Why sa-update not running with cron?

OS type and version Debian Linux 11
Webmin version 2.111
Usermin version 2.010
Virtualmin version 7.10.0
Theme version 21.10
Package updates All installed packages are up to date


I got one server that as far as I know has the same config as others, where sa-update (spamassassin) does not seems to work with the cron. I see it is in /etc/cron.daily/spamassassin (user root, active yes).

But when I check the dir: /var/lib/spamassassin/3.004006/updates_spamassassin_org/ the update date is stuck. While other servers, I see the date of this folder change every day.

I expected to see an error in the cron mail if something was wrong, but there is no error email. Also when running it from command line, sa-update works fine.

Where should I look to find the possible cause of this?

Update: Strange, found the problem. Somehow the dir and it files: /var/lib/spamassassin/3.004006/ had root as owned, instead of debian-spamd. Did a chown and now it works. Crazy :slight_smile: Maybe it helps someone running into this some day.

Update2: I checked again, but latest update was 3 days ago. Stopped working again or the fix was never the solution.

You are correct to say “Strange”
As user root (doing the updates, or running cron) should have access to everything?

That’s right :thinking: must be an explanation for it, but not sure it’s worth investing more time into it.

given the number of Debian users on here I’m a little surprised this has not been flagged before.

Debian 11

root@main:/var/lib/spamassassin/3.004006/updates_spamassassin_org# ls -lath
total 1.5M
drwxr-xr-x 2 debian-spamd debian-spamd 4.0K May 17 06:55 .
drwxr-xr-x 3 debian-spamd debian-spamd 4.0K May 17 06:55 ..
-rw-r--r-- 1 debian-spamd debian-spamd  30K May 17 06:55 72_scores.cf
-rw-r--r-- 1 debian-spamd debian-spamd 4.2K May 17 06:55 73_sandbox_manual_scores.cf
-rw-r--r-- 1 debian-spamd debian-spamd 131K May 17 06:55 languages
-rw-r--r-- 1 debian-spamd debian-spamd 3.2K May 17 06:55 local.cf
-rw-r--r-- 1 debian-spamd debian-spamd 2.8K May 17 06:55 regression_tests.cf
-rw-r--r-- 1 debian-spamd debian-spamd 4.7K May 17 06:55 sa-update-pubkey.txt

It hasn’t been flagged before because it is not broken by default. You’d have to go out of your way to break it. :wink:

1 Like

So any change to restrict ownership seems rather pointless:

even if effective :relieved:

You misunderstand the problem and solution, I think. The files should have always been owned by debian-spamd, because it would be a stupidly dangerous idea to run every process, particularly ones that interact with data from the internet, like sa-update, as root.


Ok I have to give a little update: is does not work again. Now I’m even more confused :wink:
Let’s see how to fix this.

But Joe you say:

because it would be a stupidly dangerous idea to run every process, particularly ones that interact with data from the internet, like sa-update , as root .

But the daily cron that is created on installation, for Spamassassin is assigned to the root user?


lol, you’re right. It runs as root, and all those files are owned by root on Rocky/Alma/RHEL systems. Wild.

Haha wild indeed.

Ok I found the real reason. When I look at the /etc/cron.daily/spamassassin script I see:


test -f /etc/default/spamassassin && . /etc/default/spamassassin

test -x /usr/bin/sa-update || exit 0
test -x /etc/init.d/spamassassin || exit 0
command -v gpg > /dev/null || exit 0

if [ "$CRON" = "0" ] ; then
    exit 0

And the CRON = 1 value is the result from this line: test -f /etc/default/spamassassin && . /etc/default/spamassassin

Now I thought this was enabled by default, but looking at /etc/default/spamassassin it was off. I have no idea why, maybe I missed something during install? Anyway the content was:

OPTIONS="--create-prefs --max-children 5 --helper-home-dir"

And on the servers where it was running correct it is:

OPTIONS="--create-prefs --max-children 5 --helper-home-dir"

So, that was the case :woozy_face:.

It might be distro specific? If you enable SA I’d think this should get toggled at the same time?

That said, I’m on 11. I had to install 10, upgrade to 11, and then installed VM. That was close to a year and a half ago now. I suppose something in the scripts could have changed.

1 Like

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.