open(/var/dcc/map): Permission denied

Vernon Schryver vjs@rhyolite.com
Fri Sep 23 14:28:11 UTC 2011


> From: "Aldo Necci" <necci@dia.uniroma3.it>

>> Are you using a current version of SpamAssassin?
>
> Yes I have SpamAssassin 3.3.1 and this is its output:

According to http://spamassassin.apache.org/downloads.cgi
the current version is 3.3.2.  But I doubt that matters.


> Sep 23 10:12:38.503 [2790] dbg: dcc: connecting to a local socket
> /var/dcc/dccifd
> Sep 23 10:12:38.640 [2790] dbg: dcc: dccifd got response:
> X-DCC-dcc1-Metrics: mbox2 1182; Body=many Fuz1=many Fuz2=many
> Sep 23 10:12:38.640 [2790] dbg: dns: leaving helper-app run mode
> Sep 23 10:12:38.642 [2790] dbg: dcc: listed: BODY=999999/999999
> FUZ1=999999/999999 FUZ2=999999/999999 REP=0/90

That shows that the problem is related to how dccproc is run for
real mail by postfix+SpamAssassin.  It also shows that postfix+SpamAssassin
is breaking access to the /var/dcc/dccifd socket.


> I haven't any directory named "dcc" under the directory /var

That is my mistake.  /usr/var/dcc/build/dcc exists only after running
/var/dcc/libexec/updatedcc.  You can find DCC.pm in the dcc-1.3.140/misc
directory of the DCC tarball that you expanded and after you run ./configure.

I trust you used the DCC source tarball from
http://www.dcc-servers.net/dcc/#download or
http://www.dcc-servers.net/dcc/source/dcc.tar.Z
I have been wasting my time answering your email if you are trying
to use one of the "improved" (spelled b-r-o-k-e-n) DCC versions
redistributed by Linux repackagers.


> srw-rw-rw-. 1 root root 0 Sep 23 09:45 /var/dcc/dccifd
> but it seems that every incoming e-mail causes Spamassassin to
> ignore it and invoke dccproc. 

Yes and then dccproc fails to find another file in /var/dcc.
Doesn't that tell you that SpamAssassin (spamd) and all of its
children are unable to reach /var/dcc, probably because of some sort
of chroot jail?


>                               I think that /var/dcc/map is locked
> by dccifd daemon and dccproc can't access it so the warning:
> open(/var/dcc/map): Permission denied
> This can be the right explanation, I think...

Do you really think no one else is using SpamAssassin with dccifd?
Didn't you say that postfix+spamd+DCC worked with your previous
Linux system?


> Dccifd starts as well at the boot time, but *WHY* there is not any
> connection on UDP even if I got this output from cdcc command:

cdcc uses /var/dcc/map in the same way with the same libclnt.a and
libdcc.a libraries as dccproc and dccifd to exchange UDP packets
with the DCC servers.  Cdcc does not check dccifd.  Dccifd, dccproc,
dccm, and cdcc are DCC clients that send DCC/UDP/IP requests to DCC
servers.  Cdcc controls DCC servers and gets their status by sending
UDP packets.  See `man cdcc`

That cdcc works and that the SpamAssassin DCC check works suggests
that the problem is related to however postfix+SpamAssassin runs
on real mail, probably with some sort of chroot jail.


> I use postfix and it is not chrooted, but I don't' know about jails.
> The warning appears even when Spamassassin starts (I replace the real name

> Sep 23 11:34:14 ----- dccproc[2722]: open(/var/dcc/map): Permission denied

That also supports my guess that chroot or a jail is involved with real
mail.  I bet that if you modify the DCC.pm used by SpamAssassin or
add a local SpamAssassin filter that does nothing but
`/bin/cp /var/dcc/dcc_conf /tmp/sa-test`, you will find
that SpamAssassin cannot reach any of /var/dcc.


> I try this:
> # /usr/local/bin/dccproc -C
> asdf: asdf
>
> asdf
> ^C#
> the last line is a CTRL-C I pressed to exit from shell (how I can close
> the shell?). There is no output.

You must tell dccproc, cat, or any program about the end of the
file you are typing.  Try typing control-D to end the file to dccproc.
I bet that you will find that dccproc, like cdcc, is working fine
outside postfix and spamd.


Vernon Schryver    vjs@rhyolite.com



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.