Skip to content

bug report: Test on rspamd private key files not working as expected #3665

Closed
#3669
Closed
bug report: Test on rspamd private key files not working as expected#3665
#3669
Assignees
georglauterbach
Labels
area/scriptsbug/confirmedA bug report whose bug is confirmedkind/bug/reportA report about a bugpriority/highservice/security/dkim-dmarc-spfservice/security/rspamd
Milestone
v13.0.1
@mpatton125

Description

@mpatton125
mpatton125
opened on Nov 26, 2023

📝 Preliminary Checks

  • I tried searching for an existing issue and followed the debugging docs advice, but still need assistance.

👀 What Happened?

target/scripts/startup/setup.d/security/rspamd.sh

if find "$(realpath -eL "${FILE}")" -user _rspamd -or -group _rspamd -or -perm -o=r -exec false {} +; then

Should likely be:

if find "$(realpath -eL "${FILE}")" \( -user _rspamd -or -group _rspamd -or -perm -o=r \) -exec false {} +; then

As it currently stands the test does not appear to work correctly, failing to -exec false when conditions are true - which causes "does not appear to have correct permissions/ownership for Rspamd to use it" message in logs.

👟 Reproduction Steps

-r--r--r--. 1 _rspamd _rspamd 1704 Oct  5 13:47 rsa-2048-mail-nine-hells.net.private.txt

Causes "does not appear to have correct permissions/ownership for Rspamd to use it" message in logs.

🐋 DMS Version

v13.0.0

💻 Operating System and Architecture

Fedora 39 x86_64

⚙️ Container configuration files

[Container]
Image=docker.io/mailserver/docker-mailserver:latest
ContainerName=mailserver
Environment=TZ=Australia/Sydney PERMIT_DOCKER=none SSL_TYPE=letsencrypt [email protected] ENABLE_RSPAMD=1 ENABLE_OPENDKIM=0 ENABLE_OPENDMARC=0 ENABLE_POLICYD_SPF=0 ENABLE_AMAVIS=0 ENABLE_SPAMASSASSIN=0 POSTFIX_INET_PROTOCOLS=ipv4 DOVECOT_INET_PROTOCOLS=ipv4 ENABLE_FAIL2BAN=1
Label=io.containers.autoupdate=registry
#Network=default.network
Network=pasta:-I,eth0
PublishPort=5025:25
PublishPort=5465:465
PublishPort=5587:587
PublishPort=5993:993
PublishPort=11334:11334
Volume=/storage/docker/mailserver/config/:/tmp/docker-mailserver/
Volume=/storage/docker/mailserver/config/postfix-policyd-spf.conf:/etc/postfix-policyd-spf-python/policyd-spf.conf
Volume=/storage/docker/mailserver/mail-data/:/var/mail/
Volume=/storage/docker/mailserver/mail-state/:/var/mail-state/
Volume=/storage/docker/mailserver/mail-logs/:/var/log/mail/
Volume=/storage/docker/mailserver/statistic.conf:/etc/rspamd/statistic.conf
Volume=/etc/localtime:/etc/localtime:ro
Volume=/storage/docker/caddy/data/caddy/certificates/acme-v02.api.letsencrypt.org-directory/mail.nine-hells.net/mail.nine-hells.net.crt:/etc/letsencrypt/live/mail.nine-hells.net/fullchain.pem
Volume=/storage/docker/caddy/data/caddy/certificates/acme-v02.api.letsencrypt.org-directory/mail.nine-hells.net/mail.nine-hells.net.key:/etc/letsencrypt/live/mail.nine-hells.net/privkey.pem
PodmanArgs=--hostname mail.nine-hells.net --cap-add=NET_ADMIN

[Service]
Restart=always

[Install]
WantedBy=default.target

📜 Relevant log output

[ WARNING ]  (Rspamd setup) Rspamd DKIM private key file '/tmp/docker-mailserver/rspamd/dkim/rsa-2048-mail-nine-hells.net.private.txt' does not appear to have correct permissions/ownership for Rspamd to use it
[ WARNING ]  (Rspamd setup) Rspamd DKIM private key file '/tmp/docker-mailserver/rspamd/dkim/rsa-2048-mail-nine-hells.net.private.txt' does not appear to have correct permissions/ownership for Rspamd to use it

Metadata

Metadata

Assignees

Labels

area/scriptsbug/confirmedA bug report whose bug is confirmedkind/bug/reportA report about a bugpriority/highservice/security/dkim-dmarc-spfservice/security/rspamd

Type

No type

Projects

Rspamd Integration

Status

Done

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions