Am 25.08.2014 um 20:03 schrieb Karsten Bräckelmann: > On Mon, 2014-08-25 at 19:43 +0200, Reindl Harald wrote: >> Am 25.08.2014 um 19:13 schrieb Karsten Bräckelmann: > >>> No tests at all. I doubt the milter generated all those missing headers >>> including From and Date, instead of a Received one only. So it seems the >>> restricted sa-milt user has no read permissions on the SA config. >>> >>> As that user, have a close look at the -D debug output. >>> >>> spamassassin -D --lint >> >> bingo - only a snippet below >> thank you so much for setp in that thread > >> the files inside exept one have correct permissions (0644) >> but "/var/lib/spamassassin/3.004000/updates_spamassassin_org" not > >> i guess i will setup a cronjob to make sure the permissions >> below "/var/lib/spamassassin/" are 755 and 644 for any item > > A dedicated cron job doesn't make sense. You should add that to the > existing cron job that runs sa-update and conditionally restarts spamd. > Changing permissions has to be done before restarting spamd.
agreed - set it in the systemd-units is preferable that's what i love about systemd - have your own units override distributions ones PermissionsStartOnly=true ExecStartPre=-/usr/local/bin/sa-permissions.sh ExecStart=/usr/sbin/spamass-milter -p /run/spamass-milter/spamass-milter.sock -g sa-milt -r 7.5 -- -s 1048576 PermissionsStartOnly=true ExecStartPre=-/usr/local/bin/sa-permissions.sh ExecStart=/usr/bin/spamd $SPAMDOPTIONS > Alternatively, ensure the respective users for spamd, sa-update and the > milter are identical, or at least share a common group i guess having 0755 for folders and 0644 for files should be sane and safe spamd itself seems to run as root, most likely because bind on port 783 well, added to the todo-list try a port above 1024 and start the process directly with systemd as the sa-milt user root 1688 0.8 1.8 286596 73144 ? Ss 20:12 0:01 /usr/bin/perl -T -w /usr/bin/spamd -c -H --max-children=25 --min-children=10 --min-spare=5 --max-spare=15 tcp 0 0 127.0.0.1:783 0.0.0.0:* LISTEN 1688/perl _____________________________ however, it still don't change the subject and if i would not have seen that once before found out how to set the reject-score i would say a problem in the milter, but looking at the yum.log no updates in that area well, not that dramatical important but i am perfectionist
signature.asc
Description: OpenPGP digital signature
