SpamAssassin stopped working after Slackware upgrade
#157 Henry, Thursday, 28 June 2012 1:36 PM (Category: Email)
(Tags: spamassassin)

At 10:39 I did a slackpkg upgrade on my mailserver. After that, I noticed a lot of spam slipping through into my mailbox. In the afternoon, Anne phoned and complained about how much spam she was suddenly getting. Well dang. I had been so busy with other issues on my desktops after the upgrade I hadn't bothered paying attention to the mailserver.

I looked in the mail logs.

Jun 28 14:10:30 moshie sm-mta[10283]: q5SIAUPO010283: Milter (spamassassin): local socket
name /var/run/spamass.sock unsafe
Jun 28 14:10:30 moshie sm-mta[10283]: q5SIAUPO010283: Milter (spamassassin): to error state

It doesn't like something about the socket file /var/run/spamass.sock, so it refuses to continue. I looked at that file, and it looked okay to me. I did a Google search and got a bunch of entries from 2003 that didn't tell me anything. So maybe the upgrade needs the mail chain restarted. I stopped spamd and spamass-milter, and then sendmail. Deleted the offending file /var/run/spamass.sock. Restarted them. Watched an email come through, and got the same result.

Looked in the logs again and spotted this just after I restarted the spamassassin processes.

Jun 28 14:12:46 moshie sm-mta[10322]: NOQUEUE: SYSERR(root): /etc/mail/
line 1668: Xspamassassin: local socket name /var/run/spamass.sock unsafe: Group
writable directory

Aha, so that's the problem. /var/run is group writable. Did it change? I looked in /var/log/packages to see what packages had been upgraded.

cd /var/log/packages
ls | grep "Jun 28"

and got this lot

-rw-r--r--  1 root root   2166 Jun 28 10:38 aaa_base-14.0-i486-2
-rw-r--r--  1 root root   5021 Jun 28 10:38 grep-2.12-i486-1
-rw-r--r--  1 root root  69788 Jun 28 10:38 imagemagick-6.7.7_9-i486-1
-rw-r--r--  1 root root   1287 Jun 28 10:38 pycurl-7.19.0-i486-1
-rw-r--r--  1 root root  16940 Jun 28 10:38 shadow-
-rw-r--r--  1 root root   2950 Jun 28 10:38 xz-5.0.4-i486-1

aaa_base looked interesting, so I looked in that file and /var/run is mentioned. I don't know what happened. I extracted the package and looked at It did not specifically change permissions of /var/run with chmod, but it still could have changed permissions. Perhaps /var/run used to be group writable and the upgrade persuaded some things to start testing more seriously? Perhaps the upgrade did reset /var/run to be group writable? I don't know.

So I changed permissions on /var/run so that group is not writable:

chmod g-w /var/run

then I restarted SpamAssassin and sendmail, and this time there were no errors, and email started to be checked for spam again. Problem solved.

I don't know if this is going to cause a problem for some other bit of software. Time will tell.