Antispam: rspamd, the learn-hamorspam socket write error

[diffway]

Problem description

The feature of ham or spam learning by moving in and out of the Junk folder is claimed, but in fact is not working, at least for me.

How to reproduce

1. (Optional) Enable dovecot debug
2. In any mail client move mail message to /Junk folder
3. On the server, watch /var/log/syslog, there will be line:

...
... learn-hamorspam: Cannot open socket file for writing, tried with <UID>
...
... Error: sieve: report-spam: line 23: execute action: failed to execute to program `learn-hamorspam.sh': refer to server log for more information. [<ISO DATETIME>]
...

What expected

No errors in syslog

What I did

I found that in 90-sieve-extprograms.conf template of dovecot role there is mail_users group

Privileges in both service sieve-pipe-script { and service sieve-execute-action { blocks are the same:

...
    user = dovecot
    group = mail_users
    mode = 0660
...

While in worker-controller template of rspamd role there is _rspamd group.

...
bind_socket = "/run/rspamd/controller.sock mode=0660 owner=_rspamd group=_rspamd";
...

What i tried

• Set group of rspamd socket to be mail_users
• Change dovecot config to the group _rspamd

Both of my attempts didn't resolve the socket write error problem.

Kind of solution

So far, only chmod others privileges to rw for rspamd socket helps.

If someone knows better way write comment here.

Disclaimer:

Never open sockets to all (o+rw) users on production systems, this can potentially lead to vulnerabilities.

# chmod -c o+rw /run/rspamd/controller.sock
mode of '/run/rspamd/controller.sock' changed from 0660 (rw-rw----) to 0666 (rw-rw-rw-)

See attachment for details: learn-hamorspam-error.log