[CentOS] New Server and noticing these maillog postfix entries: What to do about them?

Sun Nov 21 22:03:53 UTC 2021
Alexander Dalloz <ad+lists at uni-x.org>

Am 21.11.2021 um 22:36 schrieb Jay Hart:

[ ... ]

> [root at dream spamassassin]# postconf -n |grep milter
> milter_default_action = accept
> milter_protocol = 6
> non_smtpd_milters = $smtpd_milters
> smtpd_milters = unix:/run/spamass-milter/spamass-milter.sock

Ok. I expect you have specified the spamass-milter by purpose.

> [root at dream spamassassin]# ls -al /var/run/spamass-milter/spamass-milter.sock
> srwxr-xr-x. 1 sa-milt sa-milt 0 Nov 20 23:28 /var/run/spamass-milter/spamass-milter.sock
> 
> Two things:
> 1. should the 'smtpd_milters' path be /var/run... vice unix:/run...

You know that there are unix sockets and tcp sockets? "unix:/path" just 
declares a unix type socket within the main.cf.

> 2. I just noticed I have two spamass-milter sockets running:
> 
> [root at dream spamass-milter]# ls -al /var/run/spamass-milter/spamass-milter.sock
> srwxr-xr-x. 1 sa-milt sa-milt 0 Nov 20 23:28 /var/run/spamass-milter/spamass-milter.sock
> 
> [root at dream spamass-milter]# ls -al /run/spamass-milter/spamass-milter.sock
> srwxr-xr-x. 1 sa-milt sa-milt 0 Nov 20 23:28 /run/spamass-milter/spamass-milter.sock

It shouldn't be new to you that /var/run is a symlink to /run. So you 
don't have to distinguish sockets.

You haven't checked the whole path permissions up to the socket.

namei -lv /run/spamass-milter/spamass-milter.sock

Postfix must be able to reach the unix socket file. One way to achieve 
that is putting the postfix user in the sa-milt group.
Or configure the spamass milter to provide a tcp socket and attach to 
that one within Postfix. Thus you would not have to care for path and 
file permissions.

> [root at dream share]# ss -l |grep spam
> u_str LISTEN 0      128                      /run/spamass-milter/spamass-milter.sock 185043
> 
> [root at dream share]# ss -pl |grep spam
> u_str LISTEN 0      128                                                   /run/spamass-milter/spamass-milter.sock 185043    * 0
>     users:(("spamass-milter",pid=16657,fd=4))
> u_dgr UNCONN 0      0                                                                                           * 198745 * 14567
> users:(("spamd child",pid=17925,fd=4),("spamd child",pid=17924,fd=4),("spamd",pid=17891,fd=4))
> u_dgr UNCONN 0      0                                                                                           * 185042 * 14567
> users:(("spamass-milter",pid=16657,fd=3))
> tcp   LISTEN 0      128                                                                                   127.0.0.1:783  0.0.0.0:*
> users:(("spamd child",pid=17925,fd=6),("spamd child",pid=17924,fd=6),("spamd",pid=17891,fd=6))
> tcp   LISTEN 0      128                                                                                   [::1]:783         [::]:*
> users:(("spamd child",pid=17925,fd=5),("spamd child",pid=17924,fd=5),("spamd",pid=17891,fd=5))
> 
> Been hunting around in the configs trying to determine why I got two processes running...Still looking into this.
> 
> Thanks,
> 
> Jay

Alexander