Re: Problem using amavisd 2.9.and sendmail on Centos 7

bortolotti Thu, 14 May 2015 07:32:43 -0700

Hi Matthias,
here it is our output:

----------------------------------------------

[root@postman ~]# sudo -u amavis -s /usr/sbin/sendmail -v -Ac -ibortolo...@bo.infn.it < /tmp/ciao

bortolo...@bo.infn.it... Connecting to [127.0.0.1] via relay...
220 bo.infn.it ESMTP server; Thu, 14 May 2015 16:16:03 +0200
>>> EHLO postman.bo.infn.it
250-postman.bo.infn.it Hello localhost [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE 100000000
250-DSN
250-ETRN
250-AUTH GSSAPI
250-STARTTLS
250-DELIVERBY
250 HELP
>>> STARTTLS
220 2.0.0 Ready to start TLS
>>> EHLO postman.bo.infn.it
250-postman.bo.infn.it Hello localhost [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE 100000000
250-DSN
250-ETRN
250-AUTH GSSAPI PLAIN LOGIN
250-DELIVERBY
250 HELP

>>> MAIL From:<ama...@postman.bo.infn.it> SIZE=5AUTH=ama...@postman.bo.infn.it

250 2.1.0 <ama...@postman.bo.infn.it>... Sender ok
>>> RCPT To:<bortolo...@bo.infn.it>
>>> DATA
250 2.1.5 <bortolo...@bo.infn.it>... Recipient ok
354 Enter mail, end with "." on a line by itself
>>> .
250 2.0.0 t4EEG3B0009078 Message accepted for delivery
bortolo...@bo.infn.it... Sent (t4EEG3B0009078 Message accepted for delivery)
Closing connection to [127.0.0.1]
>>> QUIT
221 2.0.0 postman.bo.infn.it closing connection
--------------------------------------------------------------
[root@postman ~]# mount | grep nosuid
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime)

devtmpfs on /dev type devtmpfs(rw,nosuid,size=1449904k,nr_inodes=362476,mode=755)securityfs on /sys/kernel/security type securityfs(rw,nosuid,nodev,noexec,relatime)

tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev)

devpts on /dev/pts type devpts(rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000)

tmpfs on /run type tmpfs (rw,nosuid,nodev,mode=755)
tmpfs on /sys/fs/cgroup type tmpfs (rw,nosuid,nodev,noexec,mode=755)

cgroup on /sys/fs/cgroup/systemd type cgroup(rw,nosuid,nodev,noexec,relatime,xattr,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd)

pstore on /sys/fs/pstore type pstore (rw,nosuid,nodev,noexec,relatime)

cgroup on /sys/fs/cgroup/cpuset type cgroup(rw,nosuid,nodev,noexec,relatime,cpuset)cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup(rw,nosuid,nodev,noexec,relatime,cpuacct,cpu)cgroup on /sys/fs/cgroup/memory type cgroup(rw,nosuid,nodev,noexec,relatime,memory)cgroup on /sys/fs/cgroup/devices type cgroup(rw,nosuid,nodev,noexec,relatime,devices)cgroup on /sys/fs/cgroup/freezer type cgroup(rw,nosuid,nodev,noexec,relatime,freezer)cgroup on /sys/fs/cgroup/net_cls type cgroup(rw,nosuid,nodev,noexec,relatime,net_cls)cgroup on /sys/fs/cgroup/blkio type cgroup(rw,nosuid,nodev,noexec,relatime,blkio)cgroup on /sys/fs/cgroup/perf_event type cgroup(rw,nosuid,nodev,noexec,relatime,perf_event)cgroup on /sys/fs/cgroup/hugetlb type cgroup(rw,nosuid,nodev,noexec,relatime,hugetlb)

----------------------------------------------------------------
cat /proc/sys/fs/protected_symlinks
1



We changed the option on protected_symbolinks but unsuccessfully.
After reboot the value returned to 1.

What can we do ?

Best regards
Daniela Bortolotti



On 05/14/2015 03:19 PM, Matthias Weigel wrote:

Hi Daniela,

this looks all o.k.

Can you send me the output of this command:
sudo -u amavis -s /usr/sbin/sendmail -v -Ac -i  bortolo...@bo.infn.it <
/tmp/ciao

Do you by any chance use chroot in amavis?

Did you mount any filesystem sendmail uses, with "nosuid" option?
mount | grep nosuid


Does your problem change, if you disable "protected_symlinks"?
cat /proc/sys/fs/protected_symlinks
echo 0 > /proc/sys/fs/protected_symlinks





Best Regards

Matthias

Am 14.05.2015 um 14:30 schrieb Daniela Bortolotti:

Hi Matthias,
I check out permission on files and dir, these are the output:

----------------------------------------------------------------------

[root@postman ~]# ls -lisa /usr/sbin/sendmail*
1057121   0 lrwxrwxrwx  1 root root      21 May 11 15:16
/usr/sbin/sendmail -> /etc/alternatives/mta
1058798 244 -rwxr-xr-x  1 root root  247848 Jun 10  2014
/usr/sbin/sendmail.postfix
1057108 820 -rwxr-sr-x. 1 root smmsp 836840 Jun  9  2014
/usr/sbin/sendmail.sendmail
[root@postman ~]# ls -lisa /etc/alternatives/mta
131748 0 lrwxrwxrwx 1 root root 27 May 11 15:16 /etc/alternatives/mta ->
/usr/sbin/sendmail.sendmail

-----------------------------------------------------------------------

ls -lisa /etc/mail
total 620
131604   4 drwxr-xr-x.  4 root root   4096 May 13 17:07 .
131073  12 drwxr-xr-x. 82 root root  12288 May 13 16:44 ..
131782   4 -rw-r--r--   1 root root   1011 May 13 17:07 access
131763  12 -rw-r-----.  1 root root  12288 May 13 17:08 access.db
131736   4 -rw-r--r--.  1 root root    603 Apr 20 11:43 access.orig
131767   0 -rw-r--r--.  1 root root      0 May 13 16:16 aliasesdb-stamp
131732   4 -rw-r--r--.  1 root root    233 Jan 27  2014 domaintable
131765   8 -rw-r-----.  1 root root  12288 Apr 14 16:06 domaintable.db
131734   8 -rw-r--r--.  1 root root   5584 Jun  9  2014 helpfile
131781   4 drwxr-xr-x.  2 root root   4096 Apr 20 11:50 listelocali
132773   4 -rw-r--r--   1 root root    162 May 13 17:05 local-host-names
131737   4 -rw-r--r--.  1 root root    997 Jan 27  2014 mailertable
131766   8 -rw-r-----.  1 root root  12288 Apr 14 16:06 mailertable.db
131738   4 -rwxr-xr-x.  1 root root   2700 Jan 27  2014 make
131711   4 -rw-r--r--.  1 root root     92 Jan 27  2014 Makefile
132772   4 -rw-r--r--   1 root root   3408 May  7 11:45 postino.mc
131573  64 -rw-r--r--   1 root root  61475 May  8 08:39 sendmail.cf
132763  60 -rw-r--r--   1 root root  61432 May  6 09:45 sendmail.cf.AMDB
131308  60 -rw-r--r--   1 root root  61398 May  7 15:59 sendmail.cf.bak
132761   4 -rw-r--r--   1 root root   3888 May  8 08:39 sendmail.mc
131601   4 -rw-r--r--   1 root root   3753 May  6 09:43 sendmail.mc.AMDB
131735   8 -rw-r--r--.  1 root root   7306 Jan 27  2014 sendmail.mc.orig
131606   4 drwxr-xr-x.  4 root root   4096 Apr 21 15:10 spamassassin
131741  40 -rw-r--r--   1 root root  40724 May  6 14:15 submit.cf
132770  44 -rw-r--r--   1 root root  41680 May  6 14:08 submit.cf.AMDB
131740  40 -rw-r--r--   1 root root  40737 May  6 14:14 submit.cf.bak
132774   4 -rw-r--r--   1 root root   1041 May  6 14:14 submit.mc
132738   4 -rw-r--r--   1 root root   1041 May  6 14:08 submit.mc.AMDB
132778   4 -rw-r--r--   1 root root    134 May  8 08:38 trusted-users
131730   4 -rw-r--r--   1 root root    127 May  8 08:37 trusted-users.orig
131731  60 -rw-r--r--.  1 root root  61024 May 12 11:56 userdb
131768 116 -rw-r-----.  1 root root 118784 May 12 11:56 userdb.db
131743   4 -rw-r--r--.  1 root root   1847 Jan 27  2014 virtusertable
131762   8 -rw-r-----.  1 root root  12288 Apr 14 16:06 virtusertable.db
[root@postman ~]#

----------------------------------------------------------------------

[root@postman ~]# sendmail -v -d44.4 -bv
safefile(/etc/mail/sendmail.cf, uid=0, gid=0, flags=6000, mode=400):
safedirpath(/etc/mail, uid=0, gid=0, flags=6000, level=0, offset=0):
     [dir /etc/mail] OK
     [uid 0, nlink 1, stat 100644, mode 400]     OK
safefile(/etc/mail/local-host-names, uid=0, gid=0, flags=6580, mode=400):
safedirpath(/etc/mail, uid=0, gid=0, flags=6580, level=0, offset=0):
     [dir /etc/mail] OK
     [uid 0, nlink 1, stat 100644, mode 400]     OK
safefile(/etc/mail/relay-domains, uid=0, gid=0, flags=6580, mode=400):
safedirpath(/etc/mail, uid=0, gid=0, flags=6580, level=0, offset=0):
     [dir /etc/mail] OK
     No such file or directory
safefile(/etc/mail/trusted-users, uid=0, gid=0, flags=6580, mode=400):
safedirpath(/etc/mail, uid=0, gid=0, flags=6580, level=0, offset=0):
     [dir /etc/mail] OK
     [uid 0, nlink 1, stat 100644, mode 400]     OK
safefile(/var/run/spamass-milter/spamass-milter.sock, uid=0, gid=0,
flags=42302, mode=600):
safedirpath(/var/run/spamass-milter, uid=0, gid=0, flags=42302, level=0,
offset=0):
safedirpath(/var/../run, uid=0, gid=0, flags=42302, level=1, offset=5):
     [dir /var/../run] OK
     [dir /var/run/spamass-milter] OK
     [uid 994, nlink 1, stat 140755, mode 600]     OK
safefile(/var/run/amavisd/amavisd-milter.sock, uid=0, gid=0,
flags=42302, mode=600):
safedirpath(/var/run/amavisd, uid=0, gid=0, flags=42302, level=0,
offset=0):
safedirpath(/var/../run, uid=0, gid=0, flags=42302, level=1, offset=5):
     [dir /var/../run] OK
     [dir /var/run/amavisd] OK
     [uid 996, nlink 1, stat 140755, mode 600]     OK
safefile(/etc/mail/service.switch, uid=0, gid=0, flags=6480, mode=400):
safedirpath(/etc/mail, uid=0, gid=0, flags=6580, level=0, offset=0):
     [dir /etc/mail] OK
     No such file or directory
safefile(/etc/mail/service.switch, uid=0, gid=0, flags=6480, mode=400):
safedirpath(/etc/mail, uid=0, gid=0, flags=6580, level=0, offset=0):
     [dir /etc/mail] OK
     No such file or directory
safedirpath(/var/spool/mqueue/, uid=0, gid=0, flags=4, level=0, offset=0):
     [dir /var/spool/mqueue/] OK
safedirpath(./q00, uid=0, gid=0, flags=4, level=0, offset=0):
     [dir ./q00] OK
safedirpath(./q02, uid=0, gid=0, flags=4, level=0, offset=0):
     [dir ./q02] OK
safedirpath(./q01, uid=0, gid=0, flags=4, level=0, offset=0):
     [dir ./q01] OK
safefile(/etc/mail/userdb.db, uid=0, gid=0, flags=584, mode=400):
safedirpath(/etc/mail, uid=0, gid=0, flags=584, level=0, offset=0):
     [dir /etc/mail] OK
     [uid 0, nlink 1, stat 100640, mode 400]     OK
Recipient names must be specified

--------------------------------------------------------------------
Amavis account login is :
amavis:x:996:995:User for amavisd-new:/var/spool/amavisd:/sbin/nologin

Best regards
Daniela Bortolotti



On 05/13/2015 07:56 PM, Matthias Weigel wrote:

Hi Daniela,

for the sendmail commandline test, please try it as the amavis user, not
as root.

Also please check the permissions of the sendmail program: it has to be
setgid:
ls -lisa /usr/sbin/sendmail*
ls -lisa /etc/alternatives/mta

and
ls -lisa /etc/mail

To check dir permissions by sendmail itself use
sendmail -v -d44.4 -bv



Best Regards

Matthias


Am 13.05.2015 um 17:47 schrieb bortolotti:

Hi Matthias,
here it is our output:

------------------------------------------------------------------------------------------------


sendmail -v bortolo...@bo.infn.it < /tmp/ciao
bortolo...@bo.infn.it... Connecting to [127.0.0.1] via relay...
220 bo.infn.it ESMTP server; Wed, 13 May 2015 17:19:49 +0200

EHLO postman.bo.infn.it

250-postman.bo.infn.it Hello localhost [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE 100000000
250-DSN
250-ETRN
250-AUTH GSSAPI
250-STARTTLS
250-DELIVERBY
250 HELP

STARTTLS

220 2.0.0 Ready to start TLS

EHLO postman.bo.infn.it

250-postman.bo.infn.it Hello localhost [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE 100000000
250-DSN
250-ETRN
250-AUTH GSSAPI PLAIN LOGIN
250-DELIVERBY
250 HELP

MAIL From:<r...@postman.bo.infn.it> SIZE=5
AUTH=r...@postman.bo.infn.it

250 2.1.0 <r...@postman.bo.infn.it>... Sender ok

RCPT To:<bortolo...@bo.infn.it>
DATA

250 2.1.5 <bortolo...@bo.infn.it>... Recipient ok
354 Enter mail, end with "." on a line by itself

250 2.0.0 t4DFJnkZ006299 Message accepted for delivery
bortolo...@bo.infn.it... Sent (t4DFJnkZ006299 Message accepted for
delivery)
Closing connection to [127.0.0.1]

QUIT

221 2.0.0 postman.bo.infn.it closing connection
----------------------------------------------------------------------------



When a I use amavisd-release command the output is:

amavisd-release virus-m0fUPazhnpfA
451 4.5.0 Failed to submit a message: exit 78, id=rel-k47A8FCsKcSV

And maillog file:
May 13 17:21:58 postman amavis[6279]: (rel-0frn5zAtV38Y) Quarantined
message release (miscategorized): m0fUPazhnpfA
<antonella.mondu...@bo.infn.it> -> <mondu...@bo.infn.it>
May 13 17:21:59 postman sendmail[6309]: NOQUEUE: SYSERR(amavis): can not
chdir(/var/spool/clientmqueue/): Permission denied


-----------------------------------------------------------------------------



Our submit.mc is standard, we modified only sendmail.mc

   dnl # amavis milter definitions 9-3-2015
INPUT_MAIL_FILTER(`amavis-milter',
`S=local:/var/run/amavisd/amavisd-milter.sock, F=T,
T=S:10m;R:10m;E:10m')

-----------------------------------------------------------------------------



In our amavisd.conf setup we define these rules:
$unix_socketname = "$MYHOME/amavisd.sock";
$notify_method = 'pipe:flags=q argv=/usr/sbin/sendmail -Ac -i -odd -f
${sender} -- ${recipient}';

but don't receive notifications.

------------------------------------------------------------------------------



Where is the mistake?

Thank a lot.

Best Regards
Daniela









On 05/12/2015 10:31 AM, Matthias Weigel wrote:

Hi Daniela,

does using sendmail on command line work?
e.g.
sendmail -v someb...@example.com < /tmp/sometext

What does your /etc/mail/submit.mc and your /etc/mail/sendmail.mc look
like?

Best Regards

Matthias

Am 12.05.2015 um 10:18 schrieb bortolotti:

Hi Fabian,
our permission of  "/var/spool/clientmqueue"
is good and SELINUX is already DISABLE.
What else can I investigate?

Thanks a lot.
Daniela Bortolotti

Re: Problem using amavisd 2.9.and sendmail on Centos 7

Reply via email to