One of my routine tasks is, of course, to check the logs of running systems. I stumbled upon this warning message in my spamassassin logs:
warn: pyzor: check failed: internal error
Being a lazy person I usually google for an answer but in this case each advice I found didn’t apply to me. This means I had to do detective work.
Okay, so it looked like pyzor’s having some problems. Since it is usually executed as merely one of the programs in a scanning path, normally you might not even notice it’s not running right because other engines may work well enough. You might just notice increased spam levels or more false positives. Anyway what you should do is some checking, eg. using the pyzor ping command, as such:
# pyzor ping 82.94.255.100:24441 (200, 'OK')
This tells us that pyzor’s working fine and the server IP it has cached is also responding properly. Now let’s take a step back. Where did I get this message from. Who (what process) wrote it, to which log…
Well, this was found in the spamassassin log in /var/log/spamd/current. In Bill Shupp’s qmail toaster you get SA logging exactly there. It’s started from daemontools via the /service/spamd/run script. In there you usually have something like:
#!/bin/sh exec /usr/sbin/spamd -x -u vpopmail -s stderr 2>&1
So pyzor was being executed from spamassassin with privileges of the user it was running under. And here we see that spamassassin is running under the vpopmail user. Well, so let’s check out our spamassassin configuration and permissions in there. They are usually in /etc/mail/spamassassin. Checking the local.cf file I found that I have a directive pointing pyzor where to look for it’s per-user config. Including the servers that are obtained with the pyzor discover command (found in the servers file). The config line that was doing this was (local.cf):
pyzor_options --homedir /etc/mail/spamassassin
Okay, so I have all my pyzor settings that are executed from spamassassin with vpopmail user in there. Let’s checkout permissions:
drwxr-xr-x 4 root root 4096 2008-06-08 19:34 .
drwxr-xr-x 118 root root 12288 2008-06-21 14:48 ..
-rw-r--r-- 1 root root 939 2007-10-01 20:55 65_debian.cf
lrwxrwxrwx 1 root root 16 2007-10-24 07:21 FuzzyOcr.cf -> FuzzyOcr.cf.real
-rw-r--r-- 1 root root 5448 2007-05-03 00:54 FuzzyOcr.cf.real
-rw-r--r-- 1 root root 425 2007-05-03 00:54 FuzzyOcr.words
-rw-r--r-- 1 root root 1297 2008-06-08 19:34 init.pre
-rw-r--r-- 1 root root 689 2008-03-22 13:12 local.cf
-rw-r--r-- 1 root root 1208 2007-10-24 06:21 local.cf.bak
drwx------ 2 root root 4096 2008-06-17 07:29 sa-update-keys
-rw------- 1 root root 20 2008-03-22 13:11 servers
drwxr-xr-x 2 vpopmail root 4096 2008-06-23 02:44 .spamassassin
-rw-r--r-- 1 root root 2599 2008-06-08 19:33 v310.pre
-rw-r--r-- 1 root root 1194 2007-10-24 06:16 v312.pre
-rw-r--r-- 1 root root 2412 2008-06-08 19:33 v320.pre
The culprit is the red server file. As you see vpopmail user can’t access it. Changing the permissions accordingly fixed my problem. 🙂
Note that I am currently not sure if I added this line myself, was it some installation script or is it a Ubuntu package configuration.
Did you have a similar issue?