Problem using amavisd 2.9.and sendmail on Centos 7

Matthias Weigel matthias.weigel at maweos.de
Thu May 14 15:19:21 CEST 2015


Hi Daniela,

this looks all o.k.

Can you send me the output of this command:
sudo -u amavis -s /usr/sbin/sendmail -v -Ac -i  bortolotti at bo.infn.it <
/tmp/ciao

Do you by any chance use chroot in amavis?

Did you mount any filesystem sendmail uses, with "nosuid" option?
mount | grep nosuid


Does your problem change, if you disable "protected_symlinks"?
cat /proc/sys/fs/protected_symlinks
echo 0 > /proc/sys/fs/protected_symlinks





Best Regards

Matthias

Am 14.05.2015 um 14:30 schrieb Daniela Bortolotti:
> Hi Matthias,
> I check out permission on files and dir, these are the output:
> 
> ----------------------------------------------------------------------
> 
> [root at postman ~]# ls -lisa /usr/sbin/sendmail*
> 1057121   0 lrwxrwxrwx  1 root root      21 May 11 15:16
> /usr/sbin/sendmail -> /etc/alternatives/mta
> 1058798 244 -rwxr-xr-x  1 root root  247848 Jun 10  2014
> /usr/sbin/sendmail.postfix
> 1057108 820 -rwxr-sr-x. 1 root smmsp 836840 Jun  9  2014
> /usr/sbin/sendmail.sendmail
> [root at postman ~]# ls -lisa /etc/alternatives/mta
> 131748 0 lrwxrwxrwx 1 root root 27 May 11 15:16 /etc/alternatives/mta ->
> /usr/sbin/sendmail.sendmail
> 
> -----------------------------------------------------------------------
> 
> ls -lisa /etc/mail
> total 620
> 131604   4 drwxr-xr-x.  4 root root   4096 May 13 17:07 .
> 131073  12 drwxr-xr-x. 82 root root  12288 May 13 16:44 ..
> 131782   4 -rw-r--r--   1 root root   1011 May 13 17:07 access
> 131763  12 -rw-r-----.  1 root root  12288 May 13 17:08 access.db
> 131736   4 -rw-r--r--.  1 root root    603 Apr 20 11:43 access.orig
> 131767   0 -rw-r--r--.  1 root root      0 May 13 16:16 aliasesdb-stamp
> 131732   4 -rw-r--r--.  1 root root    233 Jan 27  2014 domaintable
> 131765   8 -rw-r-----.  1 root root  12288 Apr 14 16:06 domaintable.db
> 131734   8 -rw-r--r--.  1 root root   5584 Jun  9  2014 helpfile
> 131781   4 drwxr-xr-x.  2 root root   4096 Apr 20 11:50 listelocali
> 132773   4 -rw-r--r--   1 root root    162 May 13 17:05 local-host-names
> 131737   4 -rw-r--r--.  1 root root    997 Jan 27  2014 mailertable
> 131766   8 -rw-r-----.  1 root root  12288 Apr 14 16:06 mailertable.db
> 131738   4 -rwxr-xr-x.  1 root root   2700 Jan 27  2014 make
> 131711   4 -rw-r--r--.  1 root root     92 Jan 27  2014 Makefile
> 132772   4 -rw-r--r--   1 root root   3408 May  7 11:45 postino.mc
> 131573  64 -rw-r--r--   1 root root  61475 May  8 08:39 sendmail.cf
> 132763  60 -rw-r--r--   1 root root  61432 May  6 09:45 sendmail.cf.AMDB
> 131308  60 -rw-r--r--   1 root root  61398 May  7 15:59 sendmail.cf.bak
> 132761   4 -rw-r--r--   1 root root   3888 May  8 08:39 sendmail.mc
> 131601   4 -rw-r--r--   1 root root   3753 May  6 09:43 sendmail.mc.AMDB
> 131735   8 -rw-r--r--.  1 root root   7306 Jan 27  2014 sendmail.mc.orig
> 131606   4 drwxr-xr-x.  4 root root   4096 Apr 21 15:10 spamassassin
> 131741  40 -rw-r--r--   1 root root  40724 May  6 14:15 submit.cf
> 132770  44 -rw-r--r--   1 root root  41680 May  6 14:08 submit.cf.AMDB
> 131740  40 -rw-r--r--   1 root root  40737 May  6 14:14 submit.cf.bak
> 132774   4 -rw-r--r--   1 root root   1041 May  6 14:14 submit.mc
> 132738   4 -rw-r--r--   1 root root   1041 May  6 14:08 submit.mc.AMDB
> 132778   4 -rw-r--r--   1 root root    134 May  8 08:38 trusted-users
> 131730   4 -rw-r--r--   1 root root    127 May  8 08:37 trusted-users.orig
> 131731  60 -rw-r--r--.  1 root root  61024 May 12 11:56 userdb
> 131768 116 -rw-r-----.  1 root root 118784 May 12 11:56 userdb.db
> 131743   4 -rw-r--r--.  1 root root   1847 Jan 27  2014 virtusertable
> 131762   8 -rw-r-----.  1 root root  12288 Apr 14 16:06 virtusertable.db
> [root at postman ~]#
> 
> ----------------------------------------------------------------------
> 
> [root at postman ~]# sendmail -v -d44.4 -bv
> safefile(/etc/mail/sendmail.cf, uid=0, gid=0, flags=6000, mode=400):
> safedirpath(/etc/mail, uid=0, gid=0, flags=6000, level=0, offset=0):
>     [dir /etc/mail] OK
>     [uid 0, nlink 1, stat 100644, mode 400]     OK
> safefile(/etc/mail/local-host-names, uid=0, gid=0, flags=6580, mode=400):
> safedirpath(/etc/mail, uid=0, gid=0, flags=6580, level=0, offset=0):
>     [dir /etc/mail] OK
>     [uid 0, nlink 1, stat 100644, mode 400]     OK
> safefile(/etc/mail/relay-domains, uid=0, gid=0, flags=6580, mode=400):
> safedirpath(/etc/mail, uid=0, gid=0, flags=6580, level=0, offset=0):
>     [dir /etc/mail] OK
>     No such file or directory
> safefile(/etc/mail/trusted-users, uid=0, gid=0, flags=6580, mode=400):
> safedirpath(/etc/mail, uid=0, gid=0, flags=6580, level=0, offset=0):
>     [dir /etc/mail] OK
>     [uid 0, nlink 1, stat 100644, mode 400]     OK
> safefile(/var/run/spamass-milter/spamass-milter.sock, uid=0, gid=0,
> flags=42302, mode=600):
> safedirpath(/var/run/spamass-milter, uid=0, gid=0, flags=42302, level=0,
> offset=0):
> safedirpath(/var/../run, uid=0, gid=0, flags=42302, level=1, offset=5):
>     [dir /var/../run] OK
>     [dir /var/run/spamass-milter] OK
>     [uid 994, nlink 1, stat 140755, mode 600]     OK
> safefile(/var/run/amavisd/amavisd-milter.sock, uid=0, gid=0,
> flags=42302, mode=600):
> safedirpath(/var/run/amavisd, uid=0, gid=0, flags=42302, level=0,
> offset=0):
> safedirpath(/var/../run, uid=0, gid=0, flags=42302, level=1, offset=5):
>     [dir /var/../run] OK
>     [dir /var/run/amavisd] OK
>     [uid 996, nlink 1, stat 140755, mode 600]     OK
> safefile(/etc/mail/service.switch, uid=0, gid=0, flags=6480, mode=400):
> safedirpath(/etc/mail, uid=0, gid=0, flags=6580, level=0, offset=0):
>     [dir /etc/mail] OK
>     No such file or directory
> safefile(/etc/mail/service.switch, uid=0, gid=0, flags=6480, mode=400):
> safedirpath(/etc/mail, uid=0, gid=0, flags=6580, level=0, offset=0):
>     [dir /etc/mail] OK
>     No such file or directory
> safedirpath(/var/spool/mqueue/, uid=0, gid=0, flags=4, level=0, offset=0):
>     [dir /var/spool/mqueue/] OK
> safedirpath(./q00, uid=0, gid=0, flags=4, level=0, offset=0):
>     [dir ./q00] OK
> safedirpath(./q02, uid=0, gid=0, flags=4, level=0, offset=0):
>     [dir ./q02] OK
> safedirpath(./q01, uid=0, gid=0, flags=4, level=0, offset=0):
>     [dir ./q01] OK
> safefile(/etc/mail/userdb.db, uid=0, gid=0, flags=584, mode=400):
> safedirpath(/etc/mail, uid=0, gid=0, flags=584, level=0, offset=0):
>     [dir /etc/mail] OK
>     [uid 0, nlink 1, stat 100640, mode 400]     OK
> Recipient names must be specified
> 
> --------------------------------------------------------------------
> Amavis account login is :
> amavis:x:996:995:User for amavisd-new:/var/spool/amavisd:/sbin/nologin
> 
> Best regards
> Daniela Bortolotti
> 
> 
> 
> On 05/13/2015 07:56 PM, Matthias Weigel wrote:
>> Hi Daniela,
>>
>> for the sendmail commandline test, please try it as the amavis user, not
>> as root.
>>
>> Also please check the permissions of the sendmail program: it has to be
>> setgid:
>> ls -lisa /usr/sbin/sendmail*
>> ls -lisa /etc/alternatives/mta
>>
>> and
>> ls -lisa /etc/mail
>>
>> To check dir permissions by sendmail itself use
>> sendmail -v -d44.4 -bv
>>
>>
>>
>> Best Regards
>>
>> Matthias
>>
>>
>> Am 13.05.2015 um 17:47 schrieb bortolotti:
>>> Hi Matthias,
>>> here it is our output:
>>>
>>> ------------------------------------------------------------------------------------------------
>>>
>>>
>>> sendmail -v bortolotti at bo.infn.it < /tmp/ciao
>>> bortolotti at bo.infn.it... Connecting to [127.0.0.1] via relay...
>>> 220 bo.infn.it ESMTP server; Wed, 13 May 2015 17:19:49 +0200
>>>>>> EHLO postman.bo.infn.it
>>> 250-postman.bo.infn.it Hello localhost [127.0.0.1], pleased to meet you
>>> 250-ENHANCEDSTATUSCODES
>>> 250-PIPELINING
>>> 250-8BITMIME
>>> 250-SIZE 100000000
>>> 250-DSN
>>> 250-ETRN
>>> 250-AUTH GSSAPI
>>> 250-STARTTLS
>>> 250-DELIVERBY
>>> 250 HELP
>>>>>> STARTTLS
>>> 220 2.0.0 Ready to start TLS
>>>>>> EHLO postman.bo.infn.it
>>> 250-postman.bo.infn.it Hello localhost [127.0.0.1], pleased to meet you
>>> 250-ENHANCEDSTATUSCODES
>>> 250-PIPELINING
>>> 250-8BITMIME
>>> 250-SIZE 100000000
>>> 250-DSN
>>> 250-ETRN
>>> 250-AUTH GSSAPI PLAIN LOGIN
>>> 250-DELIVERBY
>>> 250 HELP
>>>>>> MAIL From:<root at postman.bo.infn.it> SIZE=5
>>>>>> AUTH=root at postman.bo.infn.it
>>> 250 2.1.0 <root at postman.bo.infn.it>... Sender ok
>>>>>> RCPT To:<bortolotti at bo.infn.it>
>>>>>> DATA
>>> 250 2.1.5 <bortolotti at bo.infn.it>... Recipient ok
>>> 354 Enter mail, end with "." on a line by itself
>>>>>> .
>>> 250 2.0.0 t4DFJnkZ006299 Message accepted for delivery
>>> bortolotti at bo.infn.it... Sent (t4DFJnkZ006299 Message accepted for
>>> delivery)
>>> Closing connection to [127.0.0.1]
>>>>>> QUIT
>>> 221 2.0.0 postman.bo.infn.it closing connection
>>> ----------------------------------------------------------------------------
>>>
>>>
>>>
>>> When a I use amavisd-release command the output is:
>>>
>>> amavisd-release virus-m0fUPazhnpfA
>>> 451 4.5.0 Failed to submit a message: exit 78, id=rel-k47A8FCsKcSV
>>>
>>> And maillog file:
>>> May 13 17:21:58 postman amavis[6279]: (rel-0frn5zAtV38Y) Quarantined
>>> message release (miscategorized): m0fUPazhnpfA
>>> <Antonella.Monducci at bo.infn.it> -> <monducci at bo.infn.it>
>>> May 13 17:21:59 postman sendmail[6309]: NOQUEUE: SYSERR(amavis): can not
>>> chdir(/var/spool/clientmqueue/): Permission denied
>>>
>>>
>>> -----------------------------------------------------------------------------
>>>
>>>
>>>
>>> Our submit.mc is standard, we modified only sendmail.mc
>>>
>>>   dnl # amavis milter definitions 9-3-2015
>>> INPUT_MAIL_FILTER(`amavis-milter',
>>> `S=local:/var/run/amavisd/amavisd-milter.sock, F=T,
>>> T=S:10m;R:10m;E:10m')
>>>
>>> -----------------------------------------------------------------------------
>>>
>>>
>>>
>>> In our amavisd.conf setup we define these rules:
>>> $unix_socketname = "$MYHOME/amavisd.sock";
>>> $notify_method = 'pipe:flags=q argv=/usr/sbin/sendmail -Ac -i -odd -f
>>> ${sender} -- ${recipient}';
>>>
>>> but don't receive notifications.
>>>
>>> ------------------------------------------------------------------------------
>>>
>>>
>>>
>>> Where is the mistake?
>>>
>>> Thank a lot.
>>>
>>> Best Regards
>>> Daniela
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> On 05/12/2015 10:31 AM, Matthias Weigel wrote:
>>>> Hi Daniela,
>>>>
>>>> does using sendmail on command line work?
>>>> e.g.
>>>> sendmail -v somebody at example.com < /tmp/sometext
>>>>
>>>> What does your /etc/mail/submit.mc and your /etc/mail/sendmail.mc look
>>>> like?
>>>>
>>>> Best Regards
>>>>
>>>> Matthias
>>>>
>>>> Am 12.05.2015 um 10:18 schrieb bortolotti:
>>>>> Hi Fabian,
>>>>> our permission of  "/var/spool/clientmqueue"
>>>>> is good and SELINUX is already DISABLE.
>>>>> What else can I investigate?
>>>>>
>>>>> Thanks a lot.
>>>>> Daniela Bortolotti
>>>>>
>>>>>
>>>
> 
> 


More information about the amavis-users mailing list