Problem using amavisd 2.9.and sendmail on Centos 7
Matthias Weigel
matthias.weigel at maweos.de
Thu May 14 15:19:21 CEST 2015
Hi Daniela,
this looks all o.k.
Can you send me the output of this command:
sudo -u amavis -s /usr/sbin/sendmail -v -Ac -i bortolotti at bo.infn.it <
/tmp/ciao
Do you by any chance use chroot in amavis?
Did you mount any filesystem sendmail uses, with "nosuid" option?
mount | grep nosuid
Does your problem change, if you disable "protected_symlinks"?
cat /proc/sys/fs/protected_symlinks
echo 0 > /proc/sys/fs/protected_symlinks
Best Regards
Matthias
Am 14.05.2015 um 14:30 schrieb Daniela Bortolotti:
> Hi Matthias,
> I check out permission on files and dir, these are the output:
>
> ----------------------------------------------------------------------
>
> [root at postman ~]# ls -lisa /usr/sbin/sendmail*
> 1057121 0 lrwxrwxrwx 1 root root 21 May 11 15:16
> /usr/sbin/sendmail -> /etc/alternatives/mta
> 1058798 244 -rwxr-xr-x 1 root root 247848 Jun 10 2014
> /usr/sbin/sendmail.postfix
> 1057108 820 -rwxr-sr-x. 1 root smmsp 836840 Jun 9 2014
> /usr/sbin/sendmail.sendmail
> [root at postman ~]# ls -lisa /etc/alternatives/mta
> 131748 0 lrwxrwxrwx 1 root root 27 May 11 15:16 /etc/alternatives/mta ->
> /usr/sbin/sendmail.sendmail
>
> -----------------------------------------------------------------------
>
> ls -lisa /etc/mail
> total 620
> 131604 4 drwxr-xr-x. 4 root root 4096 May 13 17:07 .
> 131073 12 drwxr-xr-x. 82 root root 12288 May 13 16:44 ..
> 131782 4 -rw-r--r-- 1 root root 1011 May 13 17:07 access
> 131763 12 -rw-r-----. 1 root root 12288 May 13 17:08 access.db
> 131736 4 -rw-r--r--. 1 root root 603 Apr 20 11:43 access.orig
> 131767 0 -rw-r--r--. 1 root root 0 May 13 16:16 aliasesdb-stamp
> 131732 4 -rw-r--r--. 1 root root 233 Jan 27 2014 domaintable
> 131765 8 -rw-r-----. 1 root root 12288 Apr 14 16:06 domaintable.db
> 131734 8 -rw-r--r--. 1 root root 5584 Jun 9 2014 helpfile
> 131781 4 drwxr-xr-x. 2 root root 4096 Apr 20 11:50 listelocali
> 132773 4 -rw-r--r-- 1 root root 162 May 13 17:05 local-host-names
> 131737 4 -rw-r--r--. 1 root root 997 Jan 27 2014 mailertable
> 131766 8 -rw-r-----. 1 root root 12288 Apr 14 16:06 mailertable.db
> 131738 4 -rwxr-xr-x. 1 root root 2700 Jan 27 2014 make
> 131711 4 -rw-r--r--. 1 root root 92 Jan 27 2014 Makefile
> 132772 4 -rw-r--r-- 1 root root 3408 May 7 11:45 postino.mc
> 131573 64 -rw-r--r-- 1 root root 61475 May 8 08:39 sendmail.cf
> 132763 60 -rw-r--r-- 1 root root 61432 May 6 09:45 sendmail.cf.AMDB
> 131308 60 -rw-r--r-- 1 root root 61398 May 7 15:59 sendmail.cf.bak
> 132761 4 -rw-r--r-- 1 root root 3888 May 8 08:39 sendmail.mc
> 131601 4 -rw-r--r-- 1 root root 3753 May 6 09:43 sendmail.mc.AMDB
> 131735 8 -rw-r--r--. 1 root root 7306 Jan 27 2014 sendmail.mc.orig
> 131606 4 drwxr-xr-x. 4 root root 4096 Apr 21 15:10 spamassassin
> 131741 40 -rw-r--r-- 1 root root 40724 May 6 14:15 submit.cf
> 132770 44 -rw-r--r-- 1 root root 41680 May 6 14:08 submit.cf.AMDB
> 131740 40 -rw-r--r-- 1 root root 40737 May 6 14:14 submit.cf.bak
> 132774 4 -rw-r--r-- 1 root root 1041 May 6 14:14 submit.mc
> 132738 4 -rw-r--r-- 1 root root 1041 May 6 14:08 submit.mc.AMDB
> 132778 4 -rw-r--r-- 1 root root 134 May 8 08:38 trusted-users
> 131730 4 -rw-r--r-- 1 root root 127 May 8 08:37 trusted-users.orig
> 131731 60 -rw-r--r--. 1 root root 61024 May 12 11:56 userdb
> 131768 116 -rw-r-----. 1 root root 118784 May 12 11:56 userdb.db
> 131743 4 -rw-r--r--. 1 root root 1847 Jan 27 2014 virtusertable
> 131762 8 -rw-r-----. 1 root root 12288 Apr 14 16:06 virtusertable.db
> [root at postman ~]#
>
> ----------------------------------------------------------------------
>
> [root at postman ~]# sendmail -v -d44.4 -bv
> safefile(/etc/mail/sendmail.cf, uid=0, gid=0, flags=6000, mode=400):
> safedirpath(/etc/mail, uid=0, gid=0, flags=6000, level=0, offset=0):
> [dir /etc/mail] OK
> [uid 0, nlink 1, stat 100644, mode 400] OK
> safefile(/etc/mail/local-host-names, uid=0, gid=0, flags=6580, mode=400):
> safedirpath(/etc/mail, uid=0, gid=0, flags=6580, level=0, offset=0):
> [dir /etc/mail] OK
> [uid 0, nlink 1, stat 100644, mode 400] OK
> safefile(/etc/mail/relay-domains, uid=0, gid=0, flags=6580, mode=400):
> safedirpath(/etc/mail, uid=0, gid=0, flags=6580, level=0, offset=0):
> [dir /etc/mail] OK
> No such file or directory
> safefile(/etc/mail/trusted-users, uid=0, gid=0, flags=6580, mode=400):
> safedirpath(/etc/mail, uid=0, gid=0, flags=6580, level=0, offset=0):
> [dir /etc/mail] OK
> [uid 0, nlink 1, stat 100644, mode 400] OK
> safefile(/var/run/spamass-milter/spamass-milter.sock, uid=0, gid=0,
> flags=42302, mode=600):
> safedirpath(/var/run/spamass-milter, uid=0, gid=0, flags=42302, level=0,
> offset=0):
> safedirpath(/var/../run, uid=0, gid=0, flags=42302, level=1, offset=5):
> [dir /var/../run] OK
> [dir /var/run/spamass-milter] OK
> [uid 994, nlink 1, stat 140755, mode 600] OK
> safefile(/var/run/amavisd/amavisd-milter.sock, uid=0, gid=0,
> flags=42302, mode=600):
> safedirpath(/var/run/amavisd, uid=0, gid=0, flags=42302, level=0,
> offset=0):
> safedirpath(/var/../run, uid=0, gid=0, flags=42302, level=1, offset=5):
> [dir /var/../run] OK
> [dir /var/run/amavisd] OK
> [uid 996, nlink 1, stat 140755, mode 600] OK
> safefile(/etc/mail/service.switch, uid=0, gid=0, flags=6480, mode=400):
> safedirpath(/etc/mail, uid=0, gid=0, flags=6580, level=0, offset=0):
> [dir /etc/mail] OK
> No such file or directory
> safefile(/etc/mail/service.switch, uid=0, gid=0, flags=6480, mode=400):
> safedirpath(/etc/mail, uid=0, gid=0, flags=6580, level=0, offset=0):
> [dir /etc/mail] OK
> No such file or directory
> safedirpath(/var/spool/mqueue/, uid=0, gid=0, flags=4, level=0, offset=0):
> [dir /var/spool/mqueue/] OK
> safedirpath(./q00, uid=0, gid=0, flags=4, level=0, offset=0):
> [dir ./q00] OK
> safedirpath(./q02, uid=0, gid=0, flags=4, level=0, offset=0):
> [dir ./q02] OK
> safedirpath(./q01, uid=0, gid=0, flags=4, level=0, offset=0):
> [dir ./q01] OK
> safefile(/etc/mail/userdb.db, uid=0, gid=0, flags=584, mode=400):
> safedirpath(/etc/mail, uid=0, gid=0, flags=584, level=0, offset=0):
> [dir /etc/mail] OK
> [uid 0, nlink 1, stat 100640, mode 400] OK
> Recipient names must be specified
>
> --------------------------------------------------------------------
> Amavis account login is :
> amavis:x:996:995:User for amavisd-new:/var/spool/amavisd:/sbin/nologin
>
> Best regards
> Daniela Bortolotti
>
>
>
> On 05/13/2015 07:56 PM, Matthias Weigel wrote:
>> Hi Daniela,
>>
>> for the sendmail commandline test, please try it as the amavis user, not
>> as root.
>>
>> Also please check the permissions of the sendmail program: it has to be
>> setgid:
>> ls -lisa /usr/sbin/sendmail*
>> ls -lisa /etc/alternatives/mta
>>
>> and
>> ls -lisa /etc/mail
>>
>> To check dir permissions by sendmail itself use
>> sendmail -v -d44.4 -bv
>>
>>
>>
>> Best Regards
>>
>> Matthias
>>
>>
>> Am 13.05.2015 um 17:47 schrieb bortolotti:
>>> Hi Matthias,
>>> here it is our output:
>>>
>>> ------------------------------------------------------------------------------------------------
>>>
>>>
>>> sendmail -v bortolotti at bo.infn.it < /tmp/ciao
>>> bortolotti at bo.infn.it... Connecting to [127.0.0.1] via relay...
>>> 220 bo.infn.it ESMTP server; Wed, 13 May 2015 17:19:49 +0200
>>>>>> EHLO postman.bo.infn.it
>>> 250-postman.bo.infn.it Hello localhost [127.0.0.1], pleased to meet you
>>> 250-ENHANCEDSTATUSCODES
>>> 250-PIPELINING
>>> 250-8BITMIME
>>> 250-SIZE 100000000
>>> 250-DSN
>>> 250-ETRN
>>> 250-AUTH GSSAPI
>>> 250-STARTTLS
>>> 250-DELIVERBY
>>> 250 HELP
>>>>>> STARTTLS
>>> 220 2.0.0 Ready to start TLS
>>>>>> EHLO postman.bo.infn.it
>>> 250-postman.bo.infn.it Hello localhost [127.0.0.1], pleased to meet you
>>> 250-ENHANCEDSTATUSCODES
>>> 250-PIPELINING
>>> 250-8BITMIME
>>> 250-SIZE 100000000
>>> 250-DSN
>>> 250-ETRN
>>> 250-AUTH GSSAPI PLAIN LOGIN
>>> 250-DELIVERBY
>>> 250 HELP
>>>>>> MAIL From:<root at postman.bo.infn.it> SIZE=5
>>>>>> AUTH=root at postman.bo.infn.it
>>> 250 2.1.0 <root at postman.bo.infn.it>... Sender ok
>>>>>> RCPT To:<bortolotti at bo.infn.it>
>>>>>> DATA
>>> 250 2.1.5 <bortolotti at bo.infn.it>... Recipient ok
>>> 354 Enter mail, end with "." on a line by itself
>>>>>> .
>>> 250 2.0.0 t4DFJnkZ006299 Message accepted for delivery
>>> bortolotti at bo.infn.it... Sent (t4DFJnkZ006299 Message accepted for
>>> delivery)
>>> Closing connection to [127.0.0.1]
>>>>>> QUIT
>>> 221 2.0.0 postman.bo.infn.it closing connection
>>> ----------------------------------------------------------------------------
>>>
>>>
>>>
>>> When a I use amavisd-release command the output is:
>>>
>>> amavisd-release virus-m0fUPazhnpfA
>>> 451 4.5.0 Failed to submit a message: exit 78, id=rel-k47A8FCsKcSV
>>>
>>> And maillog file:
>>> May 13 17:21:58 postman amavis[6279]: (rel-0frn5zAtV38Y) Quarantined
>>> message release (miscategorized): m0fUPazhnpfA
>>> <Antonella.Monducci at bo.infn.it> -> <monducci at bo.infn.it>
>>> May 13 17:21:59 postman sendmail[6309]: NOQUEUE: SYSERR(amavis): can not
>>> chdir(/var/spool/clientmqueue/): Permission denied
>>>
>>>
>>> -----------------------------------------------------------------------------
>>>
>>>
>>>
>>> Our submit.mc is standard, we modified only sendmail.mc
>>>
>>> dnl # amavis milter definitions 9-3-2015
>>> INPUT_MAIL_FILTER(`amavis-milter',
>>> `S=local:/var/run/amavisd/amavisd-milter.sock, F=T,
>>> T=S:10m;R:10m;E:10m')
>>>
>>> -----------------------------------------------------------------------------
>>>
>>>
>>>
>>> In our amavisd.conf setup we define these rules:
>>> $unix_socketname = "$MYHOME/amavisd.sock";
>>> $notify_method = 'pipe:flags=q argv=/usr/sbin/sendmail -Ac -i -odd -f
>>> ${sender} -- ${recipient}';
>>>
>>> but don't receive notifications.
>>>
>>> ------------------------------------------------------------------------------
>>>
>>>
>>>
>>> Where is the mistake?
>>>
>>> Thank a lot.
>>>
>>> Best Regards
>>> Daniela
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> On 05/12/2015 10:31 AM, Matthias Weigel wrote:
>>>> Hi Daniela,
>>>>
>>>> does using sendmail on command line work?
>>>> e.g.
>>>> sendmail -v somebody at example.com < /tmp/sometext
>>>>
>>>> What does your /etc/mail/submit.mc and your /etc/mail/sendmail.mc look
>>>> like?
>>>>
>>>> Best Regards
>>>>
>>>> Matthias
>>>>
>>>> Am 12.05.2015 um 10:18 schrieb bortolotti:
>>>>> Hi Fabian,
>>>>> our permission of "/var/spool/clientmqueue"
>>>>> is good and SELINUX is already DISABLE.
>>>>> What else can I investigate?
>>>>>
>>>>> Thanks a lot.
>>>>> Daniela Bortolotti
>>>>>
>>>>>
>>>
>
>
More information about the amavis-users
mailing list