Bug 469605 - pyzor doesn't work with spamassassin: check failed: internal error
pyzor doesn't work with spamassassin: check failed: internal error
Status: CLOSED WONTFIX
Product: Fedora
Classification: Fedora
Component: pyzor (Show other bugs)
9
All Linux
medium Severity medium
: ---
: ---
Assigned To: Andreas Thienemann
Fedora Extras Quality Assurance
https://issues.apache.org/SpamAssassi...
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-11-02 23:42 EST by D. Wagner
Modified: 2009-07-14 12:50 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-07-14 12:50:53 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description D. Wagner 2008-11-02 23:42:16 EST
Description of problem:

I'm trying to use pyzor with spamassassin.  However, I get this error message via syslog:

Nov  2 20:15:46 senfl spamd[9664]: pyzor: check failed: internal error


Version-Release number of selected component (if applicable):

pyzor-0.4.0-11.fc7.noarch
spamassassin-3.2.5-1.fc9.x86_64


How reproducible:

100% reproducible


Steps to Reproduce:
1. yum install -y pyzor spamassassin
2. service spamassassin restart
3. Check /var/log/maillog
  
Actual results:

You'll see the error message listed above ("pyzor: check failed: internal error").  I can't tell whether pyzor is actually working -- I'm not sure how to check.

Expected results:

No error message.  Pyzor works cleanly.


Additional info:

A websearch suggests that this may be a bug in pyzor that needs to be patched:

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=4580

The patches that are supposedly needed are here:

http://antispam.imp.ch/08-opensource.html?lng=0

However I also saw some messages on various mailing lists saying that the problems persist even after those patches are applied.

I'm not sure what's required to fix this, but it would be nice if pyzor worked out of the box with spamassassin.  I'm not sure whether to classify this as a bug or a request-for-enhancement.
Comment 1 Andreas Thienemann 2008-11-03 06:20:40 EST
A quick check shows this to be a selinux related problem.

Looking further into the issue.

Can you please type in the following:

setenforce 0
service spamassassin restart

Please verify that the error message about the internal failure does _not_ appear in the logs.

Thank you.
Comment 2 D. Wagner 2008-11-04 04:35:48 EST
Indeed!  This does seem related to selinux.  Wow, good catch.  When I followed your instructions to disable setenforce 0 and restart spamassassin, the error message does _not_ appear in the logs any longer.

Moreover I verified that, once SELinux is disabled using setenforce 0, pyzor appears to work.  I checked this by running

spamassassin -D < /usr/share/doc/spamassassin-3.2.5/sample-spam.txt

and checking the output related to pyzor.  Thanks for your help.


I don't know if it's relevant, but I noticed three SELinux alerts in my logs.  After running sealert as instructed, here are the summary lines from each of those alerts (of course once SELinux is disabled with setenforce 0, these are only informative, as you know):

SELinux is preventing spamd (spamd_t) "append" to ./razor-agent.log
(etc_mail_t).
SELinux is preventing pyzor (pyzor_t) "getattr" to
/etc/mail/spamassassin/.pyzor/servers (etc_mail_t).
SELinux is preventing pyzor (pyzor_t) "read" to ./servers (etc_mail_t).

The raw audit messages are as follows:

host=senfl.cs.berkeley.edu type=AVC msg=audit(1225790675.646:58955): avc:  denied  { append } for  pid=21056 comm="spamd" name="razor-agent.log" dev=sda3 ino=9634005 scontext=unconfined_u:system_r:spamd_t:s0 tcontext=unconfined_u:object_r:etc_mail_t:s0 tclass=file

host=senfl.cs.berkeley.edu type=SYSCALL msg=audit(1225790675.646:58955): arch=c000003e syscall=2 success=yes exit=8 a0=7f6cc58e0778 a1=441 a2=1b6 a3=3188b51500 items=0 ppid=1 pid=21056 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=286 comm="spamd" exe="/usr/bin/perl" subj=unconfined_u:system_r:spamd_t:s0 key=(null)

host=senfl.cs.berkeley.edu type=AVC msg=audit(1225790676.113:58957): avc:  denied  { getattr } for  pid=21059 comm="pyzor" path="/etc/mail/spamassassin/.pyzor/servers" dev=sda3 ino=9627350 scontext=unconfined_u:system_r:pyzor_t:s0 tcontext=unconfined_u:object_r:etc_mail_t:s0 tclass=file

host=senfl.cs.berkeley.edu type=SYSCALL msg=audit(1225790676.113:58957): arch=c000003e syscall=4 success=yes exit=0 a0=847ec0 a1=7fff9b70f700 a2=7fff9b70f700 a3=7265767265732f72 items=0 ppid=21056 pid=21059 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=286 comm="pyzor" exe="/usr/bin/python" subj=unconfined_u:system_r:pyzor_t:s0 key=(null)

host=senfl.cs.berkeley.edu type=AVC msg=audit(1225790676.124:58958): avc:  denied  { read } for  pid=21059 comm="pyzor" name="servers" dev=sda3 ino=9627350 scontext=unconfined_u:system_r:pyzor_t:s0 tcontext=unconfined_u:object_r:etc_mail_t:s0 tclass=file

host=senfl.cs.berkeley.edu type=SYSCALL msg=audit(1225790676.124:58958): arch=c000003e syscall=2 success=yes exit=3 a0=847ec0 a1=0 a2=1b6 a3=7f7e936f26f0 items=0 ppid=21056 pid=21059 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=286 comm="pyzor" exe="/usr/bin/python" subj=unconfined_u:system_r:pyzor_t:s0 key=(null)

I mention these in case they are relevant.  They may be related to the way that I set up pyzor/razor to put their files in /etc/mail/spamassassin.
Comment 3 D. Wagner 2008-11-23 21:06:40 EST
Given that this is SELinux related, what would you recommend?  Would you recommend disabling SELinux if one is going to use pyzor?  Thanks again for your help.
Comment 4 Bug Zapper 2009-06-09 23:09:28 EDT
This message is a reminder that Fedora 9 is nearing its end of life.
Approximately 30 (thirty) days from now Fedora will stop maintaining
and issuing updates for Fedora 9.  It is Fedora's policy to close all
bug reports from releases that are no longer maintained.  At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '9'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 9's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that 
we may not be able to fix it before Fedora 9 is end of life.  If you 
would still like to see this bug fixed and are able to reproduce it 
against a later version of Fedora please change the 'version' of this 
bug to the applicable version.  If you are unable to change the version, 
please add a comment here and someone will do it for you.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events.  Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

The process we are following is described here: 
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 5 Bug Zapper 2009-07-14 12:50:53 EDT
Fedora 9 changed to end-of-life (EOL) status on 2009-07-10. Fedora 9 is 
no longer maintained, which means that it will not receive any further 
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of 
Fedora please feel free to reopen this bug against that version.

Thank you for reporting this bug and we are sorry it could not be fixed.

Note You need to log in before you can comment on or make changes to this bug.