Automatic Spam training on Junk, /usr/bin/sa-learn does not exist

Hello,

The binary sa-learn is a part of SpamAssassin installation, and is not included with Rspamd installation. There were instructions for Rspamd on the forums. You might try and find it
 
Thanks zEitEr. I gave it all morning trying/reading before I posted; hard to trust what is actually a working setup today from posts 3+ years old. This seemed like the most recent/relevant post https://forum.directadmin.com/threads/imapsieve-rspamd.79890/
but I'm not seeing any log generation or training being done. Probably need to modify some permissions as the user says they were directed to do; wish they would have listed the changes they made that got it working.
 
Yep, that's exactly what I have done prior to posting, but dragging emails to Junk does nothing (trained email count doesn't increase in the rspamd interface and there is no log in tmp or errors in the system logs). Here are my current permissions

[root@host ~]# ls -lah /usr/local/bin/dovecot-sieve/
total 28K
drwxr-xr-x 2 root root 4.0K Sep 24 12:27 .
drwxr-xr-x. 3 root root 4.0K Sep 24 11:57 ..
-rw-r--r-- 1 root root 164 Sep 24 11:59 report-ham.sieve
-rw-r--r-- 1 root root 354 Sep 24 12:20 report-ham.svbin
-rw-r--r-- 1 root root 77 Sep 24 12:21 report-spam.sieve
-rw-r--r-- 1 root root 272 Sep 24 12:21 report-spam.svbin
-rwxr-xr-x 1 root root 190 Sep 24 12:27 sa-learn.sh
 
You might update the script to call /usr/local/bin/dovecot-sieve/sa-learn.sh through sudo. Update sudo rules accordingly
 
Sep 25 08:44:41 host dovecot[813]: imap: Error: /usr/local/bin/dovecot-sieve/sa-learn.sh: line 2: /tmp/imap-sieve.log: Permission denied
Sep 25 08:44:41 host dovecot[813]: imap: Error: cannot connect to /var/run/rspamd/rspamd_controller.sock: Permission denied
Sep 25 08:44:41 host dovecot[813]: imap([email protected])<1089399><6FlqbJ8/i+0vzUbG>: sieve: execute exec:/usr/local/bin/dovecot-sieve/sa-learn.sh (1102015): Terminated with non-zero exit code 1
Sep 25 08:44:41 host dovecot[813]: imap([email protected])<1089399><6FlqbJ8/i+0vzUbG>: Error: sieve: failed to execute to program 'sa-learn.sh': refer to server log for more information. [2025-09-25 08:44:41]
So it's definitely a permissions issue currently. I changed the sa-learn script to
Bash:
#!/bin/bash
sudo echo "$(date) IMAPSIEVE arg=$1" >> /tmp/imap-sieve.log
cmd="learn_spam"
[ "$1" = "ham" ] && cmd="learn_ham"
exec sudo /usr/bin/rspamc -h /var/run/rspamd/rspamd_controller.sock "$cmd"
but I don't know which user to add to sudo/wheel, so now the errors are
Sep 25 09:29:45 host dovecot[1131370]: imap: Error: /usr/local/bin/dovecot-sieve/sa-learn.sh: line 2: /tmp/imap-sieve.log: Permission denied
Sep 25 09:29:45 host dovecot[1131370]: imap: Error:
Sep 25 09:29:45 host dovecot[1131370]: imap: Error: We trust you have received the usual lecture from the local System
Sep 25 09:29:45 host dovecot[1131370]: imap: Error: Administrator. It usually boils down to these three things:
Sep 25 09:29:45 host dovecot[1131370]: imap: Error:
Sep 25 09:29:45 host dovecot[1131370]: imap: Error: #1) Respect the privacy of others.
Sep 25 09:29:45 host dovecot[1131370]: imap: Error: #2) Think before you type.
Sep 25 09:29:45 host dovecot[1131370]: imap: Error: #3) With great power comes great responsibility.
Sep 25 09:29:45 host dovecot[1131370]: imap: Error:
Sep 25 09:29:45 host dovecot[1131370]: imap: Error: sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper
Sep 25 09:29:45 host dovecot[1131370]: imap: Error: sudo: a password is required
 
Thanks Alex. Sorry to be dense, but are you not using the tutorial's suggested report-spam.sieve and report-ham.sieve? It also seems like you have separate sh files for spam vs ham (where the tutorial only uses sa-learn.sh and passes a variable for which type to process). Could you please be more verbose with how you solved the permissions issue and the files involved?

I went down an AI rabbit-hole adjusting permissions that got the tutorial scripts past the initial permissions errors, but that socket permissions issue was unsolvable. I thought I could recreate the sockets to use the mail group, which should allow DA users to access, but there was no way to change the group from _rspamd no matter what I tried. I could change the ownership permissions to 660 with:
bind_socket = "/var/run/rspamd/rspamd_controller.sock mode=0660 group=mail";
but the group ownership did not abide by the group setting, no matter what I did.
 
Here on the forums I'd rather prefer to point to a direction where one can find solution)

My idea was to use sudo. Add I added an intermediate script which calls another scripts via sudo. You don't need to use my solution, but you can work out your own. If using echo through sudo is a bad idea, then sudo /usr/bin/rspamc might work for you. What you might need to learn is how to configure sudoers in the folder /etc/sudoers.d/, I will leave it up to you.
 
I understand and I'm trying, I just can't find the solution in every direction I look. Following the current tutorials, I have 3 files:

/usr/local/bin/dovecot-sieve/report-spam.sieve
Code:
require ["vnd.dovecot.pipe", "copy" ];

pipe :copy "sa-learn.sh" [ "spam" ];

/usr/local/bin/dovecot-sieve/report-ham.sieve
Code:
require ["vnd.dovecot.pipe", "copy" ];

pipe :copy "sa-learn.sh" [ "ham" ];

/usr/local/bin/dovecot-sieve/sa-learn.sh
Code:
#!/bin/bash
echo "$(date) IMAPSIEVE arg=$1" >> /tmp/imap-sieve.log
cmd="learn_spam"
[ "$1" = "ham" ] && cmd="learn_ham"
exec /usr/bin/rspamc -h /var/run/rspamd/rspamd_controller.sock "$cmd"

From my current understanding and tinkering, I can't just put sudo in the proper place(s) above and get it to work. I believe, going by the snippets you have posted, that you have separate sh files to deal with spam vs ham, correct? Your working solution has different contents and additional files, from my understanding
 
In order to let anybody to use sudo, even in a script you as root should first write sudoers rules in the folder /etc/sudoers.d/. Your errors:

Code:
Sep 25 09:29:45 host dovecot[1131370]: imap: Error: #1) Respect the privacy of others.
Sep 25 09:29:45 host dovecot[1131370]: imap: Error: #2) Think before you type.
Sep 25 09:29:45 host dovecot[1131370]: imap: Error: #3) With great power comes great responsibility.

show that you did not create sudoers rules.

Yes, I do. I use a separate script for learning SPAM and HAM. But again it is not the core change. I do use another name for the script /usr/local/bin/dovecot-sieve/sa-learn.sh, but it provides only a cosmetic effect for my own and easy maintaining.
 
Yes, I don't allow ssh access to users, so I don't use sudo on the server for decades up until a few months ago. I installed rootless docker for one user (I control) and did the absolute least (added the user to wheel, since it's Alma) to get sudo working.

Is it "mail" that needs to get added to sudoers?
 
Is it "mail" that needs to get added to sudoers?

I don't have an answer here, you will need to find it out on your own. I call a specific script over sudo, so I enable sudo for ALL

add in the script:
Bash:
id >> /tmp/imap-sieve.log

and
Code:
chmod 666 /tmp/imap-sieve.log
to find out which user is that operating in behalf of.
 
Back
Top