#5545 SpamAssassin Procmail config does not keep variables at top of procmailrc

[Lomedhi]

The SpamAssassin Procmail Spam Delivery module does not keep the variable definitions at the top of /etc/procmailrc when Action for messages classified as spam is changed. As a result, for example, when switching to Deliver normally, the first lines of procmailrc are changed to:

DROPPRIVS=yes
:0fw
| /bin/spamc
:0
* ^X-Spam-Status: Yes
$DEFAULT

…but $DEFAULT is not yet defined, so the message goes nowhere.

[Jamie Cameron]

Isn't $DEFAULT set automatically by procmail?

[Lomedhi]

Yes, according to this:

Default mailbox file (if not told otherwise, procmail will dump mail in this mailbox). Procmail will automatically use $DEFAULT$LOCKEXT as lockfile prior to writing to this mailbox. You do not need to set this variable, since it already points to the standard system mailbox.

I don't know what the "standard system mailbox" is set to or how it's determined, but moving DEFAULT=$HOME/Maildir/ right after DROPPRIVS=YES fixed the problem for me.

[Lomedhi]

So this appears to be a problem with trying to use both Webmin's Procmail Spam Delivery and Virtualmin's spam settings. I thought you could use both and one or the other was intended to take precedence, but that's not the case.

Virtualmin doesn't want you to use Webmin's Procmail Spam Delivery. It complains if you've done so when you run Re-Check Configuration. Virtualmin wants to manage procmail per virtual server.

When you create the first virtual server with email, Virtualmin rewrites /etc/procmailrc from:

LOGFILE=/var/log/procmail.log
TRAP=/etc/webmin/virtual-server/procmail-logger.pl
ORGMAIL=$HOME/Maildir/
DEFAULT=$HOME/Maildir/
DROPPRIVS=yes
:0
$DEFAULT

To:

LOGFILE=/var/log/procmail.log
TRAP=/etc/webmin/virtual-server/procmail-logger.pl
:0wi
VIRTUALMIN=|/etc/webmin/virtual-server/lookup-domain.pl $LOGNAME
EXITCODE=$?
:0
* ?/bin/test "$EXITCODE" = "73"
/dev/null
EXITCODE=0
:0
* ?/bin/test "$VIRTUALMIN" != ""
{
INCLUDERC=/etc/webmin/virtual-server/procmail/$VIRTUALMIN
}
ORGMAIL=$HOME/Maildir/
DEFAULT=$HOME/Maildir/
DROPPRIVS=yes

So yes, if you have allowed Webmin to add SpamAssassin capability, switching to Deliver normally in Webmin has problems due to the placement of the variable assignments, but that's not the way things are intended to be used. With proper use, the variable assignment placement in Virtualmin's modifications doesn't matter because they are not preceded by a delivery recipe, other than the one to /dev/null when no valid domain is detected.

In actual fact, there's no reason that anything after the INCLUDERC needs to be retained at all, because the included file handles delivery.

So there's technically no bug here, but maybe you could detect whether /etc/procmailrc has been modified by Virtualmin and display a warning?

[Lomedhi]

Sorry, I've been chasing ghosts because I was trying to use Webmin's server-wide SpamAssasin procmail settings along with Virtualmin's per-virtual server settings. When sticking with just the latter, everything works.

The one thing I'd like to request is what would have saved me from my own stupidity: A warning from Webmin when Virtualmin has already changed /etc/procmailrc.

Thanks for indulging me.

[Jamie Cameron]

Yes, we should do that. Where in Webmin were you editing the procmail config?

[Lomedhi]

I edit the procmail config in Servers > Procmail Mail Filter, but the warning should actually go in Servers > SpamAssassin Mail Filter > Procmail Spam Delivery. There's already a warning there that procmail has not been set up for server-wide operation; I think the best approach would be:

• The current warning should only be displayed if no modification of procmailrc by Virtualmin has been detected. Also add to the current warning that you should not configure procmail for SpamAssassin here if you intend to use Virtualmin's per-virtual-server setting.
• If modification of procmailrc by Virtualmin is detected, an alternate warning should be displayed, saying that system-wide and per-virtual-server settings cannot be used together and you need to disable Virtualmin's settings in every virtual server if you want to configure server-wide settings here.

[Jamie Cameron]

Good idea, I'll add a warning for this (and also in the Procmail Mail Filter module).