Discussion:
postfix, dspam, maildrop - Cannot set my user or group id
Lists Mailbox at prefork
2004-11-08 14:07:24 UTC
Permalink
Hi list !

Maybe anyone has the right hint for me ?
After days and weeks filled with trying crying, I got dspam working ..
Working from commandline is fine, but something in the mail-setup seems to
be wormed ...

Mail comes in, is correctly given to the transport dspam which is defined
in the master.cf with the following entry:

dspam unix - n n - - pipe
flags=DRhu user=mail argv=/usr/bin/dspam --user ${recipient} --mode=teft
--class=innocent --source=inoculation --deliver=innocent -d
${user}@${nexthop}

The, I hope, right corresponding entry in dspam for maildrop ist the
follwing:

TrustedDeliveryAgent "/usr/bin/maildrop"

That setup should, in my opinion, push a mail into dspam, who pushes it
into maildrop for delivery, regardless of (hopefully tagged) spam.

But something does not want to play the game .........

Nov 8 12:47:45 gustav maildrop[7658]: Cannot set my user or group id.
Nov 8 12:47:45 gustav postfix/pipe[7618]: 4F1B35800084:
to=<***@times.de>, relay=dspam, delay=1, status=deferred (temporary
failure. Command output: 7654: [11/8/2004 12:47:44] query error: VERBOSE
DEBUG (Not an error): see sql.errors for more details /usr/bin/maildrop:
Cannot set my user or group id. 7654: [11/8/2004 12:47:45] Delivery agent
returned error, exit code: 75, command line: /usr/bin/maildrop -d
***@times.de )

I tried with different setups of maildrop, suid, compiling with and
without --enable-trusted-users, configuring different users
(postfix/root/vmail) in /etc/maildropmysql.config, but NOTHING worked out
for me ..
By the way, all users are virtual.

Were great, somebody could help !

Bye, ...olli
John Locke
2004-11-08 18:52:55 UTC
Permalink
Hi,
Post by Lists Mailbox at prefork
Hi list !
Maybe anyone has the right hint for me ?
I can try...
Post by Lists Mailbox at prefork
Mail comes in, is correctly given to the transport dspam which is defined
dspam unix - n n - - pipe
flags=DRhu user=mail argv=/usr/bin/dspam --user ${recipient} --mode=teft
--class=innocent --source=inoculation --deliver=innocent -d
I have "-d %u" on this transport--so it delivers to ${recipient}, not
${user}@$nexthop. This is going to depend on how your transport is
called--I use ${user}@${nexthop} for the spam training aliases, after
rewriting them with a regular expression transport map.
Post by Lists Mailbox at prefork
The, I hope, right corresponding entry in dspam for maildrop ist the
TrustedDeliveryAgent "/usr/bin/maildrop"
That setup should, in my opinion, push a mail into dspam, who pushes it
into maildrop for delivery, regardless of (hopefully tagged) spam.
Well, it should deliver innocent mail with this configuration, but not
spam.
Post by Lists Mailbox at prefork
But something does not want to play the game .........
Nov 8 12:47:45 gustav maildrop[7658]: Cannot set my user or group id.
failure. Command output: 7654: [11/8/2004 12:47:44] query error: VERBOSE
Cannot set my user or group id. 7654: [11/8/2004 12:47:45] Delivery agent
returned error, exit code: 75, command line: /usr/bin/maildrop -d
Have you set the "Trust" users in /etc/dspam.conf? I have mine set to:
Trust root
Trust mail
Trust dspamcgi

My maildrop binary is SetUID root (4755 root:mail), and was compiled
with --enable-trusted-users="root dspamcgi mail". That's probably what
is missing from your configuration--Maildrop only allows these trusted
users to change user accounts when running setuid root.
Post by Lists Mailbox at prefork
I tried with different setups of maildrop, suid, compiling with and
without --enable-trusted-users, configuring different users
(postfix/root/vmail) in /etc/maildropmysql.config, but NOTHING worked out
for me ..
Not sure why /etc/maildropmysql.config would matter here--that's just
database connection info.

Hope that helps you track it down. I have a mix of local and virtual
users, and have this working just fine...

Cheers,
--
John Locke
"Open Source Solutions for Small Business Problems"
published by Charles River Media, June 2004
http://www.freelock.com
Lists Mailbox at prefork
2004-11-09 09:20:41 UTC
Permalink
Hi List, hi John,

Thanks for your answer ! It worked great in the way you described that.
But we didnt have to recompile the maildrop-package.

I still had some questions, which I hope someone can answer ?

The big aim is, to provide our users a solution, where ALL MAILS are
delivered to their mailfolders, SPAM in a SPAM-Folder and so on.
We´re planning to do this by invoking maildrop´s maildroprc after scanning
with dspam. That should work, I hope or has someone a better suggestion ?

Users should be able to move unrecognized spam in a folder SPAM-unseen
false-positives in their normal INBOX to be trained (retrained) as no-spam
(will that work, dspam would train many, many messages several times !?)

We would like to invoke the dspam Training-methods by cron every 15 min or
so. That job should run through all of our customers mailboxes, about 400
yet, learn the new spams, delete them after learning, a.s.o.

(@John ?:) What would I have to do to let dspam deliver innocent messages
as well as the spam .. !?

The current steup is in master.cf

dspam unix - n n - - pipe
flags=DRhu user=mail argv=/usr/bin/dspam --user ${recipient} --mode=teft
--class=innocent --source=inoculation --deliver=innocent -d
${user}@${nexthop}

and, the corresponding entry in main.cf

virtual_transport = dspam
maildrop_destination_recipient_limit = 1

I think we should edit that to

dspam_destination_recipient_limit = 1 # ??

Thanks in advance, any answer is appreciated ... ;-)

...olli
Post by John Locke
Hi,
Post by Lists Mailbox at prefork
Hi list !
Maybe anyone has the right hint for me ?
I can try...
Post by Lists Mailbox at prefork
Mail comes in, is correctly given to the transport dspam which is defined
dspam unix - n n - - pipe
flags=DRhu user=mail argv=/usr/bin/dspam --user ${recipient} --mode=teft
--class=innocent --source=inoculation --deliver=innocent -d
I have "-d %u" on this transport--so it delivers to ${recipient}, not
rewriting them with a regular expression transport map.
Post by Lists Mailbox at prefork
The, I hope, right corresponding entry in dspam for maildrop ist the
TrustedDeliveryAgent "/usr/bin/maildrop"
That setup should, in my opinion, push a mail into dspam, who pushes it
into maildrop for delivery, regardless of (hopefully tagged) spam.
Well, it should deliver innocent mail with this configuration, but not
spam.
Post by Lists Mailbox at prefork
But something does not want to play the game .........
Nov 8 12:47:45 gustav maildrop[7658]: Cannot set my user or group id.
failure. Command output: 7654: [11/8/2004 12:47:44] query error: VERBOSE
Cannot set my user or group id. 7654: [11/8/2004 12:47:45] Delivery agent
returned error, exit code: 75, command line: /usr/bin/maildrop -d
Trust root
Trust mail
Trust dspamcgi
My maildrop binary is SetUID root (4755 root:mail), and was compiled
with --enable-trusted-users="root dspamcgi mail". That's probably what
is missing from your configuration--Maildrop only allows these trusted
users to change user accounts when running setuid root.
Post by Lists Mailbox at prefork
I tried with different setups of maildrop, suid, compiling with and
without --enable-trusted-users, configuring different users
(postfix/root/vmail) in /etc/maildropmysql.config, but NOTHING worked out
for me ..
Not sure why /etc/maildropmysql.config would matter here--that's just
database connection info.
Hope that helps you track it down. I have a mix of local and virtual
users, and have this working just fine...
Cheers,
--
John Locke
"Open Source Solutions for Small Business Problems"
published by Charles River Media, June 2004
http://www.freelock.com
vpopmail ÜÖ
2004-11-09 07:43:15 UTC
Permalink
Mornin,

i used dspam now a long time with training mode = teft but it seems to
do to much false positives..

My Setup:

i use one dspam_user for all mailboxes ( about 20). All users use the
one user to report false-positives and missing spam .

The Problem is that a few users don'T report all false positives and
missing spam. So DSPAM is not good trained :-(

So my idea was to feed a corpus of spam and innocent and after that use
trainingmode = TOE.
I call dspam with the "--feature=whitelist,noise,chained" switch.

What you guys think about it ? Is it a good idea?

Or what you think will help ?
John Locke
2004-11-11 14:38:18 UTC
Permalink
Hi,
Post by Lists Mailbox at prefork
Thanks for your answer ! It worked great in the way you described that.
But we didnt have to recompile the maildrop-package.
You're welcome.
Post by Lists Mailbox at prefork
I still had some questions, which I hope someone can answer ?
The big aim is, to provide our users a solution, where ALL MAILS are
delivered to their mailfolders, SPAM in a SPAM-Folder and so on.
We´re planning to do this by invoking maildrop´s maildroprc after scanning
with dspam. That should work, I hope or has someone a better suggestion ?
I deliver innocent mail, and quarantine spam. I have a shell script that
finds all the Dspam users on my system, looks for an IMAP folder named
"Junk" in each inbox, and pipes any messages in this folder to Dspam to
train as spam. After processing each message, the script deletes it. I
run this script from cron hourly.
Post by Lists Mailbox at prefork
Users should be able to move unrecognized spam in a folder SPAM-unseen
false-positives in their normal INBOX to be trained (retrained) as no-spam
(will that work, dspam would train many, many messages several times !?)
No reason you couldn't set up a false positive folder, too--you'd just
have to figure out how to make it train each message only once, and
train your users to use it.
Post by Lists Mailbox at prefork
We would like to invoke the dspam Training-methods by cron every 15 min or
so. That job should run through all of our customers mailboxes, about 400
yet, learn the new spams, delete them after learning, a.s.o.
For this many users, I would monitor carefully to make sure one process
is complete before the next begins...
Post by Lists Mailbox at prefork
as well as the spam .. !?
I assume you mean deliver spam as well as innocent? Change the --deliver
flag below to --deliver=innocent,spam
Post by Lists Mailbox at prefork
dspam unix - n n - - pipe
flags=DRhu user=mail argv=/usr/bin/dspam --user ${recipient} --mode=teft
--class=innocent --source=inoculation --deliver=innocent -d
dspam unix - n n - - pipe
flags=DRhu user=mail argv=/usr/bin/dspam --user ${recipient} --mode=teft
Post by Lists Mailbox at prefork
and, the corresponding entry in main.cf
virtual_transport = dspam
Hmm. Haven't tried that--I specify the transport in a transport table,
stored in MySQL, for each domain or email address that wants to use
Dspam.

I do use virtual_mailbox_maps to have Postfix verify the recipient
address before delivering to Dspam. This does result in several MySQL
calls per delivery:

1. Postfix virtual(8) delivery calls MySQL to get user ID--if not found,
message is rejected.
2. Dspam calls MySQL to do its thing.
3. Maildrop calls MySQL to get delivery location for user ID.

My traffic is low enough that this isn't a concern. If anyone has a
better way of managing this, I'd love to hear about it!

But virtual_transport to me looks like a way of redefining virtual(5),
not virtual(8)--I use virtual(5) to forward one email address to
another. Is this working the way you want?
Post by Lists Mailbox at prefork
maildrop_destination_recipient_limit = 1
I think we should edit that to
dspam_destination_recipient_limit = 1 # ??
Yes. I have both set, because I have a few users who use Maildrop
without Dspam. It's also convenient if I need to take Dspam down for
maintenance.
Post by Lists Mailbox at prefork
Thanks in advance, any answer is appreciated ... ;-)
Cheers,
--
John Locke
"Open Source Solutions for Small Business Problems"
published by Charles River Media, June 2004
http://www.freelock.com

Loading...