Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 167354 - Review Request: amavisd-new
Summary: Review Request: amavisd-new
Keywords:
Status: CLOSED NEXTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: Package Review
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Tom "spot" Callaway
QA Contact: David Lawrence
URL: http://www.ijs.si/software/amavisd/
Whiteboard:
Depends On: 167471 174099
Blocks: FE-ACCEPT
TreeView+ depends on / blocked
 
Reported: 2005-09-01 20:44 UTC by Steven Pritchard
Modified: 2014-03-10 12:52 UTC (History)
9 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2006-02-03 03:30:14 UTC
Type: ---
Embargoed:
gwync: fedora-cvs+


Attachments (Terms of Use)
Correct the db directory for amavisd-agent and amavisd-nanny (deleted)
2005-09-19 13:40 UTC, Julien Tognazzi
no flags Details | Diff

Description Steven Pritchard 2005-09-01 20:44:25 UTC
Spec Name or Url: http://ftp.kspei.com/pub/steve/rpms/amavisd-new/amavisd-new.spec
SRPM Name or Url: http://ftp.kspei.com/pub/steve/rpms/amavisd-new-2.3.2-10.src.rpm
Description:
amavisd-new is a high-performance and reliable interface between mailer
(MTA) and one or more content checkers: virus scanners, and/or
Mail::SpamAssassin Perl module. It is written in Perl, assuring high
reliability, portability and maintainability. It talks to MTA via (E)SMTP
or LMTP, or by using helper programs. No timing gaps exist in the design,
which could cause a mail loss.

Comment 1 Steven Pritchard 2005-09-01 20:52:30 UTC
Must remember to check these things *before* I submit a package...

SRPM URL: http://ftp.kspei.com/pub/steve/rpms/amavisd-new-2.3.3-1.src.rpm

* Thu Sep 01 2005 Steven Pritchard <steve> 2.3.3-1
- Update to 2.3.3
- Remove explicit dependencies on core perl modules


Comment 2 Steven Pritchard 2005-09-02 21:57:03 UTC
I need to bump the perl(Compress::Zlib) requirement to >= 1.35, or remove the
check from the code so we can use it on FC-[34] without an update to
perl-Compress-Zlib.

*sigh*

Comment 3 Steven Pritchard 2005-09-16 21:25:27 UTC
An update to Compress::Zlib was pushed to Core some time ago, so please review.

http://ftp.kspei.com/pub/steve/rpms/amavisd-new-2.3.3-2.src.rpm

* Fri Sep 02 2005 Steven Pritchard <steve> 2.3.3-2
- Requires: perl(Compress::Zlib) >= 1.35


Comment 4 Julien Tognazzi 2005-09-19 13:37:26 UTC
the demo programs amavisd-{agent,nanny} need a patch to look the db in the
proper directory (/var/spool/amavisd/db)

I'll attach it.

Comment 5 Julien Tognazzi 2005-09-19 13:40:36 UTC
Created attachment 118977 [details]
Correct the db directory for amavisd-agent and amavisd-nanny

Comment 6 Steven Pritchard 2005-09-19 14:39:06 UTC
I've applied the patch.  Thanks.

http://ftp.kspei.com/pub/steve/rpms/amavisd-new-2.3.3-3.src.rpm

Comment 7 Julien Tognazzi 2005-09-20 13:55:27 UTC
and what about adding the amavisd-release program ?
It allow to resend quarantined mail, the author explains how to use it, 
cf.
http://groups.google.com/group/mailing.unix.amavis-user/browse_frm/thread/50640aa9c5f182bb/a12b4488cba1cd8d#a12b4488cba1cd8d
(I hope the link will work...)


Comment 8 Nicolas Mailhot 2005-09-20 14:07:20 UTC
Even if it's included enabling quarantine is probably a bad idea for Fedora. Tag
suspicious mail, ask sender to retry if you've got a doubt, and dump everything
else.

Quarantine is IMHO inadequate for small systems. Big organisations can justify
quarantine management and will enable it in the conf file but the Fedora default
should be off.

Comment 9 James Wilkinson 2005-09-21 13:42:14 UTC
Thank you very much for this package. I've been testing it (on x86-64, FWIW) and
it works well.

I note that /etc/amavisd/amavisd.conf mentions:
#   see amavisd.conf-default for a list of all variables with their defaults;
#   see amavisd.conf-sample for a traditional-style commented file;

These files are provided in the tar.gz in the src.rpm, but are not included in
the RPM.

Personally, I'd prefer to see them in the RPM (they do provide worthwhile
documentation), but some sort of consistency might be nice.

Thanks,

James.

Comment 10 Nicolas Mailhot 2005-09-21 13:55:55 UTC
BTW I've been testing with selinux disabled (for other reasons). Is this package
selinux-safe ? Anyone tested it with the new security rules wich landed in
rawhide recently ?

Comment 11 Steven Pritchard 2005-09-21 16:36:32 UTC
http://ftp.kspei.com/pub/steve/rpms/amavisd-new-2.3.3-4.src.rpm has a couple of
extra %doc entries (TODO and amavisd.conf-*).

As for selinux, I have no idea.  It has been broken enough in FC4 that I am
running all my servers either in permissive mode or with selinux disabled
entirely, unfortunately.

Comment 12 Nicolas Mailhot 2005-09-21 17:23:46 UTC
That's why I asked about this. I fear no one is testing it and people will need
it to work later.

Unfortunately, one of the things that stops me from going into enforcing mode is
I haven't figured yet how to authorize the fact my postfix listens on port 24,
so if I go into enforcing mode postfix goes down (and I can't test amavis)

Comment 13 manuel wolfshant 2005-09-22 08:13:06 UTC
I think that the kind guys from fedora-selinux list may assist you on modifying
the policy so as to allow running postfix on port 24.

Comment 14 Paul Howarth 2005-09-22 09:37:35 UTC
If you have selinux-policy-targeted-sources installed, try adding a line to
/etc/selinux/targeted/src/policy/net_contexts

portcon tcp 24 system_u:object_r:smtp_port_t

and then do:

make -C /etc/selinux/targeted/src/policy load



Comment 15 Nicolas Mailhot 2005-09-22 11:29:27 UTC
Thanks for the tip.
However I fear I may have other selinux problems lurking (squirrelmail) so I
won't touch it before I have the time to put everything right.

Also, I'd rather understand the system before meddling with the security policies ;)

Comment 16 James Wilkinson 2005-09-22 12:20:55 UTC
I'm running a pretty unmodified (but "yum update"d) FC4 with current (FC4)
SELinux enabled in enforcing targeted mode. I haven't configured Postfix beyond
installing amavisd and changing some of the main.cf parameters.

As I say, it's all working well for me.

Comment 17 Nicolas Mailhot 2005-09-22 22:23:08 UTC
Well I switched postfix from port 24 to 587 which is more traditional and
victory it's in the default redhat selinux policy

*HOWEVER* selinux still blocked postfix this time when it tried to bind on the
port used to talk to amavis (port 10026 on my box, dunno if your current package
makes the same choice)

So it seems amavisd is not selinux safe in fedora devel

Comment 18 Paul Howarth 2005-09-23 08:33:31 UTC
(In reply to comment #17)
> Well I switched postfix from port 24 to 587 which is more traditional and
> victory it's in the default redhat selinux policy
> 
> *HOWEVER* selinux still blocked postfix this time when it tried to bind on the
> port used to talk to amavis (port 10026 on my box, dunno if your current package
> makes the same choice)
> 
> So it seems amavisd is not selinux safe in fedora devel

You need to take this to fedora-selinux-list now. Dan Walsh hangs out there and
will probably work with you to get the Fdeora SELinux policy fixed so that this
works. That's how I got SELinux support for my Extras pptp package included in
Fedora Core.



Comment 19 James Wilkinson 2005-09-24 08:35:13 UTC
I've just applied the latest selinux-policy-targeted-1.27.1-2.1 from FC4
updates. And it's broken my amavisd install...

Comment 20 Nicolas Mailhot 2005-10-31 10:11:14 UTC
Selinux problems are fixed in Raw Hide. Package works very well for me so far.
Are there no perl gurus available to approve it ?

Comment 21 Rahul Sundaram 2005-10-31 19:38:32 UTC
(In reply to comment #19)
> I've just applied the latest selinux-policy-targeted-1.27.1-2.1 from FC4
> updates. And it's broken my amavisd install...


Its fixed in rawhide. Report to this to bugzilla and request a policy update.

Comment 22 Dennis Gilmore 2005-11-14 23:24:45 UTC
Starting amavisd: Problem in the Amavis::Unpackers code: Archive::Zip version
1.14 required--this is only version 1.12 at (eval 46) line 20.
BEGIN failed--compilation aborted at (eval 46) line 20.

Just as a start  i havent done a full check on the package yet.

Comment 23 James Wilkinson 2005-12-01 12:24:20 UTC
Latest selinux-policy-targeted-1.27.1-2.14.noarch fixes it: thanks.

Comment 24 Nicolas Mailhot 2006-01-08 12:51:03 UTC
A new perl-Net-Server will be pushed to FE soonish. Please test

Comment 25 Nicolas Mailhot 2006-01-16 23:17:14 UTC
And while I'm a it, I've updated perl-Convert-UUlib too

(still happily running Steve's original package 24h/24 7j/j since last september
at least without any hitch - can't anyone approve this?)

Comment 26 Tom "spot" Callaway 2006-01-17 04:21:29 UTC
Since there are no obvious showstoppers in this bug ticket, I'll review this:

Good:

- rpmlint checks return:
E: amavisd-new non-standard-uid /var/spool/amavisd/db amavis
E: amavisd-new non-standard-gid /var/spool/amavisd/db amavis
E: amavisd-new non-standard-dir-perm /var/spool/amavisd/db 0700
W: amavisd-new dangling-relative-symlink /usr/sbin/clamd.amavisd clamd
E: amavisd-new non-standard-uid /var/spool/amavisd amavis
E: amavisd-new non-standard-gid /var/spool/amavisd amavis
E: amavisd-new non-standard-dir-perm /var/spool/amavisd 0700
E: amavisd-new non-standard-uid /var/run/amavisd amavis
E: amavisd-new non-standard-gid /var/run/amavisd amavis
E: amavisd-new non-standard-uid /var/spool/amavisd/tmp amavis
E: amavisd-new non-standard-gid /var/spool/amavisd/tmp amavis
E: amavisd-new non-standard-dir-perm /var/spool/amavisd/tmp 0700
E: amavisd-new init-script-name-with-dot /etc/rc.d/init.d/clamd.amavisd
E: amavisd-new no-status-entry /etc/rc.d/init.d/clamd.amavisd
W: amavisd-new no-reload-entry /etc/rc.d/init.d/clamd.amavisd
E: amavisd-new subsys-not-used /etc/rc.d/init.d/clamd.amavisd
E: amavisd-new incoherent-subsys /etc/rc.d/init.d/amavisd ${prog_base}

I think all of these are safe to ignore.

- package meets naming guidelines
- package meets packaging guidelines
- license (GPL) OK, text in %doc, matches source
- spec file legible, in am. english
- source matches upstream
- package compiles on devel (x86)
- no missing BR
- no unnecessary BR
- no locales
- not relocatable
- owns all directories that it creates
- no duplicate files
- permissions ok
- %clean ok
- macro use consistent
- code, not content
- no need for -docs
- nothing in %doc affects runtime
- no need for .desktop file

APPROVED.

Comment 27 Ville Skyttä 2006-01-17 06:35:19 UTC
(In reply to comment #25)
> (still happily running Steve's original package 24h/24 7j/j since last september
> at least without any hitch - can't anyone approve this?)

You know you could have done that yourself, right?

Comment 28 Nicolas Mailhot 2006-01-17 08:25:00 UTC
Thanks Tom.

Ville: I'm not going to approve a perl package which processes insecure data. At
least not before taking a few perl tutorials/courses first. You can call me
paranoïd if you like, but perl is very low in my trust scale, and I don't know
it enough to do an educated evaluation.

(and yes I'm ready to trust my own data to a package I wouldn't approve - but
then I've been running rawhide for more years I care to remember now)

Comment 29 Paul Wouters 2006-01-20 06:54:15 UTC
when updating from your first to your last rpm, I noticed amavisd is restarted
twice:

[root@cdc ~]# rpm -Uhv /usr/src/redhat/RPMS/noarch/amavisd-new-2.3.3-4.noarch.rpm
Preparing...                ########################################### [100%]
   1:amavisd-new            warning: /etc/amavisd/amavisd.conf created as
/etc/amavisd/amavisd.conf.rpmnew
########################################### [100%]
Shutting down amavisd: Can't SIGTERM amavisd[1337]: No such process at
/usr/sbin/amavisd line 8983., can't stop the process
[FAILED]

Starting amavisd: Pid_file "/var/run/amavisd/amavisd.pid" already exists. 
Overwriting!
[  OK  ]

Stopping clamd.amavisd: [  OK  ]
Starting clamd.amavisd: [  OK  ]
[root@cdc ~]#

More importantly, amavisd never starts for me. It goes through a lot of good
messages and then ends with an error:
Jan 20 01:54:19 cdc amavis[1588]: Found decoder for    .zoo  at /usr/bin/zoo
Jan 20 01:54:19 cdc amavis[1588]: Found decoder for    .lha  at /usr/bin/lha
Jan 20 01:54:19 cdc amavis[1588]: Found decoder for    .cab  at /usr/bin/cabextract
Jan 20 01:54:19 cdc amavis[1588]: No decoder for       .tnef tried: tnef
Jan 20 01:54:19 cdc amavis[1588]: Internal decoder for .tnef
Jan 20 01:54:19 cdc amavis[1588]: Found decoder for    .exe  at /usr/bin/unrar;
/usr/bin/lha; /usr/bin/unarj
Jan 20 01:54:19 cdc amavis[1588]: Using internal av scanner code for (primary)
ClamAV-clamd
Jan 20 01:54:19 cdc amavis[1588]: Found secondary av scanner ClamAV-clamscan at
/usr/bin/clamscan
Jan 20 01:54:19 cdc amavis[1588]: TROUBLE in pre_loop_hook: db_init: BDB bad db
env. at /var/spool/amavisd/db: Invalid argument, . at (eval 37) line 244.

[root@cdc amavisd]# ls -al /var/spool/amavisd/db/
total 8
drwx------  2 amavis amavis 4096 Jan 20 01:48 .
drwx------  5 amavis amavis 4096 Jan 20 01:49 ..

This is a FC4-updated machine.

[root@cdc amavisd]# rpm -V amavisd-new
[root@cdc amavisd]# rpm -q amavisd-new
amavisd-new-2.3.3-4


Comment 30 Steven Pritchard 2006-01-20 15:35:29 UTC
I haven't seen that error before.  Had you been using the old rpm, or did you
just have it installed?

For that matter, do you know which old rpm you were using?

Comment 31 Nicolas Mailhot 2006-01-20 18:52:17 UTC
How about pushing the current version to FE so everyone can use the same
reference package ? Then we can forget about the pre-inclusion versions

Comment 32 Paul Wouters 2006-01-20 19:03:15 UTC
I used the first rpm you put up, had that error and then found your latest rpm,
and did a rpm -U.

An strace ends with problems for BDB and "Destroy". But I did install the FE
BerkeleyDB rpm as well.

My guess was this could be some missing perl dependancy, but I cannot figure out
the package that would be missing.


Comment 33 Paul Wouters 2006-01-20 19:21:33 UTC
One additional note, I don't think it should matter, but this is within a xen2
FC4 xenu

Comment 34 Paul Wouters 2006-01-25 03:11:08 UTC
I'm still trying to debug this and get amavisd-new running. Looking a bit
further into my db error, I noticed:

 ["DBI:SQLite:dbname=$MYHOME/sql/mail_prefs.sqlite", '', ''] );

Howeverm there is no 'sql' directory included with amavisd-new in the rpm.
Perhaps either the sqlite depedancy needs to be dropped, or this file needs to
be included?

Comment 35 Paul Wouters 2006-01-25 03:12:55 UTC
also, there is a note saying: 

#NOTE: create directories $MYHOME/tmp, $MYHOME/var, $MYHOME/db manually

However, $MYHOME/var is not created by the rpm.


Comment 36 Paul Wouters 2006-01-25 03:22:12 UTC
I finally found the reason for my failure, which is the following line:

$enable_db = 1 

checking the build shipped config file shows:

[root@cdc amavisd]# grep enable_db
/usr/src/redhat/BUILD/amavisd-new-2.3.3/amavisd.conf*
/usr/src/redhat/BUILD/amavisd-new-2.3.3/amavisd.conf:$enable_db = 1;           
  # enable use of BerkeleyDB/libdb (SNMP and nanny)
/usr/src/redhat/BUILD/amavisd-new-2.3.3/amavisd.conf:$enable_global_cache = 1; 
  # enable use of libdb-based cache if $enable_db=1
/usr/src/redhat/BUILD/amavisd-new-2.3.3/amavisd.conf-default:# $enable_db = 0;
/usr/src/redhat/BUILD/amavisd-new-2.3.3/amavisd.conf-sample:$enable_db = 1;    
         # enable use of BerkeleyDB/libdb (SNMP and nanny)
/usr/src/redhat/BUILD/amavisd-new-2.3.3/amavisd.conf-sample:$enable_global_cache
= 1;    # enable use of libdb-based cache if $enable_db=1

So I believe it did ship with $enable_db=1

So either this functionality is broken, or more likely, something else needs to
happen that I have not yet done, but which was already dont on the server of the
rpm builder.


Comment 37 Steven Pritchard 2006-02-03 03:30:14 UTC
Please open a new bug if you can reproduce the problem with 2.3.3-5 when it
comes out of the build system.

Comment 38 Juan Orti 2014-02-11 21:45:10 UTC
Package Change Request
======================
Package Name: amavisd-new
New Branches: 
Owners: jorti steve kanarip
InitialCC: perl-sig

steve is unresponsive, so I want to take over the package. See:
https://lists.fedoraproject.org/pipermail/devel/2014-February/195318.html
https://lists.fedoraproject.org/pipermail/devel/2014-January/194940.html

Comment 39 Gwyn Ciesla 2014-02-12 12:59:24 UTC
Git done (by process-git-requests).

Comment 40 Juan Orti 2014-03-10 12:34:50 UTC
Package Change Request
======================
Package Name: amavisd-new
New Branches: f20 f19 el5 el6 epel7
Owners: jorti steve kanarip
InitialCC: perl-sig

I already have the ownership of the devel branch, I ask to take the ownership of the remaining branches. In epel, the user janfrode has commit rights, please, keep them.
https://fedorahosted.org/fesco/ticket/1233

Comment 41 Gwyn Ciesla 2014-03-10 12:52:54 UTC
Git done (by process-git-requests).


Note You need to log in before you can comment on or make changes to this bug.