
<html>

  <head>

    <meta content="text/html; charset=utf-8" http-equiv="Content-Type">

  </head>

  <body bgcolor="#FFFFFF" text="#000000">

    <div class="moz-cite-prefix">Hi,<br>

      amavisd was not enable to push its mail into a sendmail dir

      /var/spool/clientmqueue<br>

      of a S.O. Centos 7.<br>

      <br>

      Best regards<br>

      Daniela Bortolotti<br>

      <br>

      <br>

      <br>

      On 05/20/2015 04:40 PM, Juan Orti Alcaine wrote:<br>

    </div>

    <blockquote

cite="mid:CAC+fKQVL+s+jz1pGansHyKG5VKCCnq2GRdWqN5kMCr3jn-mnMg@mail.gmail.com"

      type="cite">

      <div dir="ltr">

        <div class="gmail_default"

          style="font-family:arial,helvetica,sans-serif">I'd like to

          know what was NoNewPrivileges forbidding. Was it amavisd

          changing uid when running a suid binary?<br>

          <br>

        </div>

        <div class="gmail_default"

          style="font-family:arial,helvetica,sans-serif"><br>

        </div>

      </div>

      <div class="gmail_extra"><br>

        <div class="gmail_quote">2015-05-20 16:00 GMT+02:00 bortolotti <span

            dir="ltr"><<a moz-do-not-send="true"

              href="mailto:daniela.bortolotti@bo.infn.it"

              target="_blank">daniela.bortolotti@bo.infn.it</a>></span>:<br>

          <blockquote class="gmail_quote" style="margin:0 0 0

            .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi

            Matthias,<br>

            we changed the parameter NoNewPrivileges in<br>

            amavisd boot script of Centos 7 and any problem disappeared.<br>

            <br>

            Thank a lot for your help<br>

            <br>

            Best regards<br>

            Daniela Bortolotti

            <div class="HOEnZb">

              <div class="h5"><br>

                <br>

                On 05/15/2015 10:11 AM, Matthias Weigel wrote:<br>

                <blockquote class="gmail_quote" style="margin:0 0 0

                  .8ex;border-left:1px #ccc solid;padding-left:1ex">

                  Hi Daniela,<br>

                  <br>

                  NoNewPrivileges=false<br>

                  <br>

                  seems to be needed.<br>

                  There are many other similar systemd settings that can

                  cause your<br>

                  problem, e.g. SecureBits, Capabilities, and others.<br>

                  <br>

                  Can you as a test try to run amavisd without systemd,

                  directly from a shell?<br>

                  systemctl stop amavisd<br>

                  sudo -u amavis -s /usr/sbin/amavisd -c amavisd.conf

                  debug<br>

                  <br>

                  Best Regards<br>

                  <br>

                  Matthias<br>

                  <br>

                  <br>

                </blockquote>

                <br>

              </div>

            </div>

          </blockquote>

        </div>

        <br>

        <br clear="all">

        <br>

        -- <br>

        <div class="gmail_signature">

          <div dir="ltr">

            <div>

              <div dir="ltr">

                <div>

                  <div dir="ltr">

                    <div>Juan Orti<br>

                      <a moz-do-not-send="true"

                        href="https://miceliux.com" target="_blank">https://miceliux.com</a><br>

                      <br>

                      GPG key: <a moz-do-not-send="true"

                        href="https://miceliux.com/pub/pubkey.asc"

                        target="_blank">https://miceliux.com/pub/pubkey.asc</a><br>

                      GPG fingerprint: 61F0 8272 6882 BCA6 3A35  88F6

                      B630 4B72 DEEB D08B</div>

                  </div>

                </div>

              </div>

            </div>

          </div>

        </div>

      </div>

    </blockquote>

    <br>

  </body>

</html>