Alexander Dalloz
2021-Nov-21 22:03 UTC
[CentOS] New Server and noticing these maillog postfix entries: What to do about them?
Am 21.11.2021 um 22:36 schrieb Jay Hart: [ ... ]> [root at dream spamassassin]# postconf -n |grep milter > milter_default_action = accept > milter_protocol = 6 > non_smtpd_milters = $smtpd_milters > smtpd_milters = unix:/run/spamass-milter/spamass-milter.sockOk. I expect you have specified the spamass-milter by purpose.> [root at dream spamassassin]# ls -al /var/run/spamass-milter/spamass-milter.sock > srwxr-xr-x. 1 sa-milt sa-milt 0 Nov 20 23:28 /var/run/spamass-milter/spamass-milter.sock > > Two things: > 1. should the 'smtpd_milters' path be /var/run... vice unix:/run...You know that there are unix sockets and tcp sockets? "unix:/path" just declares a unix type socket within the main.cf.> 2. I just noticed I have two spamass-milter sockets running: > > [root at dream spamass-milter]# ls -al /var/run/spamass-milter/spamass-milter.sock > srwxr-xr-x. 1 sa-milt sa-milt 0 Nov 20 23:28 /var/run/spamass-milter/spamass-milter.sock > > [root at dream spamass-milter]# ls -al /run/spamass-milter/spamass-milter.sock > srwxr-xr-x. 1 sa-milt sa-milt 0 Nov 20 23:28 /run/spamass-milter/spamass-milter.sockIt shouldn't be new to you that /var/run is a symlink to /run. So you don't have to distinguish sockets. You haven't checked the whole path permissions up to the socket. namei -lv /run/spamass-milter/spamass-milter.sock Postfix must be able to reach the unix socket file. One way to achieve that is putting the postfix user in the sa-milt group. Or configure the spamass milter to provide a tcp socket and attach to that one within Postfix. Thus you would not have to care for path and file permissions.> [root at dream share]# ss -l |grep spam > u_str LISTEN 0 128 /run/spamass-milter/spamass-milter.sock 185043 > > [root at dream share]# ss -pl |grep spam > u_str LISTEN 0 128 /run/spamass-milter/spamass-milter.sock 185043 * 0 > users:(("spamass-milter",pid=16657,fd=4)) > u_dgr UNCONN 0 0 * 198745 * 14567 > users:(("spamd child",pid=17925,fd=4),("spamd child",pid=17924,fd=4),("spamd",pid=17891,fd=4)) > u_dgr UNCONN 0 0 * 185042 * 14567 > users:(("spamass-milter",pid=16657,fd=3)) > tcp LISTEN 0 128 127.0.0.1:783 0.0.0.0:* > users:(("spamd child",pid=17925,fd=6),("spamd child",pid=17924,fd=6),("spamd",pid=17891,fd=6)) > tcp LISTEN 0 128 [::1]:783 [::]:* > users:(("spamd child",pid=17925,fd=5),("spamd child",pid=17924,fd=5),("spamd",pid=17891,fd=5)) > > Been hunting around in the configs trying to determine why I got two processes running...Still looking into this. > > Thanks, > > JayAlexander
Jay Hart
2021-Nov-21 22:22 UTC
[CentOS] New Server and noticing these maillog postfix entries: What to do about them?
> Am 21.11.2021 um 22:36 schrieb Jay Hart: > > [ ... ] > >> [root at dream spamassassin]# postconf -n |grep milter >> milter_default_action = accept >> milter_protocol = 6 >> non_smtpd_milters = $smtpd_milters >> smtpd_milters = unix:/run/spamass-milter/spamass-milter.sock > > Ok. I expect you have specified the spamass-milter by purpose. > >> [root at dream spamassassin]# ls -al /var/run/spamass-milter/spamass-milter.sock >> srwxr-xr-x. 1 sa-milt sa-milt 0 Nov 20 23:28 /var/run/spamass-milter/spamass-milter.sock >> >> Two things: >> 1. should the 'smtpd_milters' path be /var/run... vice unix:/run... > > You know that there are unix sockets and tcp sockets? "unix:/path" just > declares a unix type socket within the main.cf. > >> 2. I just noticed I have two spamass-milter sockets running: >> >> [root at dream spamass-milter]# ls -al /var/run/spamass-milter/spamass-milter.sock >> srwxr-xr-x. 1 sa-milt sa-milt 0 Nov 20 23:28 /var/run/spamass-milter/spamass-milter.sock >> >> [root at dream spamass-milter]# ls -al /run/spamass-milter/spamass-milter.sock >> srwxr-xr-x. 1 sa-milt sa-milt 0 Nov 20 23:28 /run/spamass-milter/spamass-milter.sock > > It shouldn't be new to you that /var/run is a symlink to /run. So you > don't have to distinguish sockets. > > You haven't checked the whole path permissions up to the socket. > > namei -lv /run/spamass-milter/spamass-milter.sock >[root at dream spamass-milter]# namei -lv /run/spamass-milter/spamass-milter.sock f: /run/spamass-milter/spamass-milter.sock dr-xr-xr-x root root / drwxr-xr-x root root run drwx--x--x sa-milt sa-milt spamass-milter srwxr-xr-x sa-milt sa-milt spamass-milter.sock> Postfix must be able to reach the unix socket file. One way to achieve > that is putting the postfix user in the sa-milt group. > Or configure the spamass milter to provide a tcp socket and attach to > that one within Postfix. Thus you would not have to care for path and > file permissions.[root at dream files]# more /etc/group |grep post mail:x:12:postfix,dovecot postdrop:x:90: postfix:x:89: sa-milt:x:967:postfix How would I change to a TCP socket? That sounds like a better way for me to do this. I'm out of my knowledge area now...> >> [root at dream share]# ss -l |grep spam >> u_str LISTEN 0 128 /run/spamass-milter/spamass-milter.sock 185043 >> >> [root at dream share]# ss -pl |grep spam >> u_str LISTEN 0 128 /run/spamass-milter/spamass-milter.sock 185043 * 0 >> users:(("spamass-milter",pid=16657,fd=4)) >> u_dgr UNCONN 0 0 * 198745 * 14567 >> users:(("spamd child",pid=17925,fd=4),("spamd child",pid=17924,fd=4),("spamd",pid=17891,fd=4)) >> u_dgr UNCONN 0 0 * 185042 * 14567 >> users:(("spamass-milter",pid=16657,fd=3)) >> tcp LISTEN 0 128 127.0.0.1:783 0.0.0.0:* >> users:(("spamd child",pid=17925,fd=6),("spamd child",pid=17924,fd=6),("spamd",pid=17891,fd=6)) >> tcp LISTEN 0 128 [::1]:783 [::]:* >> users:(("spamd child",pid=17925,fd=5),("spamd child",pid=17924,fd=5),("spamd",pid=17891,fd=5)) >> >> Been hunting around in the configs trying to determine why I got two processes running...Still looking into this. >> >> Thanks, >> >> Jay > > Alexander > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos >