Problem using amavisd 2.9.and sendmail on Centos 7
bortolotti
daniela.bortolotti at bo.infn.it
Thu May 14 16:31:40 CEST 2015
Hi Matthias,
here it is our output:
----------------------------------------------
[root at postman ~]# sudo -u amavis -s /usr/sbin/sendmail -v -Ac -i
bortolotti at bo.infn.it < /tmp/ciao
bortolotti at bo.infn.it... Connecting to [127.0.0.1] via relay...
220 bo.infn.it ESMTP server; Thu, 14 May 2015 16:16:03 +0200
>>> EHLO postman.bo.infn.it
250-postman.bo.infn.it Hello localhost [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE 100000000
250-DSN
250-ETRN
250-AUTH GSSAPI
250-STARTTLS
250-DELIVERBY
250 HELP
>>> STARTTLS
220 2.0.0 Ready to start TLS
>>> EHLO postman.bo.infn.it
250-postman.bo.infn.it Hello localhost [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE 100000000
250-DSN
250-ETRN
250-AUTH GSSAPI PLAIN LOGIN
250-DELIVERBY
250 HELP
>>> MAIL From:<amavis at postman.bo.infn.it> SIZE=5
AUTH=amavis at postman.bo.infn.it
250 2.1.0 <amavis at postman.bo.infn.it>... Sender ok
>>> RCPT To:<bortolotti at bo.infn.it>
>>> DATA
250 2.1.5 <bortolotti at bo.infn.it>... Recipient ok
354 Enter mail, end with "." on a line by itself
>>> .
250 2.0.0 t4EEG3B0009078 Message accepted for delivery
bortolotti at bo.infn.it... Sent (t4EEG3B0009078 Message accepted for delivery)
Closing connection to [127.0.0.1]
>>> QUIT
221 2.0.0 postman.bo.infn.it closing connection
--------------------------------------------------------------
[root at postman ~]# mount | grep nosuid
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime)
devtmpfs on /dev type devtmpfs
(rw,nosuid,size=1449904k,nr_inodes=362476,mode=755)
securityfs on /sys/kernel/security type securityfs
(rw,nosuid,nodev,noexec,relatime)
tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev)
devpts on /dev/pts type devpts
(rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000)
tmpfs on /run type tmpfs (rw,nosuid,nodev,mode=755)
tmpfs on /sys/fs/cgroup type tmpfs (rw,nosuid,nodev,noexec,mode=755)
cgroup on /sys/fs/cgroup/systemd type cgroup
(rw,nosuid,nodev,noexec,relatime,xattr,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd)
pstore on /sys/fs/pstore type pstore (rw,nosuid,nodev,noexec,relatime)
cgroup on /sys/fs/cgroup/cpuset type cgroup
(rw,nosuid,nodev,noexec,relatime,cpuset)
cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup
(rw,nosuid,nodev,noexec,relatime,cpuacct,cpu)
cgroup on /sys/fs/cgroup/memory type cgroup
(rw,nosuid,nodev,noexec,relatime,memory)
cgroup on /sys/fs/cgroup/devices type cgroup
(rw,nosuid,nodev,noexec,relatime,devices)
cgroup on /sys/fs/cgroup/freezer type cgroup
(rw,nosuid,nodev,noexec,relatime,freezer)
cgroup on /sys/fs/cgroup/net_cls type cgroup
(rw,nosuid,nodev,noexec,relatime,net_cls)
cgroup on /sys/fs/cgroup/blkio type cgroup
(rw,nosuid,nodev,noexec,relatime,blkio)
cgroup on /sys/fs/cgroup/perf_event type cgroup
(rw,nosuid,nodev,noexec,relatime,perf_event)
cgroup on /sys/fs/cgroup/hugetlb type cgroup
(rw,nosuid,nodev,noexec,relatime,hugetlb)
----------------------------------------------------------------
cat /proc/sys/fs/protected_symlinks
1
We changed the option on protected_symbolinks but unsuccessfully.
After reboot the value returned to 1.
What can we do ?
Best regards
Daniela Bortolotti
On 05/14/2015 03:19 PM, Matthias Weigel wrote:
> Hi Daniela,
>
> this looks all o.k.
>
> Can you send me the output of this command:
> sudo -u amavis -s /usr/sbin/sendmail -v -Ac -i bortolotti at bo.infn.it <
> /tmp/ciao
>
> Do you by any chance use chroot in amavis?
>
> Did you mount any filesystem sendmail uses, with "nosuid" option?
> mount | grep nosuid
>
>
> Does your problem change, if you disable "protected_symlinks"?
> cat /proc/sys/fs/protected_symlinks
> echo 0 > /proc/sys/fs/protected_symlinks
>
>
>
>
>
> Best Regards
>
> Matthias
>
> Am 14.05.2015 um 14:30 schrieb Daniela Bortolotti:
>> Hi Matthias,
>> I check out permission on files and dir, these are the output:
>>
>> ----------------------------------------------------------------------
>>
>> [root at postman ~]# ls -lisa /usr/sbin/sendmail*
>> 1057121 0 lrwxrwxrwx 1 root root 21 May 11 15:16
>> /usr/sbin/sendmail -> /etc/alternatives/mta
>> 1058798 244 -rwxr-xr-x 1 root root 247848 Jun 10 2014
>> /usr/sbin/sendmail.postfix
>> 1057108 820 -rwxr-sr-x. 1 root smmsp 836840 Jun 9 2014
>> /usr/sbin/sendmail.sendmail
>> [root at postman ~]# ls -lisa /etc/alternatives/mta
>> 131748 0 lrwxrwxrwx 1 root root 27 May 11 15:16 /etc/alternatives/mta ->
>> /usr/sbin/sendmail.sendmail
>>
>> -----------------------------------------------------------------------
>>
>> ls -lisa /etc/mail
>> total 620
>> 131604 4 drwxr-xr-x. 4 root root 4096 May 13 17:07 .
>> 131073 12 drwxr-xr-x. 82 root root 12288 May 13 16:44 ..
>> 131782 4 -rw-r--r-- 1 root root 1011 May 13 17:07 access
>> 131763 12 -rw-r-----. 1 root root 12288 May 13 17:08 access.db
>> 131736 4 -rw-r--r--. 1 root root 603 Apr 20 11:43 access.orig
>> 131767 0 -rw-r--r--. 1 root root 0 May 13 16:16 aliasesdb-stamp
>> 131732 4 -rw-r--r--. 1 root root 233 Jan 27 2014 domaintable
>> 131765 8 -rw-r-----. 1 root root 12288 Apr 14 16:06 domaintable.db
>> 131734 8 -rw-r--r--. 1 root root 5584 Jun 9 2014 helpfile
>> 131781 4 drwxr-xr-x. 2 root root 4096 Apr 20 11:50 listelocali
>> 132773 4 -rw-r--r-- 1 root root 162 May 13 17:05 local-host-names
>> 131737 4 -rw-r--r--. 1 root root 997 Jan 27 2014 mailertable
>> 131766 8 -rw-r-----. 1 root root 12288 Apr 14 16:06 mailertable.db
>> 131738 4 -rwxr-xr-x. 1 root root 2700 Jan 27 2014 make
>> 131711 4 -rw-r--r--. 1 root root 92 Jan 27 2014 Makefile
>> 132772 4 -rw-r--r-- 1 root root 3408 May 7 11:45 postino.mc
>> 131573 64 -rw-r--r-- 1 root root 61475 May 8 08:39 sendmail.cf
>> 132763 60 -rw-r--r-- 1 root root 61432 May 6 09:45 sendmail.cf.AMDB
>> 131308 60 -rw-r--r-- 1 root root 61398 May 7 15:59 sendmail.cf.bak
>> 132761 4 -rw-r--r-- 1 root root 3888 May 8 08:39 sendmail.mc
>> 131601 4 -rw-r--r-- 1 root root 3753 May 6 09:43 sendmail.mc.AMDB
>> 131735 8 -rw-r--r--. 1 root root 7306 Jan 27 2014 sendmail.mc.orig
>> 131606 4 drwxr-xr-x. 4 root root 4096 Apr 21 15:10 spamassassin
>> 131741 40 -rw-r--r-- 1 root root 40724 May 6 14:15 submit.cf
>> 132770 44 -rw-r--r-- 1 root root 41680 May 6 14:08 submit.cf.AMDB
>> 131740 40 -rw-r--r-- 1 root root 40737 May 6 14:14 submit.cf.bak
>> 132774 4 -rw-r--r-- 1 root root 1041 May 6 14:14 submit.mc
>> 132738 4 -rw-r--r-- 1 root root 1041 May 6 14:08 submit.mc.AMDB
>> 132778 4 -rw-r--r-- 1 root root 134 May 8 08:38 trusted-users
>> 131730 4 -rw-r--r-- 1 root root 127 May 8 08:37 trusted-users.orig
>> 131731 60 -rw-r--r--. 1 root root 61024 May 12 11:56 userdb
>> 131768 116 -rw-r-----. 1 root root 118784 May 12 11:56 userdb.db
>> 131743 4 -rw-r--r--. 1 root root 1847 Jan 27 2014 virtusertable
>> 131762 8 -rw-r-----. 1 root root 12288 Apr 14 16:06 virtusertable.db
>> [root at postman ~]#
>>
>> ----------------------------------------------------------------------
>>
>> [root at postman ~]# sendmail -v -d44.4 -bv
>> safefile(/etc/mail/sendmail.cf, uid=0, gid=0, flags=6000, mode=400):
>> safedirpath(/etc/mail, uid=0, gid=0, flags=6000, level=0, offset=0):
>> [dir /etc/mail] OK
>> [uid 0, nlink 1, stat 100644, mode 400] OK
>> safefile(/etc/mail/local-host-names, uid=0, gid=0, flags=6580, mode=400):
>> safedirpath(/etc/mail, uid=0, gid=0, flags=6580, level=0, offset=0):
>> [dir /etc/mail] OK
>> [uid 0, nlink 1, stat 100644, mode 400] OK
>> safefile(/etc/mail/relay-domains, uid=0, gid=0, flags=6580, mode=400):
>> safedirpath(/etc/mail, uid=0, gid=0, flags=6580, level=0, offset=0):
>> [dir /etc/mail] OK
>> No such file or directory
>> safefile(/etc/mail/trusted-users, uid=0, gid=0, flags=6580, mode=400):
>> safedirpath(/etc/mail, uid=0, gid=0, flags=6580, level=0, offset=0):
>> [dir /etc/mail] OK
>> [uid 0, nlink 1, stat 100644, mode 400] OK
>> safefile(/var/run/spamass-milter/spamass-milter.sock, uid=0, gid=0,
>> flags=42302, mode=600):
>> safedirpath(/var/run/spamass-milter, uid=0, gid=0, flags=42302, level=0,
>> offset=0):
>> safedirpath(/var/../run, uid=0, gid=0, flags=42302, level=1, offset=5):
>> [dir /var/../run] OK
>> [dir /var/run/spamass-milter] OK
>> [uid 994, nlink 1, stat 140755, mode 600] OK
>> safefile(/var/run/amavisd/amavisd-milter.sock, uid=0, gid=0,
>> flags=42302, mode=600):
>> safedirpath(/var/run/amavisd, uid=0, gid=0, flags=42302, level=0,
>> offset=0):
>> safedirpath(/var/../run, uid=0, gid=0, flags=42302, level=1, offset=5):
>> [dir /var/../run] OK
>> [dir /var/run/amavisd] OK
>> [uid 996, nlink 1, stat 140755, mode 600] OK
>> safefile(/etc/mail/service.switch, uid=0, gid=0, flags=6480, mode=400):
>> safedirpath(/etc/mail, uid=0, gid=0, flags=6580, level=0, offset=0):
>> [dir /etc/mail] OK
>> No such file or directory
>> safefile(/etc/mail/service.switch, uid=0, gid=0, flags=6480, mode=400):
>> safedirpath(/etc/mail, uid=0, gid=0, flags=6580, level=0, offset=0):
>> [dir /etc/mail] OK
>> No such file or directory
>> safedirpath(/var/spool/mqueue/, uid=0, gid=0, flags=4, level=0, offset=0):
>> [dir /var/spool/mqueue/] OK
>> safedirpath(./q00, uid=0, gid=0, flags=4, level=0, offset=0):
>> [dir ./q00] OK
>> safedirpath(./q02, uid=0, gid=0, flags=4, level=0, offset=0):
>> [dir ./q02] OK
>> safedirpath(./q01, uid=0, gid=0, flags=4, level=0, offset=0):
>> [dir ./q01] OK
>> safefile(/etc/mail/userdb.db, uid=0, gid=0, flags=584, mode=400):
>> safedirpath(/etc/mail, uid=0, gid=0, flags=584, level=0, offset=0):
>> [dir /etc/mail] OK
>> [uid 0, nlink 1, stat 100640, mode 400] OK
>> Recipient names must be specified
>>
>> --------------------------------------------------------------------
>> Amavis account login is :
>> amavis:x:996:995:User for amavisd-new:/var/spool/amavisd:/sbin/nologin
>>
>> Best regards
>> Daniela Bortolotti
>>
>>
>>
>> On 05/13/2015 07:56 PM, Matthias Weigel wrote:
>>> Hi Daniela,
>>>
>>> for the sendmail commandline test, please try it as the amavis user, not
>>> as root.
>>>
>>> Also please check the permissions of the sendmail program: it has to be
>>> setgid:
>>> ls -lisa /usr/sbin/sendmail*
>>> ls -lisa /etc/alternatives/mta
>>>
>>> and
>>> ls -lisa /etc/mail
>>>
>>> To check dir permissions by sendmail itself use
>>> sendmail -v -d44.4 -bv
>>>
>>>
>>>
>>> Best Regards
>>>
>>> Matthias
>>>
>>>
>>> Am 13.05.2015 um 17:47 schrieb bortolotti:
>>>> Hi Matthias,
>>>> here it is our output:
>>>>
>>>> ------------------------------------------------------------------------------------------------
>>>>
>>>>
>>>> sendmail -v bortolotti at bo.infn.it < /tmp/ciao
>>>> bortolotti at bo.infn.it... Connecting to [127.0.0.1] via relay...
>>>> 220 bo.infn.it ESMTP server; Wed, 13 May 2015 17:19:49 +0200
>>>>>>> EHLO postman.bo.infn.it
>>>> 250-postman.bo.infn.it Hello localhost [127.0.0.1], pleased to meet you
>>>> 250-ENHANCEDSTATUSCODES
>>>> 250-PIPELINING
>>>> 250-8BITMIME
>>>> 250-SIZE 100000000
>>>> 250-DSN
>>>> 250-ETRN
>>>> 250-AUTH GSSAPI
>>>> 250-STARTTLS
>>>> 250-DELIVERBY
>>>> 250 HELP
>>>>>>> STARTTLS
>>>> 220 2.0.0 Ready to start TLS
>>>>>>> EHLO postman.bo.infn.it
>>>> 250-postman.bo.infn.it Hello localhost [127.0.0.1], pleased to meet you
>>>> 250-ENHANCEDSTATUSCODES
>>>> 250-PIPELINING
>>>> 250-8BITMIME
>>>> 250-SIZE 100000000
>>>> 250-DSN
>>>> 250-ETRN
>>>> 250-AUTH GSSAPI PLAIN LOGIN
>>>> 250-DELIVERBY
>>>> 250 HELP
>>>>>>> MAIL From:<root at postman.bo.infn.it> SIZE=5
>>>>>>> AUTH=root at postman.bo.infn.it
>>>> 250 2.1.0 <root at postman.bo.infn.it>... Sender ok
>>>>>>> RCPT To:<bortolotti at bo.infn.it>
>>>>>>> DATA
>>>> 250 2.1.5 <bortolotti at bo.infn.it>... Recipient ok
>>>> 354 Enter mail, end with "." on a line by itself
>>>>>>> .
>>>> 250 2.0.0 t4DFJnkZ006299 Message accepted for delivery
>>>> bortolotti at bo.infn.it... Sent (t4DFJnkZ006299 Message accepted for
>>>> delivery)
>>>> Closing connection to [127.0.0.1]
>>>>>>> QUIT
>>>> 221 2.0.0 postman.bo.infn.it closing connection
>>>> ----------------------------------------------------------------------------
>>>>
>>>>
>>>>
>>>> When a I use amavisd-release command the output is:
>>>>
>>>> amavisd-release virus-m0fUPazhnpfA
>>>> 451 4.5.0 Failed to submit a message: exit 78, id=rel-k47A8FCsKcSV
>>>>
>>>> And maillog file:
>>>> May 13 17:21:58 postman amavis[6279]: (rel-0frn5zAtV38Y) Quarantined
>>>> message release (miscategorized): m0fUPazhnpfA
>>>> <Antonella.Monducci at bo.infn.it> -> <monducci at bo.infn.it>
>>>> May 13 17:21:59 postman sendmail[6309]: NOQUEUE: SYSERR(amavis): can not
>>>> chdir(/var/spool/clientmqueue/): Permission denied
>>>>
>>>>
>>>> -----------------------------------------------------------------------------
>>>>
>>>>
>>>>
>>>> Our submit.mc is standard, we modified only sendmail.mc
>>>>
>>>> dnl # amavis milter definitions 9-3-2015
>>>> INPUT_MAIL_FILTER(`amavis-milter',
>>>> `S=local:/var/run/amavisd/amavisd-milter.sock, F=T,
>>>> T=S:10m;R:10m;E:10m')
>>>>
>>>> -----------------------------------------------------------------------------
>>>>
>>>>
>>>>
>>>> In our amavisd.conf setup we define these rules:
>>>> $unix_socketname = "$MYHOME/amavisd.sock";
>>>> $notify_method = 'pipe:flags=q argv=/usr/sbin/sendmail -Ac -i -odd -f
>>>> ${sender} -- ${recipient}';
>>>>
>>>> but don't receive notifications.
>>>>
>>>> ------------------------------------------------------------------------------
>>>>
>>>>
>>>>
>>>> Where is the mistake?
>>>>
>>>> Thank a lot.
>>>>
>>>> Best Regards
>>>> Daniela
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On 05/12/2015 10:31 AM, Matthias Weigel wrote:
>>>>> Hi Daniela,
>>>>>
>>>>> does using sendmail on command line work?
>>>>> e.g.
>>>>> sendmail -v somebody at example.com < /tmp/sometext
>>>>>
>>>>> What does your /etc/mail/submit.mc and your /etc/mail/sendmail.mc look
>>>>> like?
>>>>>
>>>>> Best Regards
>>>>>
>>>>> Matthias
>>>>>
>>>>> Am 12.05.2015 um 10:18 schrieb bortolotti:
>>>>>> Hi Fabian,
>>>>>> our permission of "/var/spool/clientmqueue"
>>>>>> is good and SELINUX is already DISABLE.
>>>>>> What else can I investigate?
>>>>>>
>>>>>> Thanks a lot.
>>>>>> Daniela Bortolotti
>>>>>>
>>>>>>
>>
More information about the amavis-users
mailing list