Results 1 to 8 of 8
  1. #1
    Join Date
    Jul 2009
    Location
    Austin TX
    Posts
    16

    spamd - still running as root: user not specified with -u.. falling back to nobody

    Hello Web Hosting Experts,

    I am pretty sure that the following entries in the logs are not good and I would like to resolve this issue. I have been reading on Google for several hours straight looking for answers and have come up short.

    Code:
    [/var/log]# grep -i -C4 failed maillog | tail -18
    Jul 29 10:12:29 bamboo spamd[31310]: spamd: setuid to root succeeded
    Jul 29 10:12:29 bamboo spamd[31310]: spamd: still running as root: user not specified with -u, not found, or set to root, falling back to nobody
    Jul 29 10:12:29 bamboo spamd[31310]: spamd: processing message <[email protected]> for root:99
    Jul 29 10:12:29 bamboo spamd[31310]: auto-whitelist: open of auto-whitelist file failed: locker: safe_lock: cannot create tmp lockfile /.spamassassin/auto-whitelist.lock.bamboo.site.com.31310 for /.spamassassin/auto-whitelist.lock: No such file or directory
    Jul 29 10:12:29 bamboo spamd[31310]: spamd: identified spam (1000.0/5.0) for root:99 in 0.0 seconds, 834 bytes.
    Jul 29 10:12:29 bamboo spamd[31310]: spamd: result: Y 999 - GTUBE,NO_RECEIVED,NO_RELAYS scantime=0.0,size=834,user=root,uid=99,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=51609,mid=<[email protected]>,autolearn=no,shortcircuit=no
    Jul 29 10:12:29 bamboo pop3d: Connection, ip=[::ffff:127.0.0.1]
    Jul 29 10:12:29 bamboo pop3d: LOGOUT, ip=[::ffff:127.0.0.1]
    --
    Jul 29 10:17:30 bamboo spamd[31310]: spamd: connection from localhost [127.0.0.1] at port 54122
    Jul 29 10:17:30 bamboo spamd[31310]: spamd: setuid to root succeeded
    Jul 29 10:17:30 bamboo spamd[31310]: spamd: still running as root: user not specified with -u, not found, or set to root, falling back to nobody
    Jul 29 10:17:30 bamboo spamd[31310]: spamd: processing message <[email protected]> for root:99
    Jul 29 10:17:30 bamboo spamd[31310]: auto-whitelist: open of auto-whitelist file failed: locker: safe_lock: cannot create tmp lockfile /.spamassassin/auto-whitelist.lock.bamboo.site.com.31310 for /.spamassassin/auto-whitelist.lock: No such file or directory
    Jul 29 10:17:30 bamboo spamd[31310]: spamd: identified spam (1000.0/5.0) for root:99 in 0.0 seconds, 834 bytes.
    Jul 29 10:17:30 bamboo spamd[31310]: spamd: result: Y 999 - GTUBE,NO_RECEIVED,NO_RELAYS scantime=0.0,size=834,user=root,uid=99,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=54122,mid=<[email protected]>,autolearn=no,shortcircuit=no
    Jul 29 10:17:30 bamboo pop3d: Connection, ip=[::ffff:127.0.0.1]
    Jul 29 10:17:30 bamboo pop3d: LOGOUT, ip=[::ffff:127.0.0.1]
    I mentioned to my friend that perhaps this would fix the issue however would it pose a security risk and is it even the right way to address this because I don't want to just mask the underlying issue?

    Code:
    chgrp -R nobody .spamassassin; chmod -R 774 .spamassassin


    I tried the advice here and it didn't help.

    I hate asking for advice but how do I fix this?

    Here is the setup:

    Code:
    cPanel 11.24.5-R37629 - WHM 11.24.2 - X 3.9
    CENTOS 5.3 i686 standard on bamboo
    Code:
    Linux bamboo.site.com 2.6.18-128.1.14.el5PAE #1 SMP Wed Jun 17 07:15:54 EDT 2009 i686 i686 i386 GNU/Linux
    Last edited by dbmathis; 07-29-2009 at 10:34 AM.

  2. #2
    Join Date
    Apr 2009
    Posts
    184
    1) Login to whm root go to Main >> Service Configuration >> Service Manager an uncheck spamd.

    2) Main >> Server Configuration >> Tweak Settings and uncheck SpamAssassin Spam Filter

    3) Login to root ssh and type /scripts/upcp --force

    I think this will solve your issue.
    Offering Reliable Shared, Reseller, Master Reseller and Shoutcast Hosting.
    High Performance VPS Hosting with 99.9% Uptime.
    Providing
    Hosting Since 2006 Locally and Since 2008 Globally.

  3. #3
    Join Date
    Jul 2009
    Location
    Austin TX
    Posts
    16
    Thanks linux2k,

    The problem with your solution is that I want spamd running . I do appreciate the suggestion to turn it off though.

    Does anyone else have any suggestions of how to fix this?

  4. #4
    Join Date
    Apr 2009
    Posts
    184
    spamd is not a good way to prevent spaming.
    There are many other ways which you can use for prevent spam.
    You can setup RBL in exim and can also setup cpanel_exim_system_filter for commen spams.
    Offering Reliable Shared, Reseller, Master Reseller and Shoutcast Hosting.
    High Performance VPS Hosting with 99.9% Uptime.
    Providing
    Hosting Since 2006 Locally and Since 2008 Globally.

  5. #5
    Join Date
    Jul 2009
    Location
    Austin TX
    Posts
    16
    Ok, Thanks. I will give the options you have mentioned here consideration.

    Does anyone know how to get this particular error fixed in case I would like to keep spamd running?

  6. #6
    Join Date
    Jul 2009
    Location
    Austin TX
    Posts
    16
    Ok, after hours of working on this I figured out a solution and would like to share it, just in case someone else runs into this. I' running WHM / cPanel and this spamd configuration is a global setup rather than a user based setup.

    First I found the script the restarts spamd: /scripts/restartsrv_spamd. There was also a start script and a cpanel start script but they both pointed to /scripts/restartsrv_spamd. I will mark the important parts as I go.

    I opened up /scripts/restartsrv_spamd and saw this...

    Code:
    use strict;
    use cPScript::OSSys       ();
    use cPScript::CleanupStub ();
    use RestartSrv; <-- Important
    and...

    Code:
            else {
                my $spamdoptions = getspamdopts(); <-- Important
                doomedprocess('spamd');
    
                # Bludgeon spamd because it doesn't play nice
                if ( $system =~ m/freebsd/i ) {
                    system '/scripts/ckillall', '-TERM', 'spamd -d';
                }
    
                if ( $restart != -1 ) {
                    if ( -x '/usr/bin/spamd' ) {
                        $ENV{'LANG'}   = 'C';
                        $ENV{'LC_ALL'} = 'C';
                        system "/usr/bin/spamd -d $spamdoptions"; <-- Important
                    }
                    elsif ( -x '/usr/local/bin/spamd' ) {
                        $ENV{'LANG'}   = 'C';
                        $ENV{'LC_ALL'} = 'C';
                        system("/usr/local/bin/spamd -d $spamdoptions"); <-- Important
                    }
                }
            }
    Changed this to..

    Code:
            else {
                my $spamdoptions = getspamdopts();
                doomedprocess('spamd');
    
                # Bludgeon spamd because it doesn't play nice
                if ( $system =~ m/freebsd/i ) {
                    system '/scripts/ckillall', '-TERM', 'spamd -d';
                }
    
                if ( $restart != -1 ) {
                    if ( -x '/usr/bin/spamd' ) {
                        $ENV{'LANG'}   = 'C';
                        $ENV{'LC_ALL'} = 'C';
                        system "/usr/bin/spamd -d -x -u spamd $spamdoptions";
                    }
                    elsif ( -x '/usr/local/bin/spamd' ) {
                        $ENV{'LANG'}   = 'C';
                        $ENV{'LC_ALL'} = 'C';
                        system("/usr/local/bin/spamd -d -x -u spamd $spamdoptions");
                    }
                }
            }
    Next I figured that getspamdopts() was a function of a perl module, specifically RestartSrv.pm.

    I popped open RestartSrv.pm and changed the following...

    Code:
    sub getspamdopts {
        my $cpspamdconf     = '/etc/cpspamd.conf';
        my $spamdoptions    = '';
        my $socketpath      = '';
        my $allowedips      = '--allowed-ips=127.0.0.1';
        my $maxconnperchild = '';
        my $maxchildren     = '--max-children=5';
        my $maxspare        = '';
        my $pidfile         = '--pidfile=/var/run/spamd.pid';
        my $localonly       = '';
        my $timeouttcp      = '';
        my $timeoutchild    = '';
        if ( -e $cpspamdconf ) {
            open( SPAMD, "<", $cpspamdconf );
            while (<SPAMD>) {
                if ( !(/^[\s\t]*$/) && !(/^[\s\t]*\#.*$/) ) {
                    chomp();
                    my ( $option, $value ) = split( '=', $_ );
                    next if ( !defined $value || $value eq '' );
                    if ( $option eq 'allowedips' ) {
                        $allowedips = "--allowed-ips=${value}";
                    }
                    elsif ( $option eq 'socketpath' ) {
                        $socketpath = "--socketpath=${value}";
                    }
                    elsif ( $option eq 'maxconnperchild' ) {
                        $maxconnperchild = "--max-conn-per-child=${value}";
                    }
                    elsif ( $option eq 'maxspare' ) {
                        $maxspare = "--max-spare=${value}";
                    }
                    elsif ( $option eq 'maxchildren' ) {
                        $maxchildren = "--max-children=${value}";
                    }
                    elsif ( $option eq 'pidfile' ) {
                        $pidfile = "--pidfile=${value}";
                    }
                    elsif ( $option eq 'local' ) {
                        $localonly = '--local';
                    }
                    elsif ( $option eq 'timeouttcp' ) {
                        $timeouttcp = "--timeout-tcp=${value}";
                    }
                    elsif ( $option eq 'timeoutchild' ) {
                        $timeoutchild = "--timeout-child=${value}";
                    }
                }
            }
        }
        close(SPAMD);
        $spamdoptions = $localonly . ' ' . $timeoutchild . ' ' . $timeouttcp . ' ' . ( $socketpath ? $socketpath : $allowedips ) . ' ' . $maxconnperchild . ' ' . $pidfile . ' \
    ' . $maxchildren . ' ' . $maxspare;
        return $spamdoptions;
    }
    Changed it to...

    Code:
    sub getspamdopts {
        my $cpspamdconf     = '/etc/cpspamd.conf';
        my $spamdoptions    = '';
        my $socketpath      = '';
        my $allowedips      = '--allowed-ips=127.0.0.1';
        my $maxconnperchild = '';
        my $maxchildren     = '--max-children=5';
        my $maxspare        = '';
        my $pidfile         = '--pidfile=/var/run/spamd.pid';
        my $localonly       = '';
        my $timeouttcp      = '';
        my $timeoutchild    = '';
        my $vconfigdir      = '--virtual-config-dir=/srv/Mail/spamassassin';
        my $createprefs     = '--create-prefs';
        my $helperhomedir   = '--helper-home-dir';
        if ( -e $cpspamdconf ) {
            open( SPAMD, "<", $cpspamdconf );
            while (<SPAMD>) {
                if ( !(/^[\s\t]*$/) && !(/^[\s\t]*\#.*$/) ) {
                    chomp();
                    my ( $option, $value ) = split( '=', $_ );
                    next if ( !defined $value || $value eq '' );
                    if ( $option eq 'allowedips' ) {
                        $allowedips = "--allowed-ips=${value}";
                    }
                    elsif ( $option eq 'socketpath' ) {
                        $socketpath = "--socketpath=${value}";
                    }
                    elsif ( $option eq 'maxconnperchild' ) {
                        $maxconnperchild = "--max-conn-per-child=${value}";
                    }
                    elsif ( $option eq 'maxspare' ) {
                        $maxspare = "--max-spare=${value}";
                    }
                    elsif ( $option eq 'maxchildren' ) {
                        $maxchildren = "--max-children=${value}";
                    }
                    elsif ( $option eq 'pidfile' ) {
                        $pidfile = "--pidfile=${value}";
                    }
                    elsif ( $option eq 'local' ) {
                        $localonly = '--local';
                    }
                    elsif ( $option eq 'timeouttcp' ) {
                        $timeouttcp = "--timeout-tcp=${value}";
                    }
                    elsif ( $option eq 'timeoutchild' ) {
                        $timeoutchild = "--timeout-child=${value}";
                    }
                }
            }
        }
        close(SPAMD);
        $spamdoptions = $localonly . ' ' . $timeoutchild . ' ' . $timeouttcp . ' ' . ( $socketpath ? $socketpath : $allowedips ) . ' ' . $maxconnperchild . ' ' . $pidfile . ' \
    ' . $maxchildren . ' ' . $maxspare . ' ' . $vconfigdir . ' ' . $createprefs . ' ' . $helperhomedir;
        return $spamdoptions;
    }
    Then I added the user spamd to the system..

    Than I added dir /srv/Mail/spamassassin/ and did a chgrp -R spamd spamassassin; chmod -R 774 spamassassin

    Then I restarted spamd with /scripts/restartsrv_spamd

    Fixed
    Last edited by dbmathis; 07-30-2009 at 01:18 AM.

  7. #7
    Join Date
    Jul 2009
    Location
    Austin TX
    Posts
    16
    Well.... The above worked fine until spamd got automatically updated and all of my changes got wiped out.
    Last edited by dbmathis; 07-31-2009 at 06:35 PM.

  8. #8
    Join Date
    Jul 2009
    Location
    Austin TX
    Posts
    16
    Now that I know how this works I was able to configure this to work with upgrades and without modifying perl modules. I used the spamdconf cpanel plugin in conjuntion with the new spamd user I created earlier.

    I see no reason to use the --virtual-config-dir=/srv/Mail/spamassassin at this point and will simply let spamd default to dir .spamassassin in the spamd user's home dir.

    Step 1) WHM -> Plugin Manager -> Enable spamdconf
    Step 2) WHM -> Bottom Left -> Plugins -> Setup Spamd Startup
    Step 3) Add 5 -x -u spamd --create-prefs --helper-home-dir to Maximum Children and hit Submit.

    spamd and mail will restart and problem will be fixed without editing code and will survive upgrades. Make sure to change the 5 above to whatever amount of children that you require if you choose to use this duck tape job.

    The reason I did it this way is because /scripts/restartsrv_spamd and /scripts/RestartSrv.pm are statically coded to accept only a few options from the /etc/cpspamd.conf, of which non are the options I need. I could have done a better job writing these scripts and would like to do a better job however when I alter the files the upgrade simply overwrites my changes.

    Too bad cpanel and spamd don't play well together by default. Please speak up if anyone happens to have a more elegant solution.

    This solution works so REJOICE!
    Last edited by dbmathis; 07-31-2009 at 08:39 PM.

Similar Threads

  1. why User root is running process httpd all time?
    By papiandy in forum Hosting Security and Technology
    Replies: 17
    Last Post: 07-07-2009, 06:23 AM
  2. stuck spamd processes by user
    By chamelion in forum Hosting Security and Technology
    Replies: 2
    Last Post: 02-19-2008, 06:49 AM
  3. spamd constantly running as user
    By chamelion in forum VPS Hosting
    Replies: 2
    Last Post: 02-07-2007, 04:36 PM
  4. running apache as a non-root user
    By goodness0001 in forum Hosting Security and Technology
    Replies: 5
    Last Post: 11-30-2002, 12:27 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •