Bug#910894: spamass-milter: Socket permissions not set correctly if startup takes more than one second
On Fri, 12 Oct 2018, Will Aoki wrote: > If spamass-milter takes too long to create the socket after daemonizing > itself, the socket file will not exist when the startup script attempts > to change its permissions. MTAs relying on the permission change, such > as Postfix, will then be unable to communicate with the milter. > > This is a very rare condition: I've encountered it only once in years of > operation. It may have involved I/O contention with other VMs. > > The following appeared in the system log. Note that systemd thinks > spamass-milter startup failed, but spamass-milter was actually running. Yeah, you're absolutely right. The correct solution (for systemd) involves having systemd create the sockets with the right permissions, and then pass them on to spamass-milter but that requires significant changes to spamass-milter that I won't have time to create in the near future. I'll certainly accept patches which do that, though. -- Don Armstrong https://www.donarmstrong.com Of course, there are cases where only a rare individual will have the vision to perceive a system which governs many people's lives; a system which had never before even been recognized as a system; then such people often devote their lives to convincing other people that the system really is there and that it aught to be exited from. -- Douglas R. Hofstadter _Gödel Escher Bach. Eternal Golden Braid_
Bug#910894: spamass-milter: Socket permissions not set correctly if startup takes more than one second
Package: spamass-milter Version: 0.4.0-1+b1 Severity: normal If spamass-milter takes too long to create the socket after daemonizing itself, the socket file will not exist when the startup script attempts to change its permissions. MTAs relying on the permission change, such as Postfix, will then be unable to communicate with the milter. This is a very rare condition: I've encountered it only once in years of operation. It may have involved I/O contention with other VMs. The following appeared in the system log. Note that systemd thinks spamass-milter startup failed, but spamass-milter was actually running. Oct 11 09:11:49 emptystares systemd[1]: Starting LSB: milter for spamassassin... Oct 11 09:11:49 emptystares systemd[1]: Starting LSB: Load kernel modules needed to e nable cpufreq scaling... Oct 11 09:11:49 emptystares systemd[1]: Starting LSB: LDAP connection daemon... Oct 11 09:11:49 emptystares systemd[1]: Starting LSB: backup and restore program... Oct 11 09:11:49 emptystares systemd[1]: Starting Permit User Sessions... Oct 11 09:11:49 emptystares burp[578]: burp disabled; edit /etc/default/burp Oct 11 09:11:49 emptystares systemd[1]: Starting LSB: start Winbind daemon... Oct 11 09:11:49 emptystares systemd[1]: Started Nagios Remote Plugin Executor. Oct 11 09:11:49 emptystares systemd[1]: Starting LSB: GNU configuration engine... Oct 11 09:11:49 emptystares systemd[1]: Starting LSB: System logger... Oct 11 09:11:49 emptystares systemd[1]: Starting LSB: ClamAV virus milter... Oct 11 09:11:49 emptystares systemd[1]: Starting LSB: Mailman Master Queue Runner... Oct 11 09:11:49 emptystares systemd[1]: Started LSB: backup and restore program. Oct 11 09:11:49 emptystares systemd[1]: Started LSB: System logger. Oct 11 09:11:50 emptystares systemd[1]: Started LSB: start Winbind daemon. Oct 11 09:11:50 emptystares systemd[1]: Started Permit User Sessions. Oct 11 09:11:50 emptystares systemd[1]: Started Getty on tty1. Oct 11 09:11:50 emptystares systemd[1]: Reached target Login Prompts. Oct 11 09:11:50 emptystares nrpe[599]: Starting up daemon Oct 11 09:11:50 emptystares nrpe[599]: Server listening on 0.0.0.0 port 5666. Oct 11 09:11:50 emptystares nrpe[599]: Server listening on :: port 5666. Oct 11 09:11:50 emptystares nrpe[599]: Listening for connections on port 5666 Oct 11 09:11:50 emptystares nrpe[599]: Allowing connections from: 127.0.0.1,155.98.200.158,10.98.200.172 Oct 11 09:11:58 emptystares systemd[1]: Time has been changed Oct 11 09:11:58 emptystares ntpdate[426]: step time server 155.98.200.167 offset 5.443399 sec Oct 11 09:11:58 emptystares systemd[1]: certbot.timer: Adding 3h 50min 12.457815s random time. Oct 11 09:11:58 emptystares systemd[1]: apt-daily-upgrade.timer: Adding 13min 36.810868s random time. Oct 11 09:11:58 emptystares systemd[1]: apt-daily.timer: Adding 7h 26min 3.999855s random time. Oct 11 09:11:59 emptystares spamass-milter[575]: Starting Sendmail milter plugin for SpamAssassin: chmod: cannot access '/var/spool/postfix/spamass/spamass.sock': No such file or directory Oct 11 09:11:59 emptystares systemd[1]: spamass-milter.service: Control process exited, code=exited status=1 Oct 11 09:11:59 emptystares systemd[1]: Failed to start LSB: milter for spamassassin. Oct 11 09:11:59 emptystares systemd[1]: spamass-milter.service: Unit entered failed state. Oct 11 09:11:59 emptystares systemd[1]: spamass-milter.service: Failed with result 'exit-code'. -- System Information: Debian Release: 9.5 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-8-amd64 (SMP w/2 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968), LANGUAGE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/bash Init: systemd (via /run/systemd/system) Versions of packages spamass-milter depends on: ii adduser 3.115 ii libc6 2.24-11+deb9u3 ii libgcc1 1:6.3.0-18+deb9u1 ii libmilter1.0.1 8.15.2-8 ii libstdc++6 6.3.0-18+deb9u1 ii spamc 3.4.1-6+deb9u1 Versions of packages spamass-milter recommends: ii postfix 3.1.8-0+deb9u1 ii spamassassin 3.4.1-6+deb9u1 spamass-milter suggests no packages. -- Configuration Files: /etc/default/spamass-milter changed: OPTIONS="-u spamass-milter -i 127.0.0.1" OPTIONS="-u spamass-milter -i 127.0.0.1 -i redacted -r redacted" -- no debconf information
