Bug 1288853
| Summary: | pyzor: check failed: internal error, python traceback seen in response | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Harald Reindl <h.reindl> | ||||
| Component: | pyzor | Assignee: | Andreas Thienemann <andreas> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
| Severity: | unspecified | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 27 | CC: | andreas, h.reindl, j, lucilanga, ncarrilho, rkudyba | ||||
| Target Milestone: | --- | Keywords: | Reopened | ||||
| Target Release: | --- | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | pyzor-1.0.0-16.20180724git2b8d76d.fc27 pyzor-1.0.0-16.20180724git2b8d76d.fc28 | Doc Type: | Bug Fix | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2018-08-02 15:40:33 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
|
Description
Harald Reindl
2015-12-06 15:24:47 UTC
Could be python3, could be selinux, could be something else. You'll need to provide that backtrace for me to say much more. Unfortunately spamassassin throws it away unless you turn up its debugging settings, so you'll need to do that and then hope you can catch a backtrace. If abrt were running it should have been reported, and you are welcome to compare whatever backtrace you might find against those that are already being tracked. It could at least NOT be Selinu - no selinux on my machines Do you tell me your pyzor setup don't spit that messages or that you don't own a setup and build just random untested packages OK, so it's not selinux. Now all I need is the backtrace and I'll take a look. well, interesting that i don't see that messages when using "/usr/bin/spamc -s 20000000 --socket /run/spamassassin/spamassassin.sock < /var/lib/spamass-milter/spam-example.eml" but only when a mail get passed through postfix/spamass-milter/spamd
________________________
here the stacktrace, below the systemd units
Dec 7 20:15:01 testserver spamd[4820]: pyzor: opening pipe: /usr/bin/pyzor check < /tmp/.spamassassin4820FrkzThtmp
Dec 7 20:15:01 testserver spamd[4841]: util: setuid: ruid=189 euid=189
Dec 7 20:15:01 testserver spamd[4820]: pyzor: [4841] finished: exit 1
Dec 7 20:15:01 testserver spamd[4820]: pyzor: got response: Traceback (most recent call last):\n File "/usr/bin/pyzor", line 408, in <module>\n main()\n File "/usr/bin/pyzor", line 152, in main\n if not dispatch(client, servers, config):\n File "/usr/bin/pyzor", line 239, in check\n send_digest(digested, mock_runner, servers)\n File "/usr/bin/pyzor", line 262, in send_digest\n _send_digest(runner, servers[0], digested)\n File "/usr/bin/pyzor", line 253, in _send_digest\n runner.run(server, (digested, server))\n File "/usr/lib/python3.4/site-packages/pyzor/client.py", line 258, in run\n response = self.routine(*args, **kwargs)\n File "/usr/lib/python3.4/site-packages/pyzor/client.py", line 122, in _mock_check\n pyzor.proto_version))\nTypeError: unsupported operand type(s) for %: 'bytes' and 'tuple'
Dec 7 20:15:01 testserver spamd[4820]: dns: leaving helper-app run mode
Dec 7 20:15:01 testserver spamd[4820]: pyzor: check failed: internal error, python traceback seen in response
________________________
[root@testserver:~]$ cat /etc/systemd/system/spamass-milter.service
[Unit]
Description=SpamAssassin Postfix-Milter
Wants=spamassassin.service
After=spamassassin.service
Before=postfix.service
[Service]
Type=simple
UMask=0022
Environment="TMPDIR=/tmp"
ExecStart=/usr/sbin/spamass-milter -p /run/spamass-milter/spamass-milter.sock -g sa-milt -R 'Blocked by Spamfilter' -r 8.0 -- -s 10485760 --socket=/run/spamassassin/spamassassin.sock
Environment="LANG=en_GB.UTF-8"
User=sa-milt
Group=sa-milt
Nice=15
Restart=always
RestartSec=1
PrivateTmp=yes
PrivateDevices=yes
NoNewPrivileges=yes
CapabilityBoundingSet=CAP_KILL
SystemCallArchitectures=x86-64
ReadOnlyDirectories=/etc
ReadOnlyDirectories=/usr
ReadOnlyDirectories=/var/lib
ReadOnlyDirectories=/var/lib/spamass-milter/.spamassassin
ReadWriteDirectories=/var/spool/postfix
ReadWriteDirectories=/var/lib/postfix
InaccessibleDirectories=-/var/lib/spamass-milter/training
InaccessibleDirectories=-/boot
InaccessibleDirectories=-/home
InaccessibleDirectories=-/media
InaccessibleDirectories=-/root
InaccessibleDirectories=-/etc/dbus-1
InaccessibleDirectories=-/etc/modprobe.d
InaccessibleDirectories=-/etc/modules-load.d
InaccessibleDirectories=-/etc/ssh
InaccessibleDirectories=-/etc/sysctl.d
InaccessibleDirectories=-/run/console
InaccessibleDirectories=-/run/dbus
InaccessibleDirectories=-/run/lock
InaccessibleDirectories=-/run/mount
InaccessibleDirectories=-/run/systemd/generator
InaccessibleDirectories=-/run/systemd/system
InaccessibleDirectories=-/run/systemd/users
InaccessibleDirectories=-/run/udev
InaccessibleDirectories=-/run/user
InaccessibleDirectories=-/usr/lib64/dbus-1
InaccessibleDirectories=-/usr/lib64/xtables
InaccessibleDirectories=-/usr/lib/dracut
InaccessibleDirectories=-/usr/libexec/iptables
InaccessibleDirectories=-/usr/libexec/openssh
InaccessibleDirectories=-/usr/lib/grub
InaccessibleDirectories=-/usr/lib/kernel
InaccessibleDirectories=-/usr/lib/modprobe.d
InaccessibleDirectories=-/usr/lib/modules
InaccessibleDirectories=-/usr/lib/modules-load.d
InaccessibleDirectories=-/usr/lib/rpm
InaccessibleDirectories=-/usr/lib/sysctl.d
InaccessibleDirectories=-/usr/lib/udev
InaccessibleDirectories=-/usr/local/scripts
InaccessibleDirectories=-/var/db
InaccessibleDirectories=-/var/lib/dbus
InaccessibleDirectories=-/var/lib/rpm
InaccessibleDirectories=-/var/lib/systemd
InaccessibleDirectories=-/var/lib/yum
[Install]
WantedBy = multi-user.target
________________________
[root@testserver:~]$ cat /etc/systemd/system/spamassassin.service
[Unit]
Description=Spamassassin Daemon
After=network.service systemd-networkd.service network-online.target
Wants=sa-update.timer
[Service]
Environment="TMPDIR=/tmp"
PermissionsStartOnly=true
ExecStartPre=/usr/bin/find /var/lib/spamassassin/ -type d -exec /bin/chmod 0755 "{}" \;
ExecStartPre=/usr/bin/find /var/lib/spamassassin/ -type f -exec /bin/chmod 0644 "{}" \;
ExecStart=/usr/bin/spamd -D --max-children=20 --min-children=5 --min-spare=5 --max-spare=10 --max-conn-per-child=100 --socketpath=/run/spamassassin/spamassassin.sock --socketmode=0666
ExecReload=/usr/bin/kill -HUP $MAINPID
Environment="LANG=en_GB.UTF-8"
User=sa-milt
Group=sa-milt
RuntimeDirectory=spamassassin
RuntimeDirectoryMode=0775
Nice=15
StandardOutput=null
StandardError=null
SyslogFacility=mail
Restart=always
RestartSec=1
PrivateTmp=yes
PrivateDevices=yes
NoNewPrivileges=yes
CapabilityBoundingSet=CAP_KILL CAP_SYS_CHROOT
RestrictAddressFamilies=~AF_APPLETALK AF_ATMPVC AF_AX25 AF_PACKET AF_X25
ReadOnlyDirectories=/etc
ReadOnlyDirectories=/usr
ReadOnlyDirectories=/var
ReadOnlyDirectories=/var/lib/spamass-milter/.spamassassin
ReadWriteDirectories=/var/lib/spamassassin
InaccessibleDirectories=-/var/lib/spamass-milter/training
InaccessibleDirectories=-/boot
InaccessibleDirectories=-/home
InaccessibleDirectories=-/media
InaccessibleDirectories=-/root
InaccessibleDirectories=-/etc/dbus-1
InaccessibleDirectories=-/etc/modprobe.d
InaccessibleDirectories=-/etc/modules-load.d
InaccessibleDirectories=-/etc/postfix
InaccessibleDirectories=-/etc/ssh
InaccessibleDirectories=-/etc/sysctl.d
InaccessibleDirectories=-/run/console
InaccessibleDirectories=-/run/dbus
InaccessibleDirectories=-/run/lock
InaccessibleDirectories=-/run/mount
InaccessibleDirectories=-/run/systemd/generator
InaccessibleDirectories=-/run/systemd/system
InaccessibleDirectories=-/run/systemd/users
InaccessibleDirectories=-/run/udev
InaccessibleDirectories=-/run/user
InaccessibleDirectories=-/usr/lib64/dbus-1
InaccessibleDirectories=-/usr/lib64/xtables
InaccessibleDirectories=-/usr/lib/dracut
InaccessibleDirectories=-/usr/libexec/iptables
InaccessibleDirectories=-/usr/libexec/openssh
InaccessibleDirectories=-/usr/libexec/postfix
InaccessibleDirectories=-/usr/lib/grub
InaccessibleDirectories=-/usr/lib/kernel
InaccessibleDirectories=-/usr/lib/modprobe.d
InaccessibleDirectories=-/usr/lib/modules
InaccessibleDirectories=-/usr/lib/modules-load.d
InaccessibleDirectories=-/usr/lib/rpm
InaccessibleDirectories=-/usr/lib/sysctl.d
InaccessibleDirectories=-/usr/lib/udev
InaccessibleDirectories=-/usr/local/scripts
InaccessibleDirectories=-/var/db
InaccessibleDirectories=-/var/lib/bayes-persistent
InaccessibleDirectories=-/var/lib/clamav
InaccessibleDirectories=-/var/lib/dbmail
InaccessibleDirectories=-/var/lib/dbus
InaccessibleDirectories=-/var/lib/dhcpd
InaccessibleDirectories=-/var/lib/dnf
InaccessibleDirectories=-/var/lib/imapproxy
InaccessibleDirectories=-/var/lib/initramfs
InaccessibleDirectories=-/var/lib/mailgraph
InaccessibleDirectories=-/var/lib/mlocate
InaccessibleDirectories=-/var/lib/mysql
InaccessibleDirectories=-/var/lib/ntp
InaccessibleDirectories=-/var/lib/postfix
InaccessibleDirectories=-/var/lib/rkhunter
InaccessibleDirectories=-/var/lib/rpm
InaccessibleDirectories=-/var/lib/systemd
InaccessibleDirectories=-/var/lib/unbound
InaccessibleDirectories=-/var/lib/vnstat
InaccessibleDirectories=-/var/lib/yum
InaccessibleDirectories=-/var/named
InaccessibleDirectories=-/var/spool
InaccessibleDirectories=-/var/www
InaccessibleDirectories=-/Volumes/dune/mysql_data
InaccessibleDirectories=-/Volumes/dune/mysql_tmp
InaccessibleDirectories=-/Volumes/dune/updateservice
InaccessibleDirectories=-/Volumes/dune/www-servers
[Install]
WantedBy=multi-user.target
Have reported this upstream as https://github.com/SpamExperts/pyzor/issues/44 Will have to look further. Unfortunately the code isn't particularly well documented so I'm not completely aware of the point of the creation of mock_runner in check(). I have a feeling that commenting out the two references to mock_runner would get past this. I don't use milters in my environment (as I use Exim which talks to spamassassin directly) so differences in our environments could be why I'm not seeing this. There are no matching backtraces in FAF and nothing related reported upstream. thank you for resporting upstream! will hold back Fedora 23 for now on production servers Note that upstream seems to have gone idle, so I'm not expecting much. They haven't responded to the previous issue I sent upstream. So do keep that in mind before using pyzor at all on production servers, Fedora 23 or not. If I can patch this in our package then I will do so. Have to manage to reproduce it first, though. Unless, of course, you want to try doing the commenting I mentioned earlier. can you provide a scratch-build so i could try it and give feedback if what you think solves the problem and at the same time you can verify that your setup still works would take away the need that you can reproduce it at your own Created attachment 1122427 [details]
sample message
it seems that the stacktraces don't happen always but at least with the sample-attachment and "spamassassin -D < Test.eml" it's reproduceable
Feb 9 15:11:28.078 [7838] dbg: pyzor: pyzor is available: /usr/bin/pyzor Feb 9 15:11:28.079 [7838] dbg: util: secure_tmpfile created a temporary file /tmp/.spamassassin78382mft2Ttmp Feb 9 15:11:28.079 [7838] dbg: check: create_fulltext_tmpfile, written 1521 bytes to file /tmp/.spamassassin78382mft2Ttmp Feb 9 15:11:28.079 [7838] dbg: dns: entering helper-app run mode Feb 9 15:11:28.080 [7838] dbg: pyzor: opening pipe: /usr/bin/pyzor check < /tmp/.spamassassin78382mft2Ttmp Feb 9 15:11:28.084 [7839] dbg: util: setuid: ruid=189 euid=189 Feb 9 15:11:28.238 [7838] dbg: pyzor: [7839] finished: exit 1 Feb 9 15:11:28.238 [7838] dbg: pyzor: got response: Traceback (most recent call last):\n File "/usr/bin/pyzor", line 408, in <module>\n main()\n File "/usr/bin/pyzor", line 152, in main\n if not dispatch(client, servers, config):\n File "/usr/bin/pyzor", line 239, in check\n send_digest(digested, mock_runner, servers)\n File "/usr/bin/pyzor", line 262, in send_digest\n _send_digest(runner, servers[0], digested)\n File "/usr/bin/pyzor", line 253, in _send_digest\n runner.run(server, (digested, server))\n File "/usr/lib/python3.4/site-packages/pyzor/client.py", line 258, in run\n response = self.routine(*args, **kwargs)\n File "/usr/lib/python3.4/site-packages/pyzor/client.py", line 122, in _mock_check\n pyzor.proto_version))\nTypeError: unsupported operand type(s) for %: 'bytes' and 'tuple' Feb 9 15:11:28.239 [7838] dbg: dns: leaving helper-app run mode Feb 9 15:11:28.239 [7838] warn: pyzor: check failed: internal error, python traceback seen in response looks like that's not entirely new and only reported different because doing the same on F22 looks like this: Feb 9 15:18:06.889 [18296] dbg: pyzor: opening pipe: /usr/bin/pyzor check < /tmp/.spamassassin182961NhDsbtmp Feb 9 15:18:06.891 [18299] dbg: util: setuid: ruid=189 euid=189 Feb 9 15:18:06.915 [18296] dbg: pyzor: [18299] finished: exit 1 Feb 9 15:18:06.915 [18296] dbg: dns: leaving helper-app run mode Feb 9 15:18:06.915 [18296] dbg: pyzor: check failed: no response Upstream has come to life recently, but I'm reluctant to push a git snapshot. I can give you one to test if you like, though. Or just push it to testing. please provide a snapshot, now since i can reprdouce that easily and the job of pyzor is just a single task (generate checksums and do dns requests) such crashes should not happen and doing so depending on the content may be security relevant too There's a build at http://koji.fedoraproject.org/koji/buildinfo?buildID=734880. I haven't pushed it to testing yet because I haven't done anything other than install it and run the command line client at this point. I'm going out of town for a few days tomorrow morning and I might not have time to do anything more until I get back. thanks - running the above snapshot on my testserver good: works bad: same crashes spamassassin -D < attachemnt from https://bugzilla.redhat.com/show_bug.cgi?id=1288853#c9 also reproducable by pass the EICAR virus sample through SpamAssassin, i know that this is not a valid email but as far as i understand the issue it happens with extremly short messages containing only one or two words at all ____________________________________________________ [sa-milt@testserver:~]$ cat sample-virus X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* REINDL-HARALD-ARCHIVED ____________________________________________________ [sa-milt@testserver:~]$ pyzor check < sample-virus
Traceback (most recent call last):
File "/usr/bin/pyzor", line 429, in <module>
main()
File "/usr/bin/pyzor", line 152, in main
if not dispatch(client, servers, config):
File "/usr/bin/pyzor", line 260, in check
send_digest(digested, mock_runner, servers)
File "/usr/bin/pyzor", line 283, in send_digest
_send_digest(runner, servers[0], digested)
File "/usr/bin/pyzor", line 274, in _send_digest
runner.run(server, (digested, server))
File "/usr/lib/python3.4/site-packages/pyzor/client.py", line 258, in run
response = self.routine(*args, **kwargs)
File "/usr/lib/python3.4/site-packages/pyzor/client.py", line 122, in _mock_check
pyzor.proto_version))
TypeError: unsupported operand type(s) for %: 'bytes' and 'tuple'
This message is a reminder that Fedora 23 is nearing its end of life. Approximately 4 (four) weeks from now Fedora will stop maintaining and issuing updates for Fedora 23. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a Fedora 'version' of '23'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora 23 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior this bug is closed as described in the policy above. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. *** Bug 1405583 has been marked as a duplicate of this bug. *** *** Bug 1415205 has been marked as a duplicate of this bug. *** *** Bug 1415206 has been marked as a duplicate of this bug. *** *** Bug 1426690 has been marked as a duplicate of this bug. *** This message is a reminder that Fedora 24 is nearing its end of life. Approximately 2 (two) weeks from now Fedora will stop maintaining and issuing updates for Fedora 24. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a Fedora 'version' of '24'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora 24 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior this bug is closed as described in the policy above. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. Fedora 24 changed to end-of-life (EOL) status on 2017-08-08. Fedora 24 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. If you are unable to reopen this bug, please file a new report against the current release. If you experience problems, please add a comment to this bug. Thank you for reporting this bug and we are sorry it could not be fixed. Pyzor TERMINATED errors: 526 time(s) still apears in Logwatch on F25 same here can someone reopen? This is seen in RHEL 7.4 and should be re-opened. pyzor-1.0.0-16.20180724git2b8d76d.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-71652c2fdf pyzor-1.0.0-16.20180724git2b8d76d.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-17a549ab26 seems to be fixed with this build, see "command" on the client and the maillog on the server - wow - wthat took really long ------------- [harry@srv-rhsoft:~]$ mail test.net Subject: Test Test . EOT Jul 25 00:59:58 testserver spamd[11132]: spamd: got connection over /run/spamassassin/spamassassin.sock Jul 25 00:59:58 testserver spamd[11132]: spamd: processing message <41Zv2N0Ym6zBsgP.net> for sa-milt:189 Jul 25 01:00:00 testserver spamd[11132]: pyzor: check failed: internal error, python traceback seen in response Jul 25 01:00:01 testserver spamd[11132]: spamd: clean message (3.9/5.5) for sa-milt:189 in 3.0 seconds, 1051 bytes. Jul 25 01:00:01 testserver spamd[11132]: spamd: result: . 3 - BAYES_50,BOGOFILTER_UNSURE,CUST_DNSBL_26_NSZONES,CUST_DNSBL_2_SORBS_DUL,CUST_DNSBL_4_ZEN_PBL,LOCALPART_IN_SUBJECT,SPF_PASS scantime=3.0,size=1051,user=sa-milt,uid=189,required_score=5.5,rhost=localhost,raddr=127.0.0.1,rport=/run/spamassassin/spamassassin.sock,mid=<41Zv2N0Ym6zBsgP.net>,bayes=0.488711,autolearn=disabled,shortcircuit=no ------------- after the update [harry@srv-rhsoft:~]$ mail test.net Subject: Test Test . EOT Jul 25 01:01:25 testserver spamd[11133]: spamd: got connection over /run/spamassassin/spamassassin.sock Jul 25 01:01:25 testserver spamd[11133]: spamd: processing message <41Zv422zNHzBsgP.net> for sa-milt:189 Jul 25 01:01:27 testserver spamd[11133]: spamd: clean message (3.9/5.5) for sa-milt:189 in 2.6 seconds, 1051 bytes. Jul 25 01:01:27 testserver spamd[11133]: spamd: result: . 3 - BAYES_50,BOGOFILTER_UNSURE,CUST_DNSBL_26_NSZONES,CUST_DNSBL_2_SORBS_DUL,CUST_DNSBL_4_ZEN_PBL,LOCALPART_IN_SUBJECT,SPF_PASS scantime=2.6,size=1051,user=sa-milt,uid=189,required_sco ------------- pyzor-1.0.0-16.20180724git2b8d76d.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-71652c2fdf pyzor-1.0.0-16.20180724git2b8d76d.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-17a549ab26 pyzor-1.0.0-16.20180724git2b8d76d.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report. pyzor-1.0.0-16.20180724git2b8d76d.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report. Hi, I still have the same error on fC34 rawhide: pyzor-1.0.0-25.20200530gitf46159b.fc34.noarch abrt-notification[301713]: Process 565622 (pyzor) of user 979 encountered an uncaught PermissionError exception abrt-server[301538]: Not saving repeating crash in '/usr/bin/pyzor' python3[322383]: detected unhandled Python exception in '/usr/bin/pyzor' amavis[299754]: (299754-11) _WARN: internal error, python traceback seen in response What is a possible resolution? Thanks |