Description of problem: With new perl, it seems that spampd cannot run with -T flag any more. It gives this error: ------------------ Dec 5 13:53:55 <host> spampd[19897]: WARNING!! Error in process_request eval block: Insecure dependency in connect while running with -T switch at /usr/lib64/perl5/IO/Socket.pm line 115. ------------------ And then it closes the connection. This, of course, completely trips up postfix, which then queues up e-mails internally etc. Version-Release number of selected component (if applicable): spampd-2.30-15.noarch How reproducible: Always. Steps to Reproduce: 1. Configure spampd as filter in /etc/postfix/master.cf 2. Run spampd. 3. See errors above. Actual results: Connection to the port spampd runs on is immediately closed. Expected results: Was not a problem in F-19, so regression. Additional info:
See that Debian bug for the patch.
Just requested commit access on spampd in order to fix this. It seems that this package is mostly unmaintained. I converted to systemd.
Created attachment 834600 [details] Convert to systemd, untaint some varilables to please new Perl, dispose of PID file
So, the patch is here, just in case someone can pick this up before I get commit status for the package. I'm guessing this may also address bug #678137, but in a different way. Instead of relying on PID file and then HUP-ing or what not, sa-update can just tell systemd to reload this service.
Ping... Still no response from the maintainer.
spampd-2.30-16.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/FEDORA-2014-0705/spampd-2.30-16.fc20
spampd-2.30-16.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
Thanks for fixing this bug, it indeed solves this issue. Please note that in the details, a rather important notice is given: > The environment file, /etc/sysconfig/spampd, now has a slighly > different format. Instead of using options, use SPAMPD_OPTIONS. > For instance: > > SPAMPD_OPTIONS="--host=127.0.0.1:10026 --relayhost=127.0.0.1:10027" I would like to suggest adding such a /etc/sysconfig/spampd file in the package, with exactly that content. The reason is that in Fedora, tcp port 10025 is reserved for Amavis, in SELinux policy as follows: > amavisd_send_port_t tcp 10025 Now tcp/10025 also happens to be the default listener for spampd, but in the SELinux policy ports 10026 and 10027 are reserved for spampd instead: > spamd_port_t tcp 783, 10026, 10027 So in order for spampd to actually work on Fedora you need to override the default port, which is exactly what the suggested config file does. Additionally I might add that while spampd is now allowed to run and listen on tcp/10026, it still does not seem to be allowed to connect back on tcp/10027: type=AVC msg=audit(1391087514.778:5806): avc: denied { name_connect } for pid=3078 comm="spampd" dest=10027 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:spamd_port_t:s0 tclass=tcp_socket If required, I can file a separate bug for this remaining issue.
I filed a separate bug (bug #1059742) for that selinux issue.
(In reply to Erik Logtenberg from comment #8) > Thanks for fixing this bug, it indeed solves this issue. > > Please note that in the details, a rather important notice is given: > > > The environment file, /etc/sysconfig/spampd, now has a slighly > > different format. Instead of using options, use SPAMPD_OPTIONS. > > For instance: > > > > SPAMPD_OPTIONS="--host=127.0.0.1:10026 --relayhost=127.0.0.1:10027" > > I would like to suggest adding such a /etc/sysconfig/spampd file in the > package, with exactly that content. Yeah, I can do that.
(In reply to Bojan Smojver from comment #10) > Yeah, I can do that. https://admin.fedoraproject.org/updates/spampd-2.30-17.fc20