sa-update breaks amavis ispconfig 3 ubuntu 14.04 my solution

Discussion in 'Tips/Tricks/Mods' started by justStartn, Jan 16, 2015.

  1. justStartn

    justStartn New Member

    long time ispconfig 2 user,
    first time ispconfig 3 implementor.

    others might know about this issue, but I had a non-easy time solving this, so I'm posting this so others might have a easier time if they run into this same issue.

    after following the perfect server 14.04 dovecot bind (thanks falko) and it running fine for a week or so as I was transfering my ispconfig 2/ubuntu 10.04 web/email over to the new ispconf 3/ubuntu 14.04 system, I did a sa-update due to "DNS_FROM_AHBL_RHSBL" going bad:
    # sa-update
    restarted amavis via
    # service amavis restart
    noticed that mail was queuing up and amavisd was not running.
    # netstat -tlnp | grep 10024

    mail.log showed incoming was being deferred with connection refused.

    I discovered what I think was a mess up of perms starting at the dir tree:
    I suspect by sa-update.
    after many hours I came up with a solution that seems to work; after the sa-update,
    I now do:
    # sa-update
    # find /var/lib/spamassassin -type d -exec chmod 775 {} \;
    # chmod -R 660 /var/lib/spamassassin/*
    # find /var/lib/spamassassin -type f -exec chmod o+r {} \;
    # chown -R debian-spamd:debian-spamd /var/lib/spamassassin
    # chmod 700 /var/lib/spamassassin/sa-update-keys
    # chmod 600 /var/lib/spamassassin/sa-update-keys/*
    # service amavis restart
    # cat /var/log/syslog | grep -iE 'error|issue|panic|warn|fail|auth' | grep -vE '[before|no] auth'
    below are some tests/cmds/ that helped me discover the issue, which might come in handy for others:
    # service amavis start
    # /etc/init.d/amavis debug
    # cat /var/log/syslog | grep -iE 'error|issue|panic|warn|fail|auth' | grep -vE '[before|no] auth'
    # netstat -tlnp | grep 10024
    noticed the perms changed on
    ls -l /var/lib/spamassassin/compiled/5.018/3.004000/Mail/SpamAssassin/CompiledRegexps/
    to root ... so ended up doing the perm change set above
    tests to help confirm the perms issue:
    # su - amavis
    amavis $> cat /var/lib/spamassassin/compiled/5.018/3.004000/Mail/SpamAssassin/CompiledRegexps/
    amavis $> spamassassin --lint
    amavis $> spamassassin --lint -D
    logs that I saw along the way:
    Jan 16 00:59:55 mail1 amavis[20767]: (!)_DIE: Can't locate Mail/SpamAssassin/CompiledRegexps/ Permission denied at (eval 1135) line 1.\nBEGIN failed--compilation aborted at (eval 1135) line 1.

    from /etc/init.d/amavis debug:
    config: cannot open "/var/lib/spamassassin/3.004000/": Permission denied
    Jan 16 00:40:37.691 mail1.domain.tld /usr/sbin/amavisd-new[20213]: (!!)TROUBLE in pre_loop_hook: config: no rules were found! Do you need to run 'sa-update'?
    Suicide () TROUBLE in pre_loop_hook: config: no rules were found! Do you need to run 'sa-update'?
    Last edited: Jan 16, 2015

Share This Page