Problem using amavisd 2.9.and sendmail on Centos 7

Matthias Weigel matthias.weigel at maweos.de
Wed May 20 18:25:54 CEST 2015 

Hi Juan,

the problem is systemd.

The default systemd config for amavis seems to not allow sendmail to use
setgid, but sendmail needs that. So may other programs called by amavis.

systemd once again thinks it is the "Master Control Program".


Best Regards

Matthias

Am 20.05.2015 um 17:13 schrieb Juan Orti Alcaine:
> But my question is if it was because amavisd was trying to execute a
> suid binary to do that or, for example, it was a member of a secondary
> group and those permissions were not in effect.
> 
> 2015-05-20 17:06 GMT+02:00 bortolotti <daniela.bortolotti at bo.infn.it
> <mailto:daniela.bortolotti at bo.infn.it>>:
> 
>     Hi,
>     amavisd was not enable to push its mail into a sendmail dir
>     /var/spool/clientmqueue
>     of a S.O. Centos 7.
> 
>     Best regards
>     Daniela Bortolotti
> 
> 
> 
> 
>     On 05/20/2015 04:40 PM, Juan Orti Alcaine wrote:
>>     I'd like to know what was NoNewPrivileges forbidding. Was it
>>     amavisd changing uid when running a suid binary?
>>
>>
>>
>>     2015-05-20 16:00 GMT+02:00 bortolotti
>>     <daniela.bortolotti at bo.infn.it
>>     <mailto:daniela.bortolotti at bo.infn.it>>:
>>
>>         Hi Matthias,
>>         we changed the parameter NoNewPrivileges in
>>         amavisd boot script of Centos 7 and any problem disappeared.
>>
>>         Thank a lot for your help
>>
>>         Best regards
>>         Daniela Bortolotti
>>
>>
>>         On 05/15/2015 10:11 AM, Matthias Weigel wrote:
>>
>>             Hi Daniela,
>>
>>             NoNewPrivileges=false
>>
>>             seems to be needed.
>>             There are many other similar systemd settings that can
>>             cause your
>>             problem, e.g. SecureBits, Capabilities, and others.
>>
>>             Can you as a test try to run amavisd without systemd,
>>             directly from a shell?
>>             systemctl stop amavisd
>>             sudo -u amavis -s /usr/sbin/amavisd -c amavisd.conf debug
>>
>>             Best Regards
>>
>>             Matthias
>>
>>
>>
>>
>>
>>
>>     -- 
>>     Juan Orti
>>     https://miceliux.com
>>
>>     GPG key: https://miceliux.com/pub/pubkey.asc
>>     GPG fingerprint: 61F0 8272 6882 BCA6 3A35  88F6 B630 4B72 DEEB D08B
> 
> 
> 
> 
> -- 
> Juan Orti
> https://miceliux.com
> 
> GPG key: https://miceliux.com/pub/pubkey.asc
> GPG fingerprint: 61F0 8272 6882 BCA6 3A35  88F6 B630 4B72 DEEB D08B

More information about the amavis-users mailing list