimeofday({1390857119, 469600}, NULL) = 0
>>> 6403 socket(PF_FILE, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 25
>>> 6403 connect(25, {sa_family=AF_FILE, path="/dev/log"}, 110) = 0
>>> 6403 sendto(25, "<20>Jan 27 22:11:59 dspam[6372]:"..., 119,
>>> MSG_NOSIGNAL, NULL, 0) = 119
>>> 6403 close(25) = 0
>>> 6403 --- SIGSEGV (Segmentation fault) @ 0 (0) ---
>>> 6372 +++ killed by SIGSEGV +++
>>>
>>>
>>> What actions have you don't to trigger that segfault?
>>
>> Just send an email which is received by postfix which sends it to
>> DSPAM.
>>
> Daemon mode or did you call the dspam binary directly?
Daemon mode.
>>> Could you compile DSPAM with debug symbols and try the action again
>>> and
>>> post the backtrace here?
>>
>> The info above was from DSPAM built with -g and with the DSPAM-debug
>> package installed.
>>
> This is not enough. You should at least enable the following switches as
> well:
> --enable-debug
> --enable-verbose-debug
Sorry if that wasn't clear. Those switches were enabled during the
build. And the strace info above was taken DSPAM configure with those
switches enabled.
> If you like then you can add --enable-bnr-debug as well but I think for
> your problem it is not needed.
This switch was not enabled.
>> In the Zimbra build scripts for DSPAM I noticed that it specifically
>> uses CFLAGS="-g -O2" so I rebuild the RPM with those flags instead of
>> the RPM optflags macro [0] and with debug enabled. This has been
>> running
>> fine for a few hours now. No segfaults. Maybe those optflags are
>> wreaking havoc.
>>
> My current flags on the filter system are:
> nyx ~ # dspam --version
>
> DSPAM Anti-Spam Suite GIT (agent/library)
>
> Copyright (C) 2002-2012 DSPAM Project
> http://dspam.sourceforge.net.
>
> DSPAM may be copied only under the terms of the GNU Affero General
> Public
> License, a copy of which can be found with the DSPAM distribution kit.
>
> Configuration parameters: '--prefix=/usr' '--build=i686-pc-linux-gnu'
> '--host=i686-pc-linux-gnu' '--mandir=/usr/share/man'
> '--infodir=/usr/share/info' '--datadir=/usr/share' '--sysconfdir=/etc'
> '--localstatedir=/var/lib' '--with-storage-driver=hash_drv,mysql_drv'
> '--with-dspam-home=/var/spool/dspam' '--sysconfdir=/etc/mail/dspam'
> '--enable-daemon' '--disable-external-lookup' '--enable-clamav'
> '--enable-large-scale' '--disable-domain-scale' '--enable-syslog'
> '--disable-debug' '--disable-bnr-debug' '--disable-verbose-debug'
> '--enable-split-configuration' '--enable-long-usernames'
> '--with-dspam-group=dspam' '--with-dspam-home-group=dspam'
> '--with-dspam-mode=2511' '--with-logdir=/var/log/dspam'
> '--with-mysql-includes=/usr/include/mysql'
> '--with-mysql-libraries=/usr/lib/mysql' '--enable-virtual-users'
> '--enable-preferences-extension' '--disable-homedir'
> 'build_alias=i686-pc-linux-gnu' 'host_alias=i686-pc-linux-gnu'
> 'CC=i686-pc-linux-gnu-gcc' 'CFLAGS=-march=native -O2 -pipe -fweb
> -frename-registers -ftree-loop-optimize -ftree-vectorize
> -ftree-vectorizer-verbose=1 -floop-interchange -floop-strip-mine
> -floop-block -freorder-blocks-and-partition -fgcse-sm -fgcse-las
> -maccumulate-outgoing-args -funswitch-loops -ftracer
> -fprefetch-loop-arrays -fno-ident -fno-strict-overflow -mfpmath=sse
> -mmmx -msse -msse2' 'LDFLAGS=-Wl,-O1 -Wl,--as-needed -Wl,-O1
> -Wl,--add-needed -Wl,--as-needed -Wl,--hash-style=both
> -Wl,--sort-common'
Those are certainly quite different from the ones I used (optflags and
just -g -O2).
>> [0] optflags: -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions
>> -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic
> Hmm.... I am not the super dupper GCC specialist but fexceptions are not
> really needed in the case of DSPAM since it is mostly written in C and
> not in C++ ->
> http://gcc.gnu.org/onlinedocs/gcc/Code-Gen-Options.html#index-fexceptions-2562
Neither am I. Those flags are what Red Hat/CentOS use by default to
build packages. With their brainpower I would guess that they gave them
some thought and figured out those flags were the right ones to use :)
> If memory serves me right then fstack-protector, ssp-buffer-size and
> -D_FORTIFY_SOURCE are GCC hardened options. Right? If you need them then
> try using -D_FORTIFY_SOURCE with 1 instead of 2.
>
> What GCC version are you using?
gcc version 4.4.7 20120313 (Red Hat 4.4.7-4) (GCC)
It's the one that ships with CentOS 6.5.
FWIW DSPAM has not crashed and is still humming along fine processing a
few hundred emails since I used the -g -O2 flags.
Regards,
Patrick
------------------------------------------------------------------------------
WatchGuard Dimension instantly turns raw network data into actionable
security intelligence. It gives you real-time visual feedback on key
security issues and trends. Skip the complicated setup - simply import
a virtual appliance and go from zero to informed in seconds.
http://pubads.g.doubleclick.net/gampad/clk?id=123612991&iu=/4140/ostg.clktrk
_______________________________________________
Dspam-user mailing list
Dspam-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspam-user
