Open of auto-whitelist file failed: Insecure dependency in eval...
I just upgraded a CentOS 5.4 system to Spamassassin 3.3.1. The upgrade was done by a CPAN install with Perl. The previous version (3.2.5) had worked flawlessly for a couple of years. However, the upgraded version reports an error in the spamd.log file: Sun Apr 18 15:21:10 2010 [7966] warn: auto-whitelist: open of auto-whitelist file failed: Insecure dependency in eval while running with -T switch at /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Util.pm line 996. I tried numerous permission changes but can't clear the error. Spamassassin is launched using: /usr/bin/spamd -u exim -s /var/log/spamd.log -i 0.0.0.0 -A 192.168.0.0/24,127.0.0.1 -d Running perl v 5.8.8 It doesn't report any problems with the Bayes databases. They are updated without error. The auto-whitelist DB is configured to be store at the same location. Spamassassin is running fine otherwise and properly flagging spam and non spam messages. The only problem appears to be that AWL is failed. Any suggestions to resolve the problem would be appreciated. Tx much! Chris
Re: Open of auto-whitelist file failed: Insecure dependency in eval...
Chris Welch wrote on Sun, 18 Apr 2010 15:33:20 -0400: I just upgraded a CentOS 5.4 system to Spamassassin 3.3.1. The upgrade was done by a CPAN install with Perl. which you should not do. Unless there is *no* other chance a Perl or modules or Perl programs on an rpm-based system should be upgraded/installed with rpm. I don't see this error on CentOS. But I'm not usign spamd, so it may be spamd-specific or because of the CPAN install. Kai -- Get your web at Conactive Internet Services: http://www.conactive.com
Re: Open of auto-whitelist file failed: Insecure dependency in eval...
On Sunday April 18 2010 21:33:20 Chris Welch wrote:
I just upgraded a CentOS 5.4 system to Spamassassin 3.3.1. The upgrade was
done by a CPAN install with Perl.
The previous version (3.2.5) had worked flawlessly for a couple of years.
However, the upgraded version reports an error in the spamd.log file:
Sun Apr 18 15:21:10 2010 [7966] warn: auto-whitelist:
open of auto-whitelist file failed:
Insecure dependency in eval while running with -T switch
at /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Util.pm line 996.
Yes, a bug when you use a configuration directive auto_whitelist_db_modules.
Either avoid its use, or apply the patch below.
Please open a bug report, so that we can properly fold it into
the next version.
Index: lib/Mail/SpamAssassin/DBBasedAddrList.pm
===
--- lib/Mail/SpamAssassin/DBBasedAddrList.pm(revision 935407)
+++ lib/Mail/SpamAssassin/DBBasedAddrList.pm(working copy)
@@ -24,7 +24,7 @@
use Fcntl;
use Mail::SpamAssassin::PersistentAddrList;
-use Mail::SpamAssassin::Util;
+use Mail::SpamAssassin::Util qw(untaint_var);
use Mail::SpamAssassin::Logger;
our @ISA = qw(Mail::SpamAssassin::PersistentAddrList);
@@ -54,6 +54,7 @@
};
my @order = split (' ', $main-{conf}-{auto_whitelist_db_modules});
+ untaint_var(\...@order);
my $dbm_module = Mail::SpamAssassin::Util::first_available_module (@order);
if (!$dbm_module) {
die auto-whitelist: cannot find a usable DB package from
auto_whitelist_db_modules: .
Mark
RE: Open of auto-whitelist file failed: Insecure dependency in eval...
Works like a charm!
Bug raised (6415).
Thanks very much sir!
Chris
-Original Message-
From: Mark Martinec [mailto:mark.martinec...@ijs.si]
Sent: April 18, 2010 5:48 PM
To: users@spamassassin.apache.org
Subject: Re: Open of auto-whitelist file failed: Insecure dependency in
eval...
On Sunday April 18 2010 21:33:20 Chris Welch wrote:
I just upgraded a CentOS 5.4 system to Spamassassin 3.3.1. The upgrade
was
done by a CPAN install with Perl.
The previous version (3.2.5) had worked flawlessly for a couple of years.
However, the upgraded version reports an error in the spamd.log file:
Sun Apr 18 15:21:10 2010 [7966] warn: auto-whitelist:
open of auto-whitelist file failed:
Insecure dependency in eval while running with -T switch
at /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Util.pm line 996.
Yes, a bug when you use a configuration directive auto_whitelist_db_modules.
Either avoid its use, or apply the patch below.
Please open a bug report, so that we can properly fold it into
the next version.
Index: lib/Mail/SpamAssassin/DBBasedAddrList.pm
===
--- lib/Mail/SpamAssassin/DBBasedAddrList.pm(revision 935407)
+++ lib/Mail/SpamAssassin/DBBasedAddrList.pm(working copy)
@@ -24,7 +24,7 @@
use Fcntl;
use Mail::SpamAssassin::PersistentAddrList;
-use Mail::SpamAssassin::Util;
+use Mail::SpamAssassin::Util qw(untaint_var);
use Mail::SpamAssassin::Logger;
our @ISA = qw(Mail::SpamAssassin::PersistentAddrList);
@@ -54,6 +54,7 @@
};
my @order = split (' ', $main-{conf}-{auto_whitelist_db_modules});
+ untaint_var(\...@order);
my $dbm_module = Mail::SpamAssassin::Util::first_available_module
(@order);
if (!$dbm_module) {
die auto-whitelist: cannot find a usable DB package from
auto_whitelist_db_modules: .
Mark
open of auto-whitelist file failed
Hi SA 3.2.4 on FC3 spamd is started by script and is running as root. maillog shows various users with spamd[5648]: auto-whitelist: open of auto-whitelist file failed: auto-whitelist: cannot open auto_whitelist_path /home/domain/domain71/.spamassassin/auto-whitelist No such file or directory auto-whitelist exists as a flie and is chmod 0600 owned by username.domain71 in this example but all other users are having the same auto-whitelist: open of auto-whitelist file failed other than the above all seems to work well. any ideas? googled out :( Mark
Re: open of auto-whitelist file failed
- Original Message - From: Obantec Support [EMAIL PROTECTED] To: users@spamassassin.apache.org Sent: Thursday, June 19, 2008 8:12 AM Subject: open of auto-whitelist file failed Hi SA 3.2.4 on FC3 spamd is started by script and is running as root. maillog shows various users with spamd[5648]: auto-whitelist: open of auto-whitelist file failed: auto-whitelist: cannot open auto_whitelist_path /home/domain/domain71/.spamassassin/auto-whitelist No such file or directory auto-whitelist exists as a flie and is chmod 0600 owned by username.domain71 in this example but all other users are having the same auto-whitelist: open of auto-whitelist file failed other than the above all seems to work well. any ideas? googled out :( Mark from a posting by Matus Re: points for awl users the url http://wiki.apache.org/spamassassin/AutoWhitelist suggests that my auto-whitelist files are wrong format. Easy solution it to delete them all. But! is this the only way to do this? Mark
Re: auto-whitelist: open of auto-whitelist file failed
On 06.04.2008 03:26 CE(S)T, Matt Kettler wrote: Yves Goergen wrote: Just remember to su to that user when running sa-learn. This is getting a problem now! My spamd user has no access on the mailbox directories from which I am usually learning. What's the proposed solution for that? The new fangled way would be to use spamc for learning instead of sa-learn. If you start spamd with the --allow-tell parameter, you can the use spamc -L ham, spamc -L spam or spamc -L forget on the message, and it will pass it to spamd for learning. Thank you again for that. It works almost perfectly. spamc is supposed to return a value of 5 or 6 when it's done, but it always returns 0 (says my script). But I can also live with the message spamc prints out, reading that it was successful or the message was already known. -- Yves Goergen LonelyPixel [EMAIL PROTECTED] Visit my web laboratory at http://beta.unclassified.de
Re: auto-whitelist: open of auto-whitelist file failed
On 06.04.2008 03:26 CE(S)T, Matt Kettler wrote: The new fangled way would be to use spamc for learning instead of sa-learn. And yes, it's a lot faster I believe. -- Yves Goergen LonelyPixel [EMAIL PROTECTED] Visit my web laboratory at http://beta.unclassified.de
Re: auto-whitelist: open of auto-whitelist file failed
On 05.04.2008 01:18 CE(S)T, Matt Kettler wrote: Spamd will never be able to access anything in /root/. 3.1.8 shouldn't have been able to do so any more than 3.2.4 could, but that might have been a bug.. Must have been a bug, yes. If you're always scanning mail as one user, you can create a non-privileged user account and pass that after the -u parameter to either spamd (ie: in your startup script) or to spamc (ie: in your scan-time calls). Okay, that works. I've created a new user+group with its own home directory, moved the .spamassassin directory from /root into there, chown'ed it and then started spamd again. Just remember to su to that user when running sa-learn. This is getting a problem now! My spamd user has no access on the mailbox directories from which I am usually learning. What's the proposed solution for that? What's the problem? Before the upgrade, I removed all traces from SA on the system (locate rm -rf). That was probably unnecessary.. SA will blow itself away if it's already present when you go to install it. The only time you run into trouble is if you change the PREFIX, and end up with one installed in /usr/ and the other in /usr/local. Switching from CPAN to the tarball, I wasn't sure if this would change. -- Yves Goergen LonelyPixel [EMAIL PROTECTED] Visit my web laboratory at http://beta.unclassified.de
Re: auto-whitelist: open of auto-whitelist file failed
Yves Goergen wrote: Just remember to su to that user when running sa-learn. This is getting a problem now! My spamd user has no access on the mailbox directories from which I am usually learning. What's the proposed solution for that? Well, there's a couple of ways to deal with that.. The new fangled way would be to use spamc for learning instead of sa-learn. If you start spamd with the --allow-tell parameter, you can the use spamc -L ham, spamc -L spam or spamc -L forget on the message, and it will pass it to spamd for learning. This way you guarantee that the learning runs as the same user you scan as. It's also very slightly faster as you don't have to load a perl interpreter instance. Other ways would be: Make use of groups to grant the user spamd runs as rights to the mailboxes. If all the mailboxes have the same group ownership, or you can create a group and set them all to it, then just add that to spamd user as a supplemental group. You could also make use of a root cronjob to copy/chown the files somewhere that your learner can get to them. Both of those last approaches have some limitations and won't work in all situations, hence I'd suggest the spamc -L method.. However, I do caveat that it's a somewhat new feature and I personally have never tested it, but several others do use it.
auto-whitelist: open of auto-whitelist file failed
Hello, I have upgraded SpamAssassin from 3.1.8 to 3.2.4 today. First I got errors about a nonexistent path all the time. Then I added the path to the auto_whitelist directory in local.cf. Now I get this error message every few seconds: Apr 4 20:01:36 mond spamd[14283]: auto-whitelist: open of auto-whitelist file failed: locker: safe_lock: cannot create lockfile /root/.spamassassin/auto-whitelist.mutex: Permission denied This time, I couldn't find a solution on the web. Here's the directory listing: 20:35 [EMAIL PROTECTED] ~/.spamassassin ls -al total 516 drwx-- 2 root root 4096 Apr 4 16:35 ./ drwxr-xr-x 14 root root 4096 Apr 4 19:03 ../ -rw--- 1 root root 12288 Apr 4 16:42 auto-whitelist -rw--- 1 root root 6 Apr 4 19:03 auto-whitelist.mutex -rw--- 1 root root350 Apr 4 17:42 bayes.mutex -rw--- 1 root root 24576 Apr 4 17:42 bayes_seen -rw--- 1 root root 647168 Apr 4 17:42 bayes_toks What's the problem? Before the upgrade, I removed all traces from SA on the system (locate rm -rf). It was previously installed through CPAN. But I don't think that CPAN is that comprehensive at all and decided not to use it again where I can. This SA was installed from the tarball. The /root/.spamassassin directory was created automatically then. So if it doesn't work out of the box, what can I do next? -- Yves Goergen LonelyPixel [EMAIL PROTECTED] Visit my web laboratory at http://beta.unclassified.de
Re: auto-whitelist: open of auto-whitelist file failed
Yves Goergen wrote: Hello, I have upgraded SpamAssassin from 3.1.8 to 3.2.4 today. First I got errors about a nonexistent path all the time. Then I added the path to the auto_whitelist directory in local.cf. Now I get this error message every few seconds: Apr 4 20:01:36 mond spamd[14283]: auto-whitelist: open of auto-whitelist file failed: locker: safe_lock: cannot create lockfile /root/.spamassassin/auto-whitelist.mutex: Permission denied Spamd will never be able to access anything in /root/. 3.1.8 shouldn't have been able to do so any more than 3.2.4 could, but that might have been a bug.. If spamd finds itself running as root when it's time to scan mail, it will setuid itself to nobody for security. If you're always scanning mail as one user, you can create a non-privileged user account and pass that after the -u parameter to either spamd (ie: in your startup script) or to spamc (ie: in your scan-time calls). Just remember to su to that user when running sa-learn. This time, I couldn't find a solution on the web. Here's the directory listing: 20:35 [EMAIL PROTECTED] ~/.spamassassin ls -al total 516 drwx-- 2 root root 4096 Apr 4 16:35 ./ drwxr-xr-x 14 root root 4096 Apr 4 19:03 ../ -rw--- 1 root root 12288 Apr 4 16:42 auto-whitelist -rw--- 1 root root 6 Apr 4 19:03 auto-whitelist.mutex -rw--- 1 root root350 Apr 4 17:42 bayes.mutex -rw--- 1 root root 24576 Apr 4 17:42 bayes_seen -rw--- 1 root root 647168 Apr 4 17:42 bayes_toks What's the problem? Before the upgrade, I removed all traces from SA on the system (locate rm -rf). That was probably unnecessary.. SA will blow itself away if it's already present when you go to install it. The only time you run into trouble is if you change the PREFIX, and end up with one installed in /usr/ and the other in /usr/local. It was previously installed through CPAN. But I don't think that CPAN is that comprehensive at all and decided not to use it again where I can. This SA was installed from the tarball. The /root/.spamassassin directory was created automatically then. So if it doesn't work out of the box, what can I do next? Don't use root with spamd :)
