MailScanner unable to require modules

[Skywalker-11]

I just updated MailScanner to the current version and then MailScanner --lint failed to require Mail::SpamAassassin and DBI modules:

You want to use SpamAssassin but have not installed it. at /usr/share/MailScanner/perl/MailScanner/SA.pm line 179.
I will run without SpamAssassin for now, you will not detect much spam until you install SpamAssassin. at /usr/share/MailScanner/perl/MailScanner/SA.pm line 180.
WARNING: You are trying to use the Processing Attempts Database but your DBI and/or DBD::SQLite Perl modules are not properly installed! at /usr/sbin/MailScanner line 1745.
ERROR: Could not connect to SQLite database /var/spool/MailScanner/incoming/Processing.db, either I cannot write to that location or your SQLite installation is screwed. at /usr/sbin/MailScanner line 1756.

To find out what caused this I modified /usr/share/MailScanner/perl/MailScanner/SA.pm for more debug output:

   ...
      unshift @INC, "$val/lib/perl5/site_perl/$perl_vers";
    }
    # Now we have the path built, try to find the SpamAssassin modules
    use Data::Dumper;
    eval "require Mail::SpamAssassin";
    if ($@) {
         MailScanner::Log::WarnLog("failed" . Dumper($@));
         MailScanner::Log::WarnLog("failed" . Dumper(@INC));
    } else {
       MailScanner::Log::WarnLog("succ");
    }

    my $required_sa_class = 'Mail::SpamAssassin';
    unless (eval "require $required_sa_class") {
...

This gave me the following additional output when running MailScanner --lint:

Checking for SpamAssassin errors (if you use it)...
failed$VAR1 = 'Can\'t locate Mail/SpamAssassin.pm:    /usr/share/MailScanner/perl/Mail/SpamAssassin.pm: Permission denied at (eval 75) line 2.
';
 at /usr/share/MailScanner/perl/MailScanner/SA.pm line 171.
failed$VAR1 = '/usr/sbin';
$VAR2 = '/usr/sbin/MailScanner';
$VAR3 = '/usr/share/MailScanner/perl';
$VAR4 = ' /usr/share/MailScanner/perl';
$VAR5 = '/etc/perl';
$VAR6 = '/usr/local/lib/x86_64-linux-gnu/perl/5.24.1';
$VAR7 = '/usr/local/share/perl/5.24.1';
$VAR8 = '/usr/lib/x86_64-linux-gnu/perl5/5.24';
$VAR9 = '/usr/share/perl5';
$VAR10 = '/usr/lib/x86_64-linux-gnu/perl/5.24';
$VAR11 = '/usr/share/perl/5.24';
$VAR12 = '/usr/local/lib/site_perl';
$VAR13 = '/usr/lib/x86_64-linux-gnu/perl-base';
 at /usr/share/MailScanner/perl/MailScanner/SA.pm line 172.
You want to use SpamAssassin but have not installed it. at /usr/share/MailScanner/perl/MailScanner/SA.pm line 179.

The perl module is available at /usr/share/perl5/Mail/SpamAssassin.pm:

# ls -l /usr/share/perl5/Mail/
total 480
-rw-r--r--  1 root root   6821 May 18  2016 Address.pm
-rw-r--r--  1 root root   3797 May 18  2016 Address.pod
-rw-r--r--  1 root root   6320 May 18  2016 Cap.pm
-rw-r--r--  1 root root   3830 May 18  2016 Cap.pod
drwxr-xr-x  4 root root   4096 Mar 28  2017 DKIM
-rw-r--r--  1 root root   2058 Nov 28  2012 DKIM.pm
drwxr-xr-x  2 root root   4096 Jul  7  2017 Field
-rw-r--r--  1 root root   4794 May 18  2016 Field.pm
-rw-r--r--  1 root root   5021 May 18  2016 Field.pod
-rw-r--r--  1 root root   1258 May 18  2016 Filter.pm
-rw-r--r--  1 root root   2861 May 18  2016 Filter.pod
-rw-r--r--  1 root root  14359 May 18  2016 Header.pm
-rw-r--r--  1 root root   7910 May 18  2016 Header.pod
drwxr-xr-x  3 root root   4096 Jul  7  2017 IMAPClient
-rw-r--r--  1 root root 103730 Feb  9  2016 IMAPClient.pm
-rw-r--r--  1 root root 140791 Jan  4  2016 IMAPClient.pod
-rw-r--r--  1 root root  12291 Dec 27  2016 Internet.pm
-rw-r--r--  1 root root  10554 May 18  2016 Internet.pod
drwxr-xr-x  2 root root   4096 Jul  7  2017 Mailer
-rw-r--r--  1 root root   4842 Dec 27  2016 Mailer.pm
-rw-r--r--  1 root root   3978 May 18  2016 Mailer.pod
-rwxr-xr-x  1 root root   1749 Nov 28  2012 sample_mime_lite.pl
-rw-r--r--  1 root root   1154 May 18  2016 Send.pm
-rw-r--r--  1 root root   2868 May 18  2016 Send.pod
drwxr-xr-x 10 root root   4096 Dec 15 16:53 SpamAssassin
-rw-r--r--  1 root root  70697 Apr 28  2015 SpamAssassin.pm
drwxr-xr-x  6 root root   4096 Jul  7  2017 SPF
-rw-r--r--  1 root root   2369 Jun  7  2015 SPF.pm
-rw-r--r--  1 root root   3211 May 18  2016 Util.pm
-rw-r--r--  1 root root   3159 May 18  2016 Util.pod

The path where it tries to include the module from (/usr/share/MailScanner/perl/Mail/SpamAssassin.pm) does not exist:

# ls -l /usr/share/MailScanner/perl/
total 12
drwxr-xr-x 2 root root 4096 Jan 12 18:05 custom
drwxr-xr-x 2 root root 4096 Jan 22 11:39 MailScanner
-rw-r--r-- 1 root root 1850 Jan  2 18:33 MailScanner.pm

So the perl module is there and it is in the include path but the require still fails. Any idea what can cause this? I can remember that I had the problem at least once before but somehow the error disappeared after some time

System is Debian Stretch with MailScanner v5.0.7-1 (deb.tar.gz install), perl 5.24.1-3+deb9u2

[shawniverson]

@Skywalker-11 Back up one level to /usr/share/MailScanner and do an 'ls -al' ? It appears that the require is trying to enumerate the perl directory in /usr/share/MailScanner but is getting a permission denied for some reason and giving up before looking further.

[thctlo]

Hai, i run the same setup, i'll help here i can fo ryou. i see: ERROR: Could not connect to SQLite database /var/spool/MailScanner/incoming/Processing.db Are you using tmpfs for incoming? Please check this. If you use a remote mysql for spamassassin, which i do, and the mysql cant be reached, i get (about) the same error. the message then is missing/unable to load strict.pm these exist also : locate strict.pm /usr/lib/x86_64-linux-gnu/perl-base/strict.pm /usr/share/perl/5.24.1/strict.pm

and try with this "override.conf" , compared to my previous change in systemd, i've added the extra ExecReload=
just like start and stop these need to be cleared and set again.

/etc/systemd/system/mailscanner.service.d/override.conf

[Unit] After=network-online.target remote-fs.target rsyslog.service mariadb.service postfix.service Wants=network-online.target mariadb.service postfix.service

[Service] PIDFile=/var/run/MailScanner.pid EnvironmentFile=-/etc/MailScanner/defaults ExecReload= ExecReload=/bin/kill -HUP $MAINPID

[Skywalker-11]

# ls -l /usr/share/MailScanner/
total 8
drwxr-xr-x  4 root root 4096 Jan 12 18:05 perl
drwxr-xr-x 18 root root 4096 Jan  9 14:18 reports
# ls -l /usr /share
...
drwxr-xr-x   4 root root  4096 Mar 28  2017 MailScanner

# ls -l /usr/
...
drwxr-xr-x 124 root root   4096 Jan 17 10:26 share

# ls -l /
drwxr-xr-x  10 root root  4096 Mar 17  2017 usr

So it should be fine

[shawniverson]

@Skywalker-11

Wait, what is this? There's a dupe with $VAR3 with a leading space.

$VAR4 = ' /usr/share/MailScanner/perl';

[Skywalker-11]

@thctlo I gues that error is related to the previous error where the DBI module can not be loaded

[thctlo]

yes, i say that today also, but after a reboot this was gone. I ended with the strict.pm missing/not found, changed my systemd override.conf and looks ok now.

ow and i noticed also, this error happend just after i updated mailwatch with git. i did a manual : php upgrade.php in /opt/mailwatch, that did some things.

Anything i can test for you. its still a clean system, im testing things before production.

[Skywalker-11]

@shawniverson the empty space seems to come from /usr/sbin/MailScanner !/usr/bin/perl -U -I /usr/share/MailScanner/perl When I change it to !/usr/bin/perl -U -I/usr/share/MailScanner/perl and dump the @INC on start of that file the space gets remove and I get:

 MailScanner --lint
$VAR1 = '/usr/share/MailScanner/perl';
$VAR2 = '/usr/share/MailScanner/perl';
$VAR3 = '/etc/perl';
$VAR4 = '/usr/local/lib/x86_64-linux-gnu/perl/5.24.1';
$VAR5 = '/usr/local/share/perl/5.24.1';
$VAR6 = '/usr/lib/x86_64-linux-gnu/perl5/5.24';
$VAR7 = '/usr/share/perl5';
$VAR8 = '/usr/lib/x86_64-linux-gnu/perl/5.24';
$VAR9 = '/usr/share/perl/5.24';
$VAR10 = '/usr/local/lib/site_perl';
$VAR11 = '/usr/lib/x86_64-linux-gnu/perl-b

That way the require for Mail::SpamAssassin works but after that the include of the SA plugin fails:

Checking for SpamAssassin errors (if you use it)...
succ at /usr/share/MailScanner/perl/MailScanner/SA.pm line 174.
Using SpamAssassin results cache
Connected to SpamAssassin cache database
plugin: failed to parse plugin (from @INC): Can't locate Mail/SpamAssassin/Plugin/SpamCop.pm:   lib/Mail/SpamAssassin/Plugin/SpamCop.pm: Permission denied at (eval 109) line 1.

plugin: failed to parse plugin (from @INC): Can't locate Mail/SpamAssassin/Plugin/AutoLearnThreshold.pm:   lib/Mail/SpamAssassin/Plugin/AutoLearnThreshold.pm: Permission denied at (eval 110) line 1.

plugin: failed to parse plugin (from @INC): Can't locate Mail/SpamAssassin/Plugin/WhiteListSubject.pm:   lib/Mail/SpamAssassin/Plugin/WhiteListSubject.pm: Permission denied at (eval 111) line 1.

plugin: failed to parse plugin (from @INC): Can't locate Mail/SpamAssassin/Plugin/MIMEHeader.pm:   lib/Mail/SpamAssassin/Plugin/MIMEHeader.pm: Permission denied at (eval 112) line 1.

plugin: failed to parse plugin (from @INC): Can't locate Mail/SpamAssassin/Plugin/ReplaceTags.pm:   lib/Mail/SpamAssassin/Plugin/ReplaceTags.pm: Permission denied at (eval 113) line 1.

plugin: failed to parse plugin (from @INC): Can't locate Mail/SpamAssassin/Plugin/DKIM.pm:   lib/Mail/SpamAssassin/Plugin/DKIM.pm: Permission denied at (eval 114) line 1.

plugin: failed to parse plugin (from @INC): Can't locate Mail/SpamAssassin/Plugin/Check.pm:   lib/Mail/SpamAssassin/Plugin/Check.pm: Permission denied at (eval 115) line 1.

plugin: failed to parse plugin (from @INC): Can't locate Mail/SpamAssassin/Plugin/HTTPSMismatch.pm:   lib/Mail/SpamAssassin/Plugin/HTTPSMismatch.pm: Permission denied at (eval 116) line 1.

plugin: failed to parse plugin (from @INC): Can't locate Mail/SpamAssassin/Plugin/URIDetail.pm:   lib/Mail/SpamAssassin/Plugin/URIDetail.pm: Permission denied at (eval 117) line 1.

plugin: failed to parse plugin (from @INC): Can't locate Mail/SpamAssassin/Plugin/Bayes.pm:   lib/Mail/SpamAssassin/Plugin/Bayes.pm: Permission denied at (eval 118) line 1.

plugin: failed to parse plugin (from @INC): Can't locate Mail/SpamAssassin/Plugin/BodyEval.pm:   lib/Mail/SpamAssassin/Plugin/BodyEval.pm: Permission denied at (eval 119) line 1.

plugin: failed to parse plugin (from @INC): Can't locate Mail/SpamAssassin/Plugin/DNSEval.pm:   lib/Mail/SpamAssassin/Plugin/DNSEval.pm: Permission denied at (eval 120) line 1.

plugin: failed to parse plugin (from @INC): Can't locate Mail/SpamAssassin/Plugin/HTMLEval.pm:   lib/Mail/SpamAssassin/Plugin/HTMLEval.pm: Permission denied at (eval 121) line 1.

plugin: failed to parse plugin (from @INC): Can't locate Mail/SpamAssassin/Plugin/HeaderEval.pm:   lib/Mail/SpamAssassin/Plugin/HeaderEval.pm: Permission denied at (eval 122) line 1.

plugin: failed to parse plugin (from @INC): Can't locate Mail/SpamAssassin/Plugin/MIMEEval.pm:   lib/Mail/SpamAssassin/Plugin/MIMEEval.pm: Permission denied at (eval 123) line 1.

plugin: failed to parse plugin (from @INC): Can't locate Mail/SpamAssassin/Plugin/RelayEval.pm:   lib/Mail/SpamAssassin/Plugin/RelayEval.pm: Permission denied at (eval 124) line 1.

plugin: failed to parse plugin (from @INC): Can't locate Mail/SpamAssassin/Plugin/URIEval.pm:   lib/Mail/SpamAssassin/Plugin/URIEval.pm: Permission denied at (eval 125) line 1.

plugin: failed to parse plugin (from @INC): Can't locate Mail/SpamAssassin/Plugin/WLBLEval.pm:   lib/Mail/SpamAssassin/Plugin/WLBLEval.pm: Permission denied at (eval 126) line 1.

plugin: failed to parse plugin (from @INC): Can't locate Mail/SpamAssassin/Plugin/VBounce.pm:   lib/Mail/SpamAssassin/Plugin/VBounce.pm: Permission denied at (eval 127) line 1.

plugin: failed to parse plugin (from @INC): Can't locate Mail/SpamAssassin/Plugin/ImageInfo.pm:   lib/Mail/SpamAssassin/Plugin/ImageInfo.pm: Permission denied at (eval 128) line 1.

plugin: failed to parse plugin (from @INC): Can't locate Mail/SpamAssassin/Plugin/FreeMail.pm:   lib/Mail/SpamAssassin/Plugin/FreeMail.pm: Permission denied at (eval 129) line 1.

plugin: failed to parse plugin (from @INC): Can't locate Mail/SpamAssassin/Plugin/AskDNS.pm:   lib/Mail/SpamAssassin/Plugin/AskDNS.pm: Permission denied at (eval 130) line 1.

Can't locate Mail/SpamAssassin/Bayes.pm:   lib/Mail/SpamAssassin/Bayes.pm: Permission denied at /usr/share/perl5/Mail/SpamAssassin.pm line 1772.

[shawniverson]

Ok, here is my @INC from the same spot...and mine is working, so that apparently isn't the problem :/

$VAR2 = '/usr/sbin/MailScanner'; $VAR3 = '/usr/share/MailScanner/perl'; $VAR4 = ' /usr/share/MailScanner/perl'; $VAR5 = '/usr/local/lib64/perl5'; $VAR6 = '/usr/local/share/perl5'; $VAR7 = '/usr/lib64/perl5/vendor_perl'; $VAR8 = '/usr/share/perl5/vendor_perl'; $VAR9 = '/usr/lib64/perl5'; $VAR10 = '/usr/share/perl5';

[thctlo]

I compaired my setup also again, besides that, i had this today also, once, i now keeps working. Did you already check : /var/spool/MailScanner/incoming/ for the correct rights? or reboot first and then check again.

[Skywalker-11]

The paths seem to be fine at the first part of /usr/sbin/MailScanner but something changes when the processes further. The following (copy paste up to line 150 - start of argument parsing) can require the SpamAssassin module successfully (prints "succ")

#!/usr/bin/perl -U -I /usr/share/MailScanner/perl

use strict;
no strict 'subs';
use POSIX;
require 5.005;

# Awkard BEGIN block so that we pick up MIME::Base64 from the right place!
BEGIN {
  my(@oldinc,@safecopy,$path,@corepaths,@notcorepaths);

  my $seensv = 0;
  foreach $path (@INC) {
    if ($path =~ /site|vendor/i) {
      $seensv = 1;
    }
    if ($seensv) {
      push @notcorepaths, $path unless $path eq '.';
      next;
    }
    # If it's a simple path before site or vendor, save it for the end
    if ($path =~ m#/usr/(local/)?lib\d*/perl\d*/\d\.\d#) {
      push @corepaths, $path;
    } else {
      push @notcorepaths, $path;
    }
  }

  # Now we have all the site and vendor paths in @notcorepaths, and the
  # perl5 paths in @corepaths. We want notcore + core, so the notcore ones
  # take priority.
  #print STDERR '@INC = ' . "\n" . join("\n", @INC) . "\n";
  @INC = (@notcorepaths, @corepaths);
  #print STDERR '@INC = ' . "\n" . join("\n", @INC) . "\n";

  # Look in /usr/local/MailScanner/utils for the modules
  @oldinc = @INC;
  @safecopy = @INC;

  # Duplicate path with /usr/local/MailScanner/utils stuck on the front
  # of each element
  foreach $path (reverse @oldinc) {
    next unless $path =~ /\//;
    $path =~ s/^\/usr/\/share\/MailScanner\/perl/;
    unshift @INC, $path;
  }

  require MIME::Base64;
  require MIME::QuotedPrint;

  @INC = @safecopy;
}

use FileHandle;
use File::Path;
use IO::Handle;
use IO::File;
use Getopt::Long;
use Time::HiRes qw ( time );
use Filesys::Df;
use IO::Stringy;
use Sys::Hostname::Long;
use DBI;
use MailScanner::Antiword;
use MailScanner::Config;
use MailScanner::CustomConfig;
use MailScanner::GenericSpam;
#use MailScanner::LinksDump;
use MailScanner::Lock;
use MailScanner::Log;
use MailScanner::Mail;
use MailScanner::MessageBatch;
use MailScanner::Quarantine;
use MailScanner::Queue;
use MailScanner::RBLs;
use MailScanner::MCPMessage;
use MailScanner::Message;
use MailScanner::MCP;
use MailScanner::SA;
use MailScanner::SweepContent;
use MailScanner::SweepOther;
use MailScanner::SweepViruses;
use MailScanner::TNEF;
use MailScanner::Unzip;
use MailScanner::WorkArea;
use MailScanner;

$ENV{PATH}="/sbin:/bin:/usr/sbin:/usr/bin";
delete $ENV{'BASH_ENV'}; # Don't run things on bash startup

# Needed for SpamAssassin:
delete $ENV{'HOME'};

# Need the parent process to ignore SIGHUP, and catch SIGTERM
$SIG{'HUP'} = 'IGNORE';
$SIG{'TERM'} = \&ExitParent;

####end copy paste. start of require test
use Data::Dumper;
    eval "require Mail::SpamAssassin";
    if ($@) {
         print "fail";
         print  Dumper($@);
         print  Dumper(@INC);
    } else {
       print "succ";
    }

[thctlo]

ok rebooted again here, now i did run : MailScanner --lint -D and i see now the same errors. :-( but spamassassin --lint -D shows no errorrs and running these 2 through the webinterface are both ok.

before my reboot, MailScanner --lint -D was working fine, no changes, reboot, not working. ...
cd /usr/share/perl5 MailScanner --lint -D that works fine again.

but cd ~ MailScanner --lint -D does not work.

[Skywalker-11]

Problem happens at https://github.com/MailScanner/v5/blob/master/common/usr/sbin/MailScanner#L537 SetUidGid($uid, $gid, $qgid, $igid);

Having the test part before that line lets MS find the SA module. After that line it fails to do that

use Data::Dumper;
    eval "require Mail::SpamAssassin";
    if ($@) {
         print "fail";
         print  Dumper($@);
         print  Dumper(@INC);
    } else {
       print "succ";
    }

[Skywalker-11]

More specific: https://github.com/MailScanner/v5/blob/master/common/usr/sbin/MailScanner#L1544 Before the line it works after it doesn't work anymore

[shawniverson]

Well, that makes sense, since the code is root up until that point and should have free reign.

What I don't get is that other on your directories and files are readable and traversable, so I am curious as to why your User/Group in MailScanner is having trouble with this.

I wonder if we can run a test as the MS user and group to see if we can narrow in on the issue.

[Skywalker-11]

Ok there is the problem. postfix user does not find basic perl libraries with script from https://github.com/MailScanner/v5/issues/143#issuecomment-359432270

# sudo -u postfix -g mtagroup /tmp/a
Can't locate strict.pm:    /usr/share/MailScanner/perl/strict.pm: Permission denied at /tmp/a line 3.
BEGIN failed--compilation aborted at /tmp/a line 3.

[thctlo]

Both fail yes.. su postfix -p -c 'spamassassin -x -D -C /etc/MailScanner/spamassassin.conf --lint' su postfix -p -c '/usr/sbin/MailScanner --lint'

su debian-spamd -p -c '/usr/sbin/MailScanner --lint' ( correctly fails due rights. )

su debian-spamd -p -c 'spamassassin -x -D -C /etc/MailScanner/spamassassin.conf --lint' fails, partly, but shows.. Jan 22 16:03:27.806 [4583] dbg: generic: Perl 5.024001, PREFIX=/usr, DEF_RULES_DIR=/usr/share/spamassassin, LOCAL_RULES_DIR=/etc/spamassassin, LOCAL_STATE_DIR=/var/lib/spamassassin Jan 22 16:03:27.806 [4583] dbg: config: timing enabled Jan 22 16:03:27.808 [4583] dbg: config: score set 0 chosen. Jan 22 16:03:27.812 [4583] dbg: util: running in taint mode? yes Jan 22 16:03:27.812 [4583] dbg: util: taint mode: deleting unsafe environment variables, resetting PATH Jan 22 16:03:27.812 [4583] dbg: util: PATH included '/usr/local/bin', keeping Jan 22 16:03:27.812 [4583] dbg: util: PATH included '/usr/bin', keeping Jan 22 16:03:27.812 [4583] dbg: util: PATH included '/bin', keeping Jan 22 16:03:27.812 [4583] dbg: util: PATH included '/usr/local/games', keeping Jan 22 16:03:27.812 [4583] dbg: util: PATH included '/usr/games', keeping Jan 22 16:03:27.812 [4583] dbg: util: final PATH set to: /usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games

and im pointing to : Jan 22 16:03:27.812 [4583] dbg: util: taint mode: deleting unsafe environment variables, resetting PATH

[thctlo]

in addidtion to above, which also shows my installed modules. now every fail here is incorrect, all my modules are installed correctly, below is the "bad" version. running : spamassassin -x -D --lint as root, shows everything correct. ( in spamassassin ).

Jan 22 16:03:27.940 [4583] dbg: diag: [...] module installed: Digest::SHA1, version 2.13 Jan 22 16:03:27.940 [4583] dbg: diag: [...] module installed: HTML::Parser, version 3.72 Jan 22 16:03:27.940 [4583] dbg: diag: [...] module installed: Net::DNS, version 1.07 Jan 22 16:03:27.940 [4583] dbg: diag: [...] module installed: NetAddr::IP, version 4.079 Jan 22 16:03:27.941 [4583] dbg: diag: [...] module installed: Time::HiRes, version 1.9733 Jan 22 16:03:27.941 [4583] dbg: diag: [...] module installed: Archive::Tar, version 2.04_01 Jan 22 16:03:27.941 [4583] dbg: diag: [...] module installed: IO::Zlib, version 1.10 Jan 22 16:03:27.941 [4583] dbg: diag: [...] module installed: Digest::SHA1, version 2.13 Jan 22 16:03:27.941 [4583] dbg: diag: [...] module installed: MIME::Base64, version 3.15 Jan 22 16:03:27.941 [4583] dbg: diag: [...] module installed: DB_File, version 1.835 Jan 22 16:03:27.941 [4583] dbg: diag: [...] module installed: Net::SMTP, version 3.08_01 Jan 22 16:03:27.941 [4583] dbg: diag: [...] module installed: Mail::SPF, version v2.009 Jan 22 16:03:27.941 [4583] dbg: diag: [...] module installed: Geo::IP, version 1.50 Jan 22 16:03:27.941 [4583] dbg: diag: [...] module installed: Net::CIDR::Lite, version 0.21 Jan 22 16:03:27.941 [4583] dbg: diag: [...] module not installed: Razor2::Client::Agent ('require' failed) Jan 22 16:03:27.941 [4583] dbg: diag: [...] module installed: IO::Socket::IP, version 0.37 Jan 22 16:03:27.941 [4583] dbg: diag: [...] module installed: IO::Socket::INET6, version 2.72 Jan 22 16:03:27.942 [4583] dbg: diag: [...] module installed: IO::Socket::SSL, version 2.044 Jan 22 16:03:27.942 [4583] dbg: diag: [...] module installed: Compress::Zlib, version 2.069001 Jan 22 16:03:27.942 [4583] dbg: diag: [...] module not installed: Mail::DKIM ('require' failed) Jan 22 16:03:27.942 [4583] dbg: diag: [...] module not installed: DBI ('require' failed) Jan 22 16:03:27.942 [4583] dbg: diag: [...] module installed: Getopt::Long, version 2.48 Jan 22 16:03:27.942 [4583] dbg: diag: [...] module not installed: LWP::UserAgent ('require' failed) Jan 22 16:03:27.942 [4583] dbg: diag: [...] module not installed: HTTP::Date ('require' failed) Jan 22 16:03:27.942 [4583] dbg: diag: [...] module installed: Encode::Detect::Detector, version 1.01 Jan 22 16:03:27.942 [4583] dbg: diag: [...] module installed: Net::Patricia, version 1.22 Jan 22 16:03:27.942 [4583] dbg: diag: [...] module not installed: Net::DNS::Nameserver ('require' failed)

[thctlo]

I found this, and more people with these "path problems".. in perl and resent Linux distro's.

The doc (http://perldoc.perl.org/perlrun.html) says:

PERL5LIB A list of directories in which to look for Perl library files before looking in the standard library and the current directory. Any architecture-specific and version-specific directories, such as version/archname/, version/, or archname/ under the specified locations are automatically included if they exist, with this lookup done at interpreter startup time. In addition, any directories matching the entries in $Config{inc_version_list} are added. (These typically would be for older compatible perl versions installed in the same directory tree.)

If PERL5LIB is not defined, PERLLIB is used. Directories are separated (like in PATH) by a colon on Unixish platforms and by a semicolon on Windows (the proper path separator being given by the command perl -V:path_sep).

When running taint checks, either because the program was running setuid or setgid, or the -T or -t switch was specified, neither PERL5LIB nor PERLLIB is consulted.

[Skywalker-11]

Weird things happening here. I left the server alone for an hour and suddenly it is working again. Same thing with a second server that had the same problem. 😕

EDIT: Problem is back now

[thctlo]

Well.. at least your not alone in this, i have it too..
I've cleared al my logs, i''ll have a look tomorrow again.

[Skywalker-11]

It is getting weirder: MailScanner --lint does not work when directly logged in as root. But it works if I login as unprivileged user and then run sudo MailScanner --lint or first do su and then MailScanner --lint

[shawniverson]

@Skywalker-11 This seems to indicate to me that something in root's environment is throwing things off. What happens if you 'sudo su - -c "MailScanner --lint" ' from an unprivileged user?

[Skywalker-11]

@shawniverson the command results in the errors about missing modules

[shawniverson]

@Skywalker-11 Ok, now we need to compare the non-privileged account and root account environments and see what is different. I would start with the environment variables.

[Skywalker-11]

( set -o posix ; set ) as non-privileged user

BASH=/bin/bash
BASHOPTS=checkwinsize:cmdhist:complete_fullquote:expand_aliases:extglob:extquote:force_fignore:histappend:interactive_comments:login_shell:progcomp:promptvars:sourcepath
BASH_ALIASES=()
BASH_ARGC=()
BASH_ARGV=()
BASH_CMDS=()
BASH_COMPLETION_COMPAT_DIR=/etc/bash_completion.d
BASH_LINENO=()
BASH_SOURCE=()
BASH_VERSINFO=([0]="4" [1]="4" [2]="12" [3]="1" [4]="release" [5]="x86_64-pc-linux-gnu")
BASH_VERSION='4.4.12(1)-release'
COLUMNS=237
DIRSTACK=()
EUID=1000
GROUPS=()
HISTCONTROL=ignoreboth
HISTFILE=/home/nonprivuser/.bash_history
HISTFILESIZE=2000
HISTSIZE=1000
HOME=/home/nonprivuser
HOSTNAME=server
HOSTTYPE=x86_64
IFS='
'
LANG=en_US.UTF-8
LANGUAGE=en_US:en
LINES=63
LOGNAME=nonprivuser
LS_COLORS='rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=00:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arc=01;31:*.arj=01;31:*.taz=01;31:*.lha=01;31:*.lz4=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.tzo=01;31:*.t7z=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:*.dz=01;31:*.gz=01;31:*.lrz=01;31:*.lz=01;31:*.lzo=01;31:*.xz=01;31:*.zst=01;31:*.tzst=01;31:*.bz2=01;31:*.bz=01;31:*.tbz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:*.alz=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.cab=01;31:*.jpg=01;35:*.jpeg=01;35:*.mjpg=01;35:*.mjpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.webm=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=00;36:*.au=00;36:*.flac=00;36:*.m4a=00;36:*.mid=00;36:*.midi=00;36:*.mka=00;36:*.mp3=00;36:*.mpc=00;36:*.ogg=00;36:*.ra=00;36:*.wav=00;36:*.oga=00;36:*.opus=00;36:*.spx=00;36:*.xspf=00;36:'
MACHTYPE=x86_64-pc-linux-gnu
MAIL=/var/mail/nonprivuser
MAILCHECK=60
OPTERR=1
OPTIND=1
OSTYPE=linux-gnu
PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
PIPESTATUS=([0]="0")
POSIXLY_CORRECT=y
PPID=38322
PS1='\[\e]0;\u@\h: \w\a\]${debian_chroot:+($debian_chroot)}\u@\h:\w\$ '
PS2='> '
PS4='+ '
PWD=/tmp
SHELL=/bin/bash
SHELLOPTS=braceexpand:emacs:hashall:histexpand:history:interactive-comments:monitor:posix
SHLVL=1
SSH_CLIENT='192.168.x.x 26882 22'
SSH_CONNECTION='192.168.x.x 26882 192.168.x.x 22'
SSH_TTY=/dev/pts/4
TERM=xterm
UID=1000
USER=nonprivuser
XDG_RUNTIME_DIR=/run/user/1000
XDG_SESSION_ID=104
_=posix
__git_printf_supports_v=yes
__grub_script_check_program=grub-script-check
_backup_glob='@(#*#|*@(~|.@(bak|orig|rej|swp|dpkg*|rpm@(orig|new|save))))'
_xspecs=([freeamp]="!*.@(mp3|og[ag]|pls|m3u)" [bibtex]="!*.aux" [chromium-browser]="!*.@(?([xX]|[sS])[hH][tT][mM]?([lL]))" [tex]="!*.@(?(la)tex|texi|dtx|ins|ltx|dbj)" [zathura]="!*.@(cb[rz7t]|djv?(u)|?(e)ps|pdf)" [lrunzip]="!*.lrz" [amaya]="!*.@(?([xX]|[sS])[hH][tT][mM]?([lL]))" [hbpp]="!*.@([Pp][Rr][Gg]|[Cc][Ll][Pp])" [lzgrep]="!*.@(tlz|lzma)" [ggv]="!*.@(@(?(e)ps|?(E)PS|pdf|PDF)?(.gz|.GZ|.bz2|.BZ2|.Z))" [lzless]="!*.@(tlz|lzma)" [kdvi]="!*.@(dvi|DVI)?(.@(gz|Z|bz2))" [lbzcat]="!*.?(t)bz?(2)" [lilypond]="!*.ly" [sxemacs]="*.@(o|so|so.!(conf|*/*)|a|[rs]pm|gif|jp?(e)g|mp3|mp?(e)g|avi|asf|ogg|class)" [epdfview]="!*.pdf" [texi2dvi]="!*.@(?(la)tex|texi|dtx|ins|ltx|dbj)" [ps2pdf12]="!*.@(?(e)ps|pdf)" [ee]="!*.@(gif|jp?(e)g|miff|tif?(f)|pn[gm]|p[bgp]m|bmp|xpm|ico|xwd|tga|pcx)" [lbunzip2]="!*.?(t)bz?(2)" [ps2pdf13]="!*.@(?(e)ps|pdf)" [ps2pdf14]="!*.@(?(e)ps|pdf)" [lzfgrep]="!*.@(tlz|lzma)" [hbrun]="!*.[Hh][Rr][Bb]" [kbabel]="!*.po" [rview]="*.@(o|so|so.!(conf|*/*)|a|[rs]pm|gif|jp?(e)g|mp3|mp?(e)g|avi|asf|ogg|class)" [kaffeine]="!*@(.@(mp?(e)g|MP?(E)G|wma|avi|AVI|asf|vob|VOB|bin|dat|divx|DIVX|vcd|ps|pes|fli|flv|FLV|fxm|FXM|viv|rm|ram|yuv|mov|MOV|qt|QT|wmv|mp[234]|MP[234]|m4[pv]|M4[PV]|mkv|MKV|og[agmvx]|OG[AGMVX]|t[ps]|T[PS]|m2t?(s)|M2T?(S)|wav|WAV|flac|FLAC|asx|ASX|mng|MNG|srt|m[eo]d|M[EO]D|s[3t]m|S[3T]M|it|IT|xm|XM|iso|ISO)|+([0-9]).@(vdr|VDR))?(.part)" [xv]="!*.@(gif|jp?(e)g|tif?(f)|png|p[bgp]m|bmp|x[bp]m|rle|rgb|pcx|fits|pm|?(e)ps)" [rgvim]="*.@(o|so|so.!(conf|*/*)|a|[rs]pm|gif|jp?(e)g|mp3|mp?(e)g|avi|asf|ogg|class)" [oodraw]="!*.@(sxd|std|sda|sdd|?(f)odg|otg)" [elinks]="!*.@(?([xX]|[sS])[hH][tT][mM]?([lL]))" [playmidi]="!*.@(mid?(i)|cmf)" [xine]="!*@(.@(mp?(e)g|MP?(E)G|wma|avi|AVI|asf|vob|VOB|bin|dat|divx|DIVX|vcd|ps|pes|fli|flv|FLV|fxm|FXM|viv|rm|ram|yuv|mov|MOV|qt|QT|wmv|mp[234]|MP[234]|m4[pv]|M4[PV]|mkv|MKV|og[agmvx]|OG[AGMVX]|t[ps]|T[PS]|m2t?(s)|M2T?(S)|wav|WAV|flac|FLAC|asx|ASX|mng|MNG|srt|m[eo]d|M[EO]D|s[3t]m|S[3T]M|it|IT|xm|XM)|+([0-9]).@(vdr|VDR))?(.part)" [xpdf]="!*.@(pdf|fdf)?(.@(gz|xz|Z|bz2))" [aviplay]="!*.@(avi|asf|wmv)" [latex]="!*.@(?(la)tex|texi|dtx|ins|ltx|dbj)" [rvim]="*.@(o|so|so.!(conf|*/*)|a|[rs]pm|gif|jp?(e)g|mp3|mp?(e)g|avi|asf|ogg|class)" [ogg123]="!*.@(og[ag]|m3u|flac|spx)" [ps2pdfwr]="!*.@(?(e)ps|pdf)" [harbour]="!*.@([Pp][Rr][Gg]|[Cc][Ll][Pp])" [xemacs]="*.@(o|so|so.!(conf|*/*)|a|[rs]pm|gif|jp?(e)g|mp3|mp?(e)g|avi|asf|ogg|class)" [unlzma]="!*.@(tlz|lzma)" [vi]="*.@(o|so|so.!(conf|*/*)|a|[rs]pm|gif|jp?(e)g|mp3|mp?(e)g|avi|asf|ogg|class)" [gvim]="*.@(o|so|so.!(conf|*/*)|a|[rs]pm|gif|jp?(e)g|mp3|mp?(e)g|avi|asf|ogg|class)" [kid3-qt]="!*.@(mp[234c]|og[ag]|@(fl|a)ac|m4[abp]|spx|tta|w?(a)v|wma|aif?(f)|asf|ape)" [xanim]="!*.@(mpg|mpeg|avi|mov|qt)" [portecle]="!@(*.@(ks|jks|jceks|p12|pfx|bks|ubr|gkr|cer|crt|cert|p7b|pkipath|pem|p10|csr|crl)|cacerts)" [oocalc]="!*.@(sxc|stc|xls?([bmx])|xlw|xlt?([mx])|[ct]sv|?(f)ods|ots)" [emacs]="*.@(o|so|so.!(conf|*/*)|a|[rs]pm|gif|jp?(e)g|mp3|mp?(e)g|avi|asf|ogg|class)" [fbxine]="!*@(.@(mp?(e)g|MP?(E)G|wma|avi|AVI|asf|vob|VOB|bin|dat|divx|DIVX|vcd|ps|pes|fli|flv|FLV|fxm|FXM|viv|rm|ram|yuv|mov|MOV|qt|QT|wmv|mp[234]|MP[234]|m4[pv]|M4[PV]|mkv|MKV|og[agmvx]|OG[AGMVX]|t[ps]|T[PS]|m2t?(s)|M2T?(S)|wav|WAV|flac|FLAC|asx|ASX|mng|MNG|srt|m[eo]d|M[EO]D|s[3t]m|S[3T]M|it|IT|xm|XM)|+([0-9]).@(vdr|VDR))?(.part)" [kpdf]="!*.@(?(e)ps|pdf)" [oomath]="!*.@(sxm|smf|mml|odf)" [compress]="*.Z" [iceweasel]="!*.@(?([xX]|[sS])[hH][tT][mM]?([lL]))" [zcat]="!*.@(Z|[gGd]z|t[ag]z)" [unzip]="!*.@(zip|[ejsw]ar|exe|pk3|wsz|zargo|xpi|s[tx][cdiw]|sx[gm]|o[dt][tspgfc]|od[bm]|oxt|epub|apk|do[ct][xm]|p[op]t[mx]|xl[st][xm])" [modplug123]="!*.@(669|abc|am[fs]|d[bs]m|dmf|far|it|mdl|m[eo]d|mid?(i)|mt[2m]|okta|p[st]m|s[3t]m|ult|umx|wav|xm)" [dvipdfm]="!*.dvi" [oobase]="!*.odb" [zipinfo]="!*.@(zip|[ejsw]ar|exe|pk3|wsz|zargo|xpi|s[tx][cdiw]|sx[gm]|o[dt][tspgfc]|od[bm]|oxt|epub|apk|do[ct][xm]|p[op]t[mx]|xl[st][xm])" [epiphany]="!*.@(?([xX]|[sS])[hH][tT][mM]?([lL]))" [galeon]="!*.@(?([xX]|[sS])[hH][tT][mM]?([lL]))" [bzme]="!*.@(zip|z|gz|tgz)" [xfig]="!*.fig" [xdvi]="!*.@(dvi|DVI)?(.@(gz|Z|bz2))" [cdiff]="!*.@(dif?(f)|?(d)patch)?(.@([gx]z|bz2|lzma))" [rgview]="*.@(o|so|so.!(conf|*/*)|a|[rs]pm|gif|jp?(e)g|mp3|mp?(e)g|avi|asf|ogg|class)" [oowriter]="!*.@(sxw|stw|sxg|sgl|doc?([mx])|dot?([mx])|rtf|txt|htm|html|?(f)odt|ott|odm)" [netscape]="!*.@(?([xX]|[sS])[hH][tT][mM]?([lL]))" [acroread]="!*.[pf]df" [makeinfo]="!*.texi*" [kwrite]="*.@(o|so|so.!(conf|*/*)|a|[rs]pm|gif|jp?(e)g|mp3|mp?(e)g|avi|asf|ogg|class)" [gview]="*.@(o|so|so.!(conf|*/*)|a|[rs]pm|gif|jp?(e)g|mp3|mp?(e)g|avi|asf|ogg|class)" [qiv]="!*.@(gif|jp?(e)g|tif?(f)|png|p[bgp]m|bmp|x[bp]m|rle|rgb|pcx|fits|pm|svg)" [bzcat]="!*.?(t)bz?(2)" [pdftex]="!*.@(?(la)tex|texi|dtx|ins|ltx|dbj)" [rpm2cpio]="!*.[rs]pm" [view]="*.@(o|so|so.!(conf|*/*)|a|[rs]pm|gif|jp?(e)g|mp3|mp?(e)g|avi|asf|ogg|class)" [unxz]="!*.@(?(t)xz|tlz|lzma)" [ly2dvi]="!*.ly" [mozilla]="!*.@(?([xX]|[sS])[hH][tT][mM]?([lL]))" [modplugplay]="!*.@(669|abc|am[fs]|d[bs]m|dmf|far|it|mdl|m[eo]d|mid?(i)|mt[2m]|okta|p[st]m|s[3t]m|ult|umx|wav|xm)" [pyflakes]="!*.py" [dillo]="!*.@(?([xX]|[sS])[hH][tT][mM]?([lL]))" [aaxine]="!*@(.@(mp?(e)g|MP?(E)G|wma|avi|AVI|asf|vob|VOB|bin|dat|divx|DIVX|vcd|ps|pes|fli|flv|FLV|fxm|FXM|viv|rm|ram|yuv|mov|MOV|qt|QT|wmv|mp[234]|MP[234]|m4[pv]|M4[PV]|mkv|MKV|og[agmvx]|OG[AGMVX]|t[ps]|T[PS]|m2t?(s)|M2T?(S)|wav|WAV|flac|FLAC|asx|ASX|mng|MNG|srt|m[eo]d|M[EO]D|s[3t]m|S[3T]M|it|IT|xm|XM)|+([0-9]).@(vdr|VDR))?(.part)" [dvipdfmx]="!*.dvi" [advi]="!*.dvi" [lzmore]="!*.@(tlz|lzma)" [poedit]="!*.po" [firefox]="!*.@(?([xX]|[sS])[hH][tT][mM]?([lL]))" [gv]="!*.@(@(?(e)ps|?(E)PS|pdf|PDF)?(.gz|.GZ|.bz2|.BZ2|.Z))" [madplay]="!*.mp3" [gtranslator]="!*.po" [jadetex]="!*.@(?(la)tex|texi|dtx|ins|ltx|dbj)" [gpdf]="!*.[pf]df" [kghostview]="!*.@(@(?(e)ps|?(E)PS|pdf|PDF)?(.gz|.GZ|.bz2|.BZ2|.Z))" [pbzcat]="!*.?(t)bz?(2)" [lzcat]="!*.@(tlz|lzma)" [vim]="*.@(o|so|so.!(conf|*/*)|a|[rs]pm|gif|jp?(e)g|mp3|mp?(e)g|avi|asf|ogg|class)" [dvips]="!*.dvi" [dvitype]="!*.dvi" [realplay]="!*.@(rm?(j)|ra?(m)|smi?(l))" [gqmpeg]="!*.@(mp3|og[ag]|pls|m3u)" [lzegrep]="!*.@(tlz|lzma)" [bunzip2]="!*.?(t)bz?(2)" [znew]="*.Z" [lokalize]="!*.po" [kate]="*.@(o|so|so.!(conf|*/*)|a|[rs]pm|gif|jp?(e)g|mp3|mp?(e)g|avi|asf|ogg|class)" [dragon]="!*@(.@(mp?(e)g|MP?(E)G|wma|avi|AVI|asf|vob|VOB|bin|dat|divx|DIVX|vcd|ps|pes|fli|flv|FLV|fxm|FXM|viv|rm|ram|yuv|mov|MOV|qt|QT|wmv|mp[234]|MP[234]|m4[pv]|M4[PV]|mkv|MKV|og[agmvx]|OG[AGMVX]|t[ps]|T[PS]|m2t?(s)|M2T?(S)|wav|WAV|flac|FLAC|asx|ASX|mng|MNG|srt|m[eo]d|M[EO]D|s[3t]m|S[3T]M|it|IT|xm|XM|iso|ISO)|+([0-9]).@(vdr|VDR))?(.part)" [pdflatex]="!*.@(?(la)tex|texi|dtx|ins|ltx|dbj)" [mozilla-firefox]="!*.@(?([xX]|[sS])[hH][tT][mM]?([lL]))" [ooimpress]="!*.@(sxi|sti|pps?(x)|ppt?([mx])|pot?([mx])|?(f)odp|otp)" [uncompress]="!*.Z" [unpigz]="!*.@(Z|[gGd]z|t[ag]z)" [lynx]="!*.@(?([xX]|[sS])[hH][tT][mM]?([lL]))" [ps2pdf]="!*.@(?(e)ps|pdf)" [mpg321]="!*.mp3" [mpg123]="!*.mp3" [pbunzip2]="!*.?(t)bz?(2)" [kid3]="!*.@(mp[234c]|og[ag]|@(fl|a)ac|m4[abp]|spx|tta|w?(a)v|wma|aif?(f)|asf|ape)" [pdfjadetex]="!*.@(?(la)tex|texi|dtx|ins|ltx|dbj)" [dvipdf]="!*.dvi" [gharbour]="!*.@([Pp][Rr][Gg]|[Cc][Ll][Pp])" [texi2html]="!*.texi*" [gunzip]="!*.@(Z|[gGd]z|t[ag]z)" [google-chrome]="!*.@(?([xX]|[sS])[hH][tT][mM]?([lL]))" [okular]="!*.@(okular|@(?(e|x)ps|?(E|X)PS|[pf]df|[PF]DF|dvi|DVI|cb[rz]|CB[RZ]|djv?(u)|DJV?(U)|dvi|DVI|gif|jp?(e)g|miff|tif?(f)|pn[gm]|p[bgp]m|bmp|xpm|ico|xwd|tga|pcx|GIF|JP?(E)G|MIFF|TIF?(F)|PN[GM]|P[BGP]M|BMP|XPM|ICO|XWD|TGA|PCX|epub|EPUB|odt|ODT|fb?(2)|FB?(2)|mobi|MOBI|g3|G3|chm|CHM)?(.?(gz|GZ|bz2|BZ2)))" [slitex]="!*.@(?(la)tex|texi|dtx|ins|ltx|dbj)" [xzcat]="!*.@(?(t)xz|tlz|lzma)" [timidity]="!*.@(mid?(i)|rmi|rcp|[gr]36|g18|mod|xm|it|x3m|s[3t]m|kar)" [dviselect]="!*.dvi" )

As root

BASH=/bin/bash
BASHOPTS=checkwinsize:cmdhist:complete_fullquote:expand_aliases:extglob:extquote:force_fignore:interactive_comments:login_shell:progcomp:promptvars:sourcepath
BASH_ALIASES=()
BASH_ARGC=()
BASH_ARGV=()
BASH_CMDS=()
BASH_COMPLETION_COMPAT_DIR=/etc/bash_completion.d
BASH_LINENO=()
BASH_SOURCE=()
BASH_VERSINFO=([0]="4" [1]="4" [2]="12" [3]="1" [4]="release" [5]="x86_64-pc-linux-gnu")
BASH_VERSION='4.4.12(1)-release'
COLUMNS=237
DIRSTACK=()
EUID=0
GROUPS=()
HISTFILE=/root/.bash_history
HISTFILESIZE=500
HISTSIZE=500
HOME=/root
HOSTNAME=server
HOSTTYPE=x86_64
IFS='
'
LANG=en_US.UTF-8
LANGUAGE=en_US:en
LINES=63
LOGNAME=root
MACHTYPE=x86_64-pc-linux-gnu
MAIL=/var/mail/root
MAILCHECK=60
OPTERR=1
OPTIND=1
OSTYPE=linux-gnu
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
PIPESTATUS=([0]="0")
POSIXLY_CORRECT=y
PPID=37724
PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ '
PS2='> '
PS4='+ '
PWD=/tmp
SHELL=/bin/bash
SHELLOPTS=braceexpand:emacs:hashall:histexpand:history:interactive-comments:monitor:posix
SHLVL=1
SSH_CLIENT='192.168.x.x 10110 22'
SSH_CONNECTION='192.168.x.x 10110 192.168.x.x 22'
SSH_TTY=/dev/pts/1
TERM=xterm
UID=0
USER=root
XDG_RUNTIME_DIR=/run/user/0
XDG_SESSION_ID=100
_=posix
__git_printf_supports_v=yes
__grub_script_check_program=grub-script-check
_backup_glob='@(#*#|*@(~|.@(bak|orig|rej|swp|dpkg*|rpm@(orig|new|save))))'
_xspecs=([freeamp]="!*.@(mp3|og[ag]|pls|m3u)" [bibtex]="!*.aux" [chromium-browser]="!*.@(?([xX]|[sS])[hH][tT][mM]?([lL]))" [tex]="!*.@(?(la)tex|texi|dtx|ins|ltx|dbj)" [zathura]="!*.@(cb[rz7t]|djv?(u)|?(e)ps|pdf)" [lrunzip]="!*.lrz" [amaya]="!*.@(?([xX]|[sS])[hH][tT][mM]?([lL]))" [hbpp]="!*.@([Pp][Rr][Gg]|[Cc][Ll][Pp])" [lzgrep]="!*.@(tlz|lzma)" [ggv]="!*.@(@(?(e)ps|?(E)PS|pdf|PDF)?(.gz|.GZ|.bz2|.BZ2|.Z))" [lzless]="!*.@(tlz|lzma)" [kdvi]="!*.@(dvi|DVI)?(.@(gz|Z|bz2))" [lbzcat]="!*.?(t)bz?(2)" [lilypond]="!*.ly" [sxemacs]="*.@(o|so|so.!(conf|*/*)|a|[rs]pm|gif|jp?(e)g|mp3|mp?(e)g|avi|asf|ogg|class)" [epdfview]="!*.pdf" [texi2dvi]="!*.@(?(la)tex|texi|dtx|ins|ltx|dbj)" [ps2pdf12]="!*.@(?(e)ps|pdf)" [ee]="!*.@(gif|jp?(e)g|miff|tif?(f)|pn[gm]|p[bgp]m|bmp|xpm|ico|xwd|tga|pcx)" [lbunzip2]="!*.?(t)bz?(2)" [ps2pdf13]="!*.@(?(e)ps|pdf)" [ps2pdf14]="!*.@(?(e)ps|pdf)" [lzfgrep]="!*.@(tlz|lzma)" [hbrun]="!*.[Hh][Rr][Bb]" [kbabel]="!*.po" [rview]="*.@(o|so|so.!(conf|*/*)|a|[rs]pm|gif|jp?(e)g|mp3|mp?(e)g|avi|asf|ogg|class)" [kaffeine]="!*@(.@(mp?(e)g|MP?(E)G|wma|avi|AVI|asf|vob|VOB|bin|dat|divx|DIVX|vcd|ps|pes|fli|flv|FLV|fxm|FXM|viv|rm|ram|yuv|mov|MOV|qt|QT|wmv|mp[234]|MP[234]|m4[pv]|M4[PV]|mkv|MKV|og[agmvx]|OG[AGMVX]|t[ps]|T[PS]|m2t?(s)|M2T?(S)|wav|WAV|flac|FLAC|asx|ASX|mng|MNG|srt|m[eo]d|M[EO]D|s[3t]m|S[3T]M|it|IT|xm|XM|iso|ISO)|+([0-9]).@(vdr|VDR))?(.part)" [xv]="!*.@(gif|jp?(e)g|tif?(f)|png|p[bgp]m|bmp|x[bp]m|rle|rgb|pcx|fits|pm|?(e)ps)" [rgvim]="*.@(o|so|so.!(conf|*/*)|a|[rs]pm|gif|jp?(e)g|mp3|mp?(e)g|avi|asf|ogg|class)" [oodraw]="!*.@(sxd|std|sda|sdd|?(f)odg|otg)" [elinks]="!*.@(?([xX]|[sS])[hH][tT][mM]?([lL]))" [playmidi]="!*.@(mid?(i)|cmf)" [xine]="!*@(.@(mp?(e)g|MP?(E)G|wma|avi|AVI|asf|vob|VOB|bin|dat|divx|DIVX|vcd|ps|pes|fli|flv|FLV|fxm|FXM|viv|rm|ram|yuv|mov|MOV|qt|QT|wmv|mp[234]|MP[234]|m4[pv]|M4[PV]|mkv|MKV|og[agmvx]|OG[AGMVX]|t[ps]|T[PS]|m2t?(s)|M2T?(S)|wav|WAV|flac|FLAC|asx|ASX|mng|MNG|srt|m[eo]d|M[EO]D|s[3t]m|S[3T]M|it|IT|xm|XM)|+([0-9]).@(vdr|VDR))?(.part)" [xpdf]="!*.@(pdf|fdf)?(.@(gz|xz|Z|bz2))" [aviplay]="!*.@(avi|asf|wmv)" [latex]="!*.@(?(la)tex|texi|dtx|ins|ltx|dbj)" [rvim]="*.@(o|so|so.!(conf|*/*)|a|[rs]pm|gif|jp?(e)g|mp3|mp?(e)g|avi|asf|ogg|class)" [ogg123]="!*.@(og[ag]|m3u|flac|spx)" [ps2pdfwr]="!*.@(?(e)ps|pdf)" [harbour]="!*.@([Pp][Rr][Gg]|[Cc][Ll][Pp])" [xemacs]="*.@(o|so|so.!(conf|*/*)|a|[rs]pm|gif|jp?(e)g|mp3|mp?(e)g|avi|asf|ogg|class)" [unlzma]="!*.@(tlz|lzma)" [vi]="*.@(o|so|so.!(conf|*/*)|a|[rs]pm|gif|jp?(e)g|mp3|mp?(e)g|avi|asf|ogg|class)" [gvim]="*.@(o|so|so.!(conf|*/*)|a|[rs]pm|gif|jp?(e)g|mp3|mp?(e)g|avi|asf|ogg|class)" [kid3-qt]="!*.@(mp[234c]|og[ag]|@(fl|a)ac|m4[abp]|spx|tta|w?(a)v|wma|aif?(f)|asf|ape)" [xanim]="!*.@(mpg|mpeg|avi|mov|qt)" [portecle]="!@(*.@(ks|jks|jceks|p12|pfx|bks|ubr|gkr|cer|crt|cert|p7b|pkipath|pem|p10|csr|crl)|cacerts)" [oocalc]="!*.@(sxc|stc|xls?([bmx])|xlw|xlt?([mx])|[ct]sv|?(f)ods|ots)" [emacs]="*.@(o|so|so.!(conf|*/*)|a|[rs]pm|gif|jp?(e)g|mp3|mp?(e)g|avi|asf|ogg|class)" [fbxine]="!*@(.@(mp?(e)g|MP?(E)G|wma|avi|AVI|asf|vob|VOB|bin|dat|divx|DIVX|vcd|ps|pes|fli|flv|FLV|fxm|FXM|viv|rm|ram|yuv|mov|MOV|qt|QT|wmv|mp[234]|MP[234]|m4[pv]|M4[PV]|mkv|MKV|og[agmvx]|OG[AGMVX]|t[ps]|T[PS]|m2t?(s)|M2T?(S)|wav|WAV|flac|FLAC|asx|ASX|mng|MNG|srt|m[eo]d|M[EO]D|s[3t]m|S[3T]M|it|IT|xm|XM)|+([0-9]).@(vdr|VDR))?(.part)" [kpdf]="!*.@(?(e)ps|pdf)" [oomath]="!*.@(sxm|smf|mml|odf)" [compress]="*.Z" [iceweasel]="!*.@(?([xX]|[sS])[hH][tT][mM]?([lL]))" [zcat]="!*.@(Z|[gGd]z|t[ag]z)" [unzip]="!*.@(zip|[ejsw]ar|exe|pk3|wsz|zargo|xpi|s[tx][cdiw]|sx[gm]|o[dt][tspgfc]|od[bm]|oxt|epub|apk|do[ct][xm]|p[op]t[mx]|xl[st][xm])" [modplug123]="!*.@(669|abc|am[fs]|d[bs]m|dmf|far|it|mdl|m[eo]d|mid?(i)|mt[2m]|okta|p[st]m|s[3t]m|ult|umx|wav|xm)" [dvipdfm]="!*.dvi" [oobase]="!*.odb" [zipinfo]="!*.@(zip|[ejsw]ar|exe|pk3|wsz|zargo|xpi|s[tx][cdiw]|sx[gm]|o[dt][tspgfc]|od[bm]|oxt|epub|apk|do[ct][xm]|p[op]t[mx]|xl[st][xm])" [epiphany]="!*.@(?([xX]|[sS])[hH][tT][mM]?([lL]))" [galeon]="!*.@(?([xX]|[sS])[hH][tT][mM]?([lL]))" [bzme]="!*.@(zip|z|gz|tgz)" [xfig]="!*.fig" [xdvi]="!*.@(dvi|DVI)?(.@(gz|Z|bz2))" [cdiff]="!*.@(dif?(f)|?(d)patch)?(.@([gx]z|bz2|lzma))" [rgview]="*.@(o|so|so.!(conf|*/*)|a|[rs]pm|gif|jp?(e)g|mp3|mp?(e)g|avi|asf|ogg|class)" [oowriter]="!*.@(sxw|stw|sxg|sgl|doc?([mx])|dot?([mx])|rtf|txt|htm|html|?(f)odt|ott|odm)" [netscape]="!*.@(?([xX]|[sS])[hH][tT][mM]?([lL]))" [acroread]="!*.[pf]df" [makeinfo]="!*.texi*" [kwrite]="*.@(o|so|so.!(conf|*/*)|a|[rs]pm|gif|jp?(e)g|mp3|mp?(e)g|avi|asf|ogg|class)" [gview]="*.@(o|so|so.!(conf|*/*)|a|[rs]pm|gif|jp?(e)g|mp3|mp?(e)g|avi|asf|ogg|class)" [qiv]="!*.@(gif|jp?(e)g|tif?(f)|png|p[bgp]m|bmp|x[bp]m|rle|rgb|pcx|fits|pm|svg)" [bzcat]="!*.?(t)bz?(2)" [pdftex]="!*.@(?(la)tex|texi|dtx|ins|ltx|dbj)" [rpm2cpio]="!*.[rs]pm" [view]="*.@(o|so|so.!(conf|*/*)|a|[rs]pm|gif|jp?(e)g|mp3|mp?(e)g|avi|asf|ogg|class)" [unxz]="!*.@(?(t)xz|tlz|lzma)" [ly2dvi]="!*.ly" [mozilla]="!*.@(?([xX]|[sS])[hH][tT][mM]?([lL]))" [modplugplay]="!*.@(669|abc|am[fs]|d[bs]m|dmf|far|it|mdl|m[eo]d|mid?(i)|mt[2m]|okta|p[st]m|s[3t]m|ult|umx|wav|xm)" [pyflakes]="!*.py" [dillo]="!*.@(?([xX]|[sS])[hH][tT][mM]?([lL]))" [aaxine]="!*@(.@(mp?(e)g|MP?(E)G|wma|avi|AVI|asf|vob|VOB|bin|dat|divx|DIVX|vcd|ps|pes|fli|flv|FLV|fxm|FXM|viv|rm|ram|yuv|mov|MOV|qt|QT|wmv|mp[234]|MP[234]|m4[pv]|M4[PV]|mkv|MKV|og[agmvx]|OG[AGMVX]|t[ps]|T[PS]|m2t?(s)|M2T?(S)|wav|WAV|flac|FLAC|asx|ASX|mng|MNG|srt|m[eo]d|M[EO]D|s[3t]m|S[3T]M|it|IT|xm|XM)|+([0-9]).@(vdr|VDR))?(.part)" [dvipdfmx]="!*.dvi" [advi]="!*.dvi" [lzmore]="!*.@(tlz|lzma)" [poedit]="!*.po" [firefox]="!*.@(?([xX]|[sS])[hH][tT][mM]?([lL]))" [gv]="!*.@(@(?(e)ps|?(E)PS|pdf|PDF)?(.gz|.GZ|.bz2|.BZ2|.Z))" [madplay]="!*.mp3" [gtranslator]="!*.po" [jadetex]="!*.@(?(la)tex|texi|dtx|ins|ltx|dbj)" [gpdf]="!*.[pf]df" [kghostview]="!*.@(@(?(e)ps|?(E)PS|pdf|PDF)?(.gz|.GZ|.bz2|.BZ2|.Z))" [pbzcat]="!*.?(t)bz?(2)" [lzcat]="!*.@(tlz|lzma)" [vim]="*.@(o|so|so.!(conf|*/*)|a|[rs]pm|gif|jp?(e)g|mp3|mp?(e)g|avi|asf|ogg|class)" [dvips]="!*.dvi" [dvitype]="!*.dvi" [realplay]="!*.@(rm?(j)|ra?(m)|smi?(l))" [gqmpeg]="!*.@(mp3|og[ag]|pls|m3u)" [lzegrep]="!*.@(tlz|lzma)" [bunzip2]="!*.?(t)bz?(2)" [znew]="*.Z" [lokalize]="!*.po" [kate]="*.@(o|so|so.!(conf|*/*)|a|[rs]pm|gif|jp?(e)g|mp3|mp?(e)g|avi|asf|ogg|class)" [dragon]="!*@(.@(mp?(e)g|MP?(E)G|wma|avi|AVI|asf|vob|VOB|bin|dat|divx|DIVX|vcd|ps|pes|fli|flv|FLV|fxm|FXM|viv|rm|ram|yuv|mov|MOV|qt|QT|wmv|mp[234]|MP[234]|m4[pv]|M4[PV]|mkv|MKV|og[agmvx]|OG[AGMVX]|t[ps]|T[PS]|m2t?(s)|M2T?(S)|wav|WAV|flac|FLAC|asx|ASX|mng|MNG|srt|m[eo]d|M[EO]D|s[3t]m|S[3T]M|it|IT|xm|XM|iso|ISO)|+([0-9]).@(vdr|VDR))?(.part)" [pdflatex]="!*.@(?(la)tex|texi|dtx|ins|ltx|dbj)" [mozilla-firefox]="!*.@(?([xX]|[sS])[hH][tT][mM]?([lL]))" [ooimpress]="!*.@(sxi|sti|pps?(x)|ppt?([mx])|pot?([mx])|?(f)odp|otp)" [uncompress]="!*.Z" [unpigz]="!*.@(Z|[gGd]z|t[ag]z)" [lynx]="!*.@(?([xX]|[sS])[hH][tT][mM]?([lL]))" [ps2pdf]="!*.@(?(e)ps|pdf)" [mpg321]="!*.mp3" [mpg123]="!*.mp3" [pbunzip2]="!*.?(t)bz?(2)" [kid3]="!*.@(mp[234c]|og[ag]|@(fl|a)ac|m4[abp]|spx|tta|w?(a)v|wma|aif?(f)|asf|ape)" [pdfjadetex]="!*.@(?(la)tex|texi|dtx|ins|ltx|dbj)" [dvipdf]="!*.dvi" [gharbour]="!*.@([Pp][Rr][Gg]|[Cc][Ll][Pp])" [texi2html]="!*.texi*" [gunzip]="!*.@(Z|[gGd]z|t[ag]z)" [google-chrome]="!*.@(?([xX]|[sS])[hH][tT][mM]?([lL]))" [okular]="!*.@(okular|@(?(e|x)ps|?(E|X)PS|[pf]df|[PF]DF|dvi|DVI|cb[rz]|CB[RZ]|djv?(u)|DJV?(U)|dvi|DVI|gif|jp?(e)g|miff|tif?(f)|pn[gm]|p[bgp]m|bmp|xpm|ico|xwd|tga|pcx|GIF|JP?(E)G|MIFF|TIF?(F)|PN[GM]|P[BGP]M|BMP|XPM|ICO|XWD|TGA|PCX|epub|EPUB|odt|ODT|fb?(2)|FB?(2)|mobi|MOBI|g3|G3|chm|CHM)?(.?(gz|GZ|bz2|BZ2)))" [slitex]="!*.@(?(la)tex|texi|dtx|ins|ltx|dbj)" [xzcat]="!*.@(?(t)xz|tlz|lzma)" [timidity]="!*.@(mid?(i)|rmi|rcp|[gr]36|g18|mod|xm|it|x3m|s[3t]m|kar)" [dviselect]="!*.dvi" )

Differences are

• EUID, GROUPS, UID, USER, HOME, LOGNAME
• bash history (HISTCONTROL, BASHOPTS, HISTFILE, HISTSIZE, HISTFILESIZE)
• terminal colors (LS_COLORS)
• PATH (root contains additional /usr/local/sbin, /usr/sbin, /sbin; user contains /usr/local/games, /usr/games (both empty))
• window title (PS1)
• XDG_RUNTIME_DIR, XDG_SESSION_ID

[shawniverson]

Ok, lets override PATH for root, removing /sbin directories

export PATH='/usr/local/bin:/usr/bin/:/bin'

If it works, next step is to add them back, one at a time. This will narrow in on the directory that contains something it should not (perhaps an executable that is running instead of another executable in regular bin directories with the same name).

[Skywalker-11]

I think I found the problem. It is not related to beeing root or non-root but it depends on the directory you are in. While testing with sudo and su I didn't changed the directory where I was so I was still in the home directory of the unprivileged user. To that directory the postfix user had rx rights.

If the user to which the uid and gid are set to is not able to read the current directory (x bit set) the error occures:

• run MailScanner --lint while in /root or /etc/ssl/private: does not work (postfix does not have x rights)
• running from other directory where the postfix has x rights it works

[thctlo]

👍

[shawniverson]

@Skywalker-11 Perhaps MailScanner needs to switch out of the current working directory and/or set its own as part of its startup logic to resolve this issue?

[shawniverson]

@Skywalker-11 Furthermore, at least on CentOS, I am able to execute MailScanner --lint in /root where postfix does not have x rights. I may have to spin up a Debian instance to take a closer look.

[Skywalker-11]

@shawniverson It is working when adding chdir('/usr/share/MailScanner/perl'); after the line require 5.005;. Also the include path now works without the weird space #!/usr/bin/perl -U -I/usr/share/MailScanner/perl

[thctlo]

Can you try the following also. this is what im testing also..

cat systemd/system/mailscanner.service.d/override.conf

[Unit]
After=network-online.target remote-fs.target rsyslog.service mariadb.service postfix.service
Wants=network-online.target mariadb.service postfix.service

[Service]
PIDFile=/var/run/MailScanner.pid
EnvironmentFile=-/etc/MailScanner/defaults
ExecReload=
ExecReload=/bin/kill -HUP $MAINPID

#This need to be in apache2.service.
#PrivateTmp=false

WorkingDirectory="/usr/share/MailScanner/perl"

Note the "WorkingDirectory"  see if that helps also. 
` 

failed. 

[thctlo]

Well, that did not work. i also found this in this file a path related thing.

/etc/perl/sitecustomize.pl states:

# This script is only provided as a transition mechanism for
# removing the current working directory from the library search path
# while leaving a temporary way to override this locally.
#
# If you really need "." to be on @INC globally, you can comment
# this away for now. However, please note that this facility
# is expected to be removed after the Debian stretch release,
# at which point any code in this file will not have any effect.
#
# Please see CVE-2016-1238 for background information on the risks
# of having "." on @INC.

pop @INC if $INC[-1] eq '.' and !$ENV{PERL_USE_UNSAFE_INC};

[Skywalker-11]

@thctlo I guess the systemd config is not beeing used when calling MailScanner --lint manually

[thctlo]

ah, yes, i was still with my head in the reload/restart problems sorry.