[courier-users] setuid/setgid problem, mail from website not sent

[Bernd Plagge]

Hi Sam,

thank you VERY much!
This was the answer.

Just for the record: 
I had to downgrade my Debian system due to issues with the new Debian packages.
Seems that the permissions on the sendmail wrapper were not set correctly by 
the installation program.

Again, thank you very much!



On Thu, 06 Jul 2017 03:03:37 +
courier-users-requ...@lists.sourceforge.net wrote:

> From: Sam Varshavchik 
> To: courier-users@lists.sourceforge.net
> Subject: Re: [courier-users] setuid/setgid problem,  mail from website not
>  sent
> Date: Wed, 05 Jul 2017 17:55:26 -0400
> 
> Bernd Plagge writes:
> 
> > Hi
> >
> > I'm trying to send mail from website mail, or webmail.
> > However, sending doesn't work,
> >
> > Log entries:
> >
> > Jul 06 00:25:45 linde lighttpd[1182]: setuid/setgid: Operation not permitted
> > Jul 06 00:25:45 linde lighttpd[1182]: /cgi-bin/FormMail.pl: close sendmail  
> > pipe failed, mailprog=[/usr/lib/sendmail -oi -t] at (eval 9) line 108.
> >
> > The courier sendmail program:
> > s -l /usr/sbin/sendmail
> > -rwxr-sr-x 1 root courier 59120 Jan 26  2015 /usr/sbin/sendmail
> >
> >
> > What can I do to solve this problem?  
> 
> Permissions on the sendmail wrapper should be setuid root, not setgid.

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

[courier-users] sendmail removes bcc header unconditionally

[Gordon Messmer]

I'm working on improving my "sentfolder" mail filter.  This filter works 
like GMail's SMTP system, copying messages that a user sends into their 
sent folder, so that messages only need to traverse the network once.  
Courier IMAP has a better option, but no client support to speak of.


I've updated the sendfolder filter to examine the recipients in the 
control files and the message file headers, and add a Bcc: header for 
any addresses that don't appear in the message headers.  It then uses 
sendmail to send a copy to the user, along with a header that marks it 
for delivery to their sent folder. The problem here is that sendmail 
unconditionally removes the bcc: header.  I think it might be better if 
sendmail removed the bcc header only if it uses headers for the 
destination addresses, and left the bcc header if it uses destinations 
given as command line arguments.  Would that be an acceptable change?


I could work around the problem by using SMTP rather than sendmail, but 
I prefer to use sendmail to avoid passing through the courier filters 
(at least, in the default configuration).



--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Blacklisted email addresses not cleared

[Sam Varshavchik]

Bernd Plagge writes:


Hi all

I recently found some cases were blacklisted email addresses (recorded in  
/var/lib/courier/track) were not cleared by the "courier clear user@domain"  
command.


I ran strace and here  is the result:

fstat64(3, {st_mode=S_IFREG|0644, st_size=173, ...}) = 0
write(3, "1499264814 aem...@domain.com"..., 33) = 33
close(3)= 0
fstat64(1, {st_mode=S_IFCHR|0600, st_rdev=makedev(136, 0), ...}) = 0
write(1, "m...@domain.com cleared.\n", 30) = 30
exit_group(0)   = ?


That's the expected result. An email address gets cleared by adding an A  
record, so this looks ok.


Reviewing the code in question I only see a potential problem with "clear  
all" not working correctly, but clearing an individual address should work.




pgp1WFJM2MF8d.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] setuid/setgid problem, mail from website not sent

[Sam Varshavchik]

Bernd Plagge writes:


Hi

I'm trying to send mail from website mail, or webmail.
However, sending doesn't work,

Log entries:

Jul 06 00:25:45 linde lighttpd[1182]: setuid/setgid: Operation not permitted
Jul 06 00:25:45 linde lighttpd[1182]: /cgi-bin/FormMail.pl: close sendmail  
pipe failed, mailprog=[/usr/lib/sendmail -oi -t] at (eval 9) line 108.


The courier sendmail program:
s -l /usr/sbin/sendmail
-rwxr-sr-x 1 root courier 59120 Jan 26  2015 /usr/sbin/sendmail


What can I do to solve this problem?


Permissions on the sendmail wrapper should be setuid root, not setgid.




pgprgnATZ9HsP.pgp
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] setuid/setgid problem, mail from website not sent

[Gordon Messmer]

On 07/05/2017 11:33 AM, Bernd Plagge wrote:

What can I do to solve this problem?



First, "setenforce permissive" and send a message, or examine 
/var/log/audit/audit.log to see if this is an SELinux denial.


Next, in permissive mode, use "tail -f /var/log/audit/audit.log | grep 
AVC" to watch the log while you send another message.  Take all of the 
output and pass it as input to "audit2allow -M lighttpd_sendmail".  That 
will create a new SELinux policy module that you can load to allow 
lighttpd to send email.



--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

[courier-users] setuid/setgid problem, mail from website not sent

[Bernd Plagge]

Hi 

I'm trying to send mail from website mail, or webmail.
However, sending doesn't work, 

Log entries:

Jul 06 00:25:45 linde lighttpd[1182]: setuid/setgid: Operation not permitted
Jul 06 00:25:45 linde lighttpd[1182]: /cgi-bin/FormMail.pl: close sendmail pipe 
failed, mailprog=[/usr/lib/sendmail -oi -t] at (eval 9) line 108.

The courier sendmail program:
s -l /usr/sbin/sendmail
-rwxr-sr-x 1 root courier 59120 Jan 26  2015 /usr/sbin/sendmail


What can I do to solve this problem?

Best regards,
Bernd


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

[courier-users] Blacklisted email addresses not cleared

[Bernd Plagge]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hi all

I recently found some cases were blacklisted email addresses (recorded in 
/var/lib/courier/track) were not cleared by the "courier clear user@domain" 
command.
Permissions for the directory are:

linde:/var/lib/courier# ls -l
total 544
drwxr-x--- 2 daemon daemon   4096 Jul  5 00:05 allfilters
drwxr-x--- 2 daemon daemon   4096 Nov 29  2010 calendar
- -rw--- 1 root   root   524288 Jul  5 23:04 couriersslcache
drwxr-x--- 2 daemon daemon   4096 May 21  2016 filters
drwxr-xr-x 4 daemon daemon   4096 Jul  5 23:21 msgq
drwxr-x--- 7 daemon daemon   4096 Jul  5 23:25 msgs
drwxrwx--- 5 daemon daemon   4096 Jul  5 22:08 tmp
drwxr-xr-x 2 daemon daemon   4096 Jul  5 23:29 track


I ran strace and here  is the result:

mmap2(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 
0xb7421000
set_thread_area({entry_number:-1, base_addr:0xb7421700, limit:1048575, 
seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, 
useable:1}) = 0 (entry_number:6)
mprotect(0xb75d5000, 8192, PROT_READ)   = 0
mprotect(0xb75f7000, 4096, PROT_READ)   = 0
mprotect(0xb764c000, 4096, PROT_READ)   = 0
mprotect(0xb77be000, 24576, PROT_READ)  = 0
mprotect(0x8051000, 4096, PROT_READ)= 0
mprotect(0xb77fe000, 4096, PROT_READ)   = 0
munmap(0xb77c8000, 48644)   = 0
brk(NULL)   = 0x9816000
brk(0x983b000)  = 0x983b000
chdir("/usr")   = 0
setgid32(1) = 0
getuid32()  = 0
setgroups32(1, [1]) = 0
setuid32(1) = 0
open("/var/lib/courier/track/416462", O_WRONLY|O_CREAT|O_APPEND|O_LARGEFILE, 
0666) = 3
_llseek(3, 0, [173], SEEK_END)  = 0
fstat64(3, {st_mode=S_IFREG|0644, st_size=173, ...}) = 0
write(3, "1499264814 aem...@domain.com"..., 33) = 33
close(3)= 0
fstat64(1, {st_mode=S_IFCHR|0600, st_rdev=makedev(136, 0), ...}) = 0
write(1, "m...@domain.com cleared.\n", 30) = 30
exit_group(0)   = ?

I'm running Courier 0.73 (Debian upgrade failed).

Sorry, I'm not very good at reading traces. Any ideas what the reason might be?

Thanks for any help!

Bernd
-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEEV/J6xcvB3zWv0k2ZmovHNYOpMokFAllc+M8ACgkQmovHNYOp
MonVvw/+JqXjPutUSCc06vo6fNfcheO7Ut+DG6Fu1gt1eMPxHh9sJQn1/t3V0cBT
UiB9NrTZQ35TWZ1RILBzFt8sLxjyRXL0UvhGkf5T0hDqbAs0U9OA85NT8MjHv8Hw
zDxtChL6BMqjQ+fWFsemZXNSZv/yg+7ciPQv2fldIXU4coWL3r9Ewir1DpWwg2Ip
GgPDiHpRSRS5em8uQmDHsqZI5xH4mgQBaZ9IRh3W3JS1rKYnTF+LTS2O7x+RnQdg
hDWk5n0i1G4fsxKcm/IkARH5hxAvD49zuFvZUC7GMNULRNpwKQEtwE9Fp3jWt0qi
n/ygz9PXfuuTURf6MYBEZF8eNjuv3MmiQxTiGqjCoG/bh67e2xHBWDH9Q6bOKWIo
SaM2fURFMqP1W3SQ7gqPnjCSK3RWpgmePve7eh+QVKAGyCmOCwfTbVGKJbGuzenZ
9B756yfhA7r33vdZHsm0PnVFR7df05Saw2ukuqJW2VRPE6OteABRNAVq/bXBLxF0
B/H+sqRsmY7/HH+LH4CSNLzl86WwABqUe4TQ+Btlr19VwvdZlcLMYJzXe3wKsaei
wSKMK7HVQLE8/sHrrrq3z1wr/nyxRdaEPfYF9o66R5OJLZ0tpQk1lh6YFboPgV4x
SGMx44lGaaG6WUmr337sIZIee/dH39dxIDLJvdID5xNi6qIrDTg=
=+ESq
-END PGP SIGNATURE-
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users