<div dir="ltr"><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">But my question is if it was because amavisd was trying to execute a suid binary to do that or, for example, it was a member of a secondary group and those permissions were not in effect.<br></div></div><div class="gmail_extra"><br><div class="gmail_quote">2015-05-20 17:06 GMT+02:00 bortolotti <span dir="ltr"><<a href="mailto:daniela.bortolotti@bo.infn.it" target="_blank">daniela.bortolotti@bo.infn.it</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>Hi,<br>
amavisd was not enable to push its mail into a sendmail dir
/var/spool/clientmqueue<br>
of a S.O. Centos 7.<br>
<br>
Best regards<br>
Daniela Bortolotti<div><div class="h5"><br>
<br>
<br>
<br>
On 05/20/2015 04:40 PM, Juan Orti Alcaine wrote:<br>
</div></div></div><div><div class="h5">
<blockquote type="cite">
<div dir="ltr">
<div class="gmail_default" style="font-family:arial,helvetica,sans-serif">I'd like to
know what was NoNewPrivileges forbidding. Was it amavisd
changing uid when running a suid binary?<br>
<br>
</div>
<div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><br>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">2015-05-20 16:00 GMT+02:00 bortolotti <span dir="ltr"><<a href="mailto:daniela.bortolotti@bo.infn.it" target="_blank">daniela.bortolotti@bo.infn.it</a>></span>:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi
Matthias,<br>
we changed the parameter NoNewPrivileges in<br>
amavisd boot script of Centos 7 and any problem disappeared.<br>
<br>
Thank a lot for your help<br>
<br>
Best regards<br>
Daniela Bortolotti
<div>
<div><br>
<br>
On 05/15/2015 10:11 AM, Matthias Weigel wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi Daniela,<br>
<br>
NoNewPrivileges=false<br>
<br>
seems to be needed.<br>
There are many other similar systemd settings that can
cause your<br>
problem, e.g. SecureBits, Capabilities, and others.<br>
<br>
Can you as a test try to run amavisd without systemd,
directly from a shell?<br>
systemctl stop amavisd<br>
sudo -u amavis -s /usr/sbin/amavisd -c amavisd.conf
debug<br>
<br>
Best Regards<br>
<br>
Matthias<br>
<br>
<br>
</blockquote>
<br>
</div>
</div>
</blockquote>
</div>
<br>
<br clear="all">
<br>
-- <br>
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div>Juan Orti<br>
<a href="https://miceliux.com" target="_blank">https://miceliux.com</a><br>
<br>
GPG key: <a href="https://miceliux.com/pub/pubkey.asc" target="_blank">https://miceliux.com/pub/pubkey.asc</a><br>
GPG fingerprint: 61F0 8272 6882 BCA6 3A35 88F6
B630 4B72 DEEB D08B</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
<br>
</div></div></div>
</blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div>Juan Orti<br><a href="https://miceliux.com" target="_blank">https://miceliux.com</a><br><br>GPG key: <a href="https://miceliux.com/pub/pubkey.asc" target="_blank">https://miceliux.com/pub/pubkey.asc</a><br>GPG fingerprint: 61F0 8272 6882 BCA6 3A35 88F6 B630 4B72 DEEB D08B</div></div></div></div></div></div></div>
</div>