[courier-users] setuid/setgid problem, mail from website not sent
Hi Sam, thank you VERY much! This was the answer. Just for the record: I had to downgrade my Debian system due to issues with the new Debian packages. Seems that the permissions on the sendmail wrapper were not set correctly by the installation program. Again, thank you very much! On Thu, 06 Jul 2017 03:03:37 + courier-users-requ...@lists.sourceforge.net wrote: > From: Sam Varshavchik> To: courier-users@lists.sourceforge.net > Subject: Re: [courier-users] setuid/setgid problem, mail from website not > sent > Date: Wed, 05 Jul 2017 17:55:26 -0400 > > Bernd Plagge writes: > > > Hi > > > > I'm trying to send mail from website mail, or webmail. > > However, sending doesn't work, > > > > Log entries: > > > > Jul 06 00:25:45 linde lighttpd[1182]: setuid/setgid: Operation not permitted > > Jul 06 00:25:45 linde lighttpd[1182]: /cgi-bin/FormMail.pl: close sendmail > > pipe failed, mailprog=[/usr/lib/sendmail -oi -t] at (eval 9) line 108. > > > > The courier sendmail program: > > s -l /usr/sbin/sendmail > > -rwxr-sr-x 1 root courier 59120 Jan 26 2015 /usr/sbin/sendmail > > > > > > What can I do to solve this problem? > > Permissions on the sendmail wrapper should be setuid root, not setgid. -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] sendmail removes bcc header unconditionally
I'm working on improving my "sentfolder" mail filter. This filter works like GMail's SMTP system, copying messages that a user sends into their sent folder, so that messages only need to traverse the network once. Courier IMAP has a better option, but no client support to speak of. I've updated the sendfolder filter to examine the recipients in the control files and the message file headers, and add a Bcc: header for any addresses that don't appear in the message headers. It then uses sendmail to send a copy to the user, along with a header that marks it for delivery to their sent folder. The problem here is that sendmail unconditionally removes the bcc: header. I think it might be better if sendmail removed the bcc header only if it uses headers for the destination addresses, and left the bcc header if it uses destinations given as command line arguments. Would that be an acceptable change? I could work around the problem by using SMTP rather than sendmail, but I prefer to use sendmail to avoid passing through the courier filters (at least, in the default configuration). -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Blacklisted email addresses not cleared
Bernd Plagge writes: Hi all I recently found some cases were blacklisted email addresses (recorded in /var/lib/courier/track) were not cleared by the "courier clear user@domain" command. I ran strace and here is the result: fstat64(3, {st_mode=S_IFREG|0644, st_size=173, ...}) = 0 write(3, "1499264814 aem...@domain.com"..., 33) = 33 close(3)= 0 fstat64(1, {st_mode=S_IFCHR|0600, st_rdev=makedev(136, 0), ...}) = 0 write(1, "m...@domain.com cleared.\n", 30) = 30 exit_group(0) = ? That's the expected result. An email address gets cleared by adding an A record, so this looks ok. Reviewing the code in question I only see a potential problem with "clear all" not working correctly, but clearing an individual address should work. pgp1WFJM2MF8d.pgp Description: PGP signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] setuid/setgid problem, mail from website not sent
Bernd Plagge writes: Hi I'm trying to send mail from website mail, or webmail. However, sending doesn't work, Log entries: Jul 06 00:25:45 linde lighttpd[1182]: setuid/setgid: Operation not permitted Jul 06 00:25:45 linde lighttpd[1182]: /cgi-bin/FormMail.pl: close sendmail pipe failed, mailprog=[/usr/lib/sendmail -oi -t] at (eval 9) line 108. The courier sendmail program: s -l /usr/sbin/sendmail -rwxr-sr-x 1 root courier 59120 Jan 26 2015 /usr/sbin/sendmail What can I do to solve this problem? Permissions on the sendmail wrapper should be setuid root, not setgid. pgprgnATZ9HsP.pgp Description: PGP signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] setuid/setgid problem, mail from website not sent
On 07/05/2017 11:33 AM, Bernd Plagge wrote: What can I do to solve this problem? First, "setenforce permissive" and send a message, or examine /var/log/audit/audit.log to see if this is an SELinux denial. Next, in permissive mode, use "tail -f /var/log/audit/audit.log | grep AVC" to watch the log while you send another message. Take all of the output and pass it as input to "audit2allow -M lighttpd_sendmail". That will create a new SELinux policy module that you can load to allow lighttpd to send email. -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] setuid/setgid problem, mail from website not sent
Hi I'm trying to send mail from website mail, or webmail. However, sending doesn't work, Log entries: Jul 06 00:25:45 linde lighttpd[1182]: setuid/setgid: Operation not permitted Jul 06 00:25:45 linde lighttpd[1182]: /cgi-bin/FormMail.pl: close sendmail pipe failed, mailprog=[/usr/lib/sendmail -oi -t] at (eval 9) line 108. The courier sendmail program: s -l /usr/sbin/sendmail -rwxr-sr-x 1 root courier 59120 Jan 26 2015 /usr/sbin/sendmail What can I do to solve this problem? Best regards, Bernd -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Blacklisted email addresses not cleared
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi all I recently found some cases were blacklisted email addresses (recorded in /var/lib/courier/track) were not cleared by the "courier clear user@domain" command. Permissions for the directory are: linde:/var/lib/courier# ls -l total 544 drwxr-x--- 2 daemon daemon 4096 Jul 5 00:05 allfilters drwxr-x--- 2 daemon daemon 4096 Nov 29 2010 calendar - -rw--- 1 root root 524288 Jul 5 23:04 couriersslcache drwxr-x--- 2 daemon daemon 4096 May 21 2016 filters drwxr-xr-x 4 daemon daemon 4096 Jul 5 23:21 msgq drwxr-x--- 7 daemon daemon 4096 Jul 5 23:25 msgs drwxrwx--- 5 daemon daemon 4096 Jul 5 22:08 tmp drwxr-xr-x 2 daemon daemon 4096 Jul 5 23:29 track I ran strace and here is the result: mmap2(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7421000 set_thread_area({entry_number:-1, base_addr:0xb7421700, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0 (entry_number:6) mprotect(0xb75d5000, 8192, PROT_READ) = 0 mprotect(0xb75f7000, 4096, PROT_READ) = 0 mprotect(0xb764c000, 4096, PROT_READ) = 0 mprotect(0xb77be000, 24576, PROT_READ) = 0 mprotect(0x8051000, 4096, PROT_READ)= 0 mprotect(0xb77fe000, 4096, PROT_READ) = 0 munmap(0xb77c8000, 48644) = 0 brk(NULL) = 0x9816000 brk(0x983b000) = 0x983b000 chdir("/usr") = 0 setgid32(1) = 0 getuid32() = 0 setgroups32(1, [1]) = 0 setuid32(1) = 0 open("/var/lib/courier/track/416462", O_WRONLY|O_CREAT|O_APPEND|O_LARGEFILE, 0666) = 3 _llseek(3, 0, [173], SEEK_END) = 0 fstat64(3, {st_mode=S_IFREG|0644, st_size=173, ...}) = 0 write(3, "1499264814 aem...@domain.com"..., 33) = 33 close(3)= 0 fstat64(1, {st_mode=S_IFCHR|0600, st_rdev=makedev(136, 0), ...}) = 0 write(1, "m...@domain.com cleared.\n", 30) = 30 exit_group(0) = ? I'm running Courier 0.73 (Debian upgrade failed). Sorry, I'm not very good at reading traces. Any ideas what the reason might be? Thanks for any help! Bernd -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEV/J6xcvB3zWv0k2ZmovHNYOpMokFAllc+M8ACgkQmovHNYOp MonVvw/+JqXjPutUSCc06vo6fNfcheO7Ut+DG6Fu1gt1eMPxHh9sJQn1/t3V0cBT UiB9NrTZQ35TWZ1RILBzFt8sLxjyRXL0UvhGkf5T0hDqbAs0U9OA85NT8MjHv8Hw zDxtChL6BMqjQ+fWFsemZXNSZv/yg+7ciPQv2fldIXU4coWL3r9Ewir1DpWwg2Ip GgPDiHpRSRS5em8uQmDHsqZI5xH4mgQBaZ9IRh3W3JS1rKYnTF+LTS2O7x+RnQdg hDWk5n0i1G4fsxKcm/IkARH5hxAvD49zuFvZUC7GMNULRNpwKQEtwE9Fp3jWt0qi n/ygz9PXfuuTURf6MYBEZF8eNjuv3MmiQxTiGqjCoG/bh67e2xHBWDH9Q6bOKWIo SaM2fURFMqP1W3SQ7gqPnjCSK3RWpgmePve7eh+QVKAGyCmOCwfTbVGKJbGuzenZ 9B756yfhA7r33vdZHsm0PnVFR7df05Saw2ukuqJW2VRPE6OteABRNAVq/bXBLxF0 B/H+sqRsmY7/HH+LH4CSNLzl86WwABqUe4TQ+Btlr19VwvdZlcLMYJzXe3wKsaei wSKMK7HVQLE8/sHrrrq3z1wr/nyxRdaEPfYF9o66R5OJLZ0tpQk1lh6YFboPgV4x SGMx44lGaaG6WUmr337sIZIee/dH39dxIDLJvdID5xNi6qIrDTg= =+ESq -END PGP SIGNATURE- -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users