# [SOLVED] dovecot antispam permission weirdness

## fidel

I am running a postfix - dovecot - dspam setup that has been running successully for a while. After the last update I realized that moving mails to my spam folder does not work anymore.

The setup is mainly the following:

/etc/dovecot/dovecot.conf:

```

...

first_valid_gid = 12

first_valid_uid = 8

last_valid_gid = 12

last_valid_uid = 8

..

plugin {

    # antispam

    antispam_backend = dspam

    antispam_dspam_args = --client;--user;%u;--source=error;--signature=%%s

    antispam_dspam_binary = /usr/bin/dspam

    antispam_signature = X-DSPAM-Signature

    antispam_signature_missing = error

    antispam_spam = INBOX.Spam;INBOX.Junk

    antispam_spam_pattern_ignorecase = INBOX.SPAM;INBOX.JUNK

    antispam_trash = INBOX.trash;trash;INBOX.Trash;Trash;INBOX.Deleted Items;Deleted Items;INBOX.Deleted Messages;Deleted Messages

    antispam_trash_pattern_ignorecase = INBOX.deleted*;INBOX.gel&APY-scht*;INBOX.gelÃ¶scht*;INBOX.gel&ANY-scht*

..

service auth {

    unix_listener saslauth {

        group = mail

        mode = 0660

        user = mail

    }

    unix_listener auth-master {

        group = mail

        mode = 0600

        user = mail

    }

    unix_listener auth-userdb {

        group = mail

        mode = 0600

        user = mail

    }

}

```

Now when I try to move a spam message to the spam folder, the message does not get dropped in the spam folder, instead it appears in the inbox again. In the logfile I can then find:

```
 # tail /var/log/mail/current

Sep 09 09:46:07 [dspam] Unable to open file for reading: /etc/dspam/dspam.conf: Permission denied

Sep 09 09:46:07 [dspam] Unable to read dspam.conf
```

I really feel stupid - why on earth this file cannot be read????

```

# id dspam

uid=1002(dspam) gid=1005(dspam) Gruppen=1005(dspam),12(mail)

# id dovecot

uid=97(dovecot) gid=97(dovecot) Gruppen=97(dovecot)

```

I tried the following - none of them works!

```

# ls -lh /etc/dspam/dspam.conf

-rw-r----- 1 dspam dovecot 36K 23. Aug 07:01 /etc/dspam/dspam.conf

```

```

# ls -lh /etc/dspam/dspam.conf

-rw-r----- 1 dspam mail 36K 23. Aug 07:01 /etc/dspam/dspam.conf

```

I don't want the file to be world-readable, it has a database access configuration in it.

Please help - how can I find out, which user gets used for calling dspam from dovecot delivery and training? How can I configure this?...

[EDIT]

I now remember that I had to change the permissions of /usr/bin/dspam so my setup worked. I changed it to:

```
# l /usr/bin/dspam

-r-x--s--- 1 dspam mail 100K 22. Aug 21:46 /usr/bin/dspam
```

So if the permissions of /etc/dspam/dspam.conf look like this:

```
# l /etc/dspam/dspam.conf

-rw-r----- 1 dspam mail 36K 23. Aug 07:01 /etc/dspam/dspam.conf
```

How can this happen?:

```
Sep 09 11:29:06 [dspam] Unable to open file for reading: /etc/dspam/dspam.conf: Permission denied

Sep 09 11:29:06 [dspam] Unable to read dspam.conf
```

??.. now I am really confused!   :Confused: Last edited by fidel on Tue Sep 18, 2012 5:48 pm; edited 1 time in total

----------

## fidel

Ok, I had to change the binary /usr/bin/dspam to u+s instead of g+s ..   :Embarassed: 

```
# ls -lh /usr/bin/dspam

-r-sr-x--- 1 dspam mail 100K 22. Aug 21:46 /usr/bin/dspam

# ls -lh /etc/dspam/dspam.conf

-rw-r----- 1 dspam dspam 36K 23. Aug 07:01 /etc/dspam/dspam.conf
```

So now everybody in the mail group can execute the binary /usr/bin/dspam and turns into user dspam doing so. Therefore the config file /etc/dspam/dspam.conf only needs to be readable by the user dspam.

----------

