Simon McFarlane (2015-12-24 00:49 +0100):
> I'm running an installation of today's snapshot (23-Dec-2015), and can't
> seem to get smtpd to launch when it is set to query a sqlite database. This
> is the complete output to /var/log/maillog from launch to crash:
>
> info: OpenSMTPD master starting
> warn: lost child: lookup terminated; signal 6
> info: control process exiting
> info: scheduler handler exiting
> info: queue handler exiting
> warn: ca -> control: pipe closed
> warn: pony -> lka: pipe closed
> warn: parent terminating
>
> and in dmesg, I see this:
>
> smtpd(29857): syscall 2 "proc"
This diff adds the missing pledges. But there's another problem: smtpd
looks in /usr/libexec/smtpd instead of /usr/local/libexec/smtpd:
Dec 24 04:31:04 sigma smtpd[11617]: execl: /usr/libexec/smtpd/table-sqlite: No
such file or directory
Index: lka.c
===================================================================
RCS file: /cvs/src/usr.sbin/smtpd/lka.c,v
retrieving revision 1.189
diff -p -u -r1.189 lka.c
--- lka.c 14 Dec 2015 10:22:12 -0000 1.189
+++ lka.c 24 Dec 2015 03:28:11 -0000
@@ -449,7 +449,7 @@ lka(void)
/* Ignore them until we get our config */
mproc_disable(p_pony);
- if (pledge("stdio rpath inet dns getpw recvfd", NULL) == -1)
+ if (pledge("stdio rpath inet dns getpw recvfd proc exec", NULL) == -1)
err(1, "pledge");
if (event_dispatch() < 0)
Index: smtpd.c
===================================================================
RCS file: /cvs/src/usr.sbin/smtpd/smtpd.c,v
retrieving revision 1.268
diff -p -u -r1.268 smtpd.c
--- smtpd.c 20 Dec 2015 14:06:24 -0000 1.268
+++ smtpd.c 24 Dec 2015 03:28:11 -0000
@@ -841,7 +841,8 @@ fork_proc_backend(const char *key, const
procname = name;
execl(path, procname, arg, NULL);
- err(1, "execl: %s", path);
+ log_warn("execl: %s", path);
+ exit(1);
}
/* parent process */
> It looks like smtpd pledges proc during initialization (smtpd.c:704).
> Running a ktrace/kdump on smtpd -d shows only one call to pledge(), with
> proc and exec included. Also,
>
> # smtpd -d &
> [1] 4597
> # info: OpenSMTPD master starting
> warn: lost child: lookup terminated; signal 6
> info: queue handler exiting
> info: control process exiting
> info: scheduler handler exiting
> warn: pony -> lka: pipe closed
> warn: parent terminating
>
> [1] + Done (1) smtpd -d
> # dmesg | tail -n 1
> smtpd(31636): syscall 2 "proc"
>
> The master process (pid 4597 in this instance) is not the process which
> tries to step outside its pledge boundary (pid 31636 is the offender here).
>
> Maybe a worker process needs to have proc added to its pledge in some cases?
>
> For reference, my config files look like this:
>
> #### smtpd.conf
>
> # Tables
> table aliases file:/etc/mail/aliases
> table passwd sqlite:/etc/mail/sqlite.conf
> table users sqlite:/etc/mail/sqlite.conf
> table domains sqlite:/etc/mail/sqlite.conf
>
> # Ports
> listen on lo0
> listen on lo0 port 10028 tag DKIM
> listen on egress port smtp tls
> listen on egress smtps auth <passwd>
>
> # Incoming
> accept from local for local alias <aliases> \
> deliver to lmtp "/var/dovecot/lmtp" rcpt-to
>
> accept from any for domain <domains> virtual <users> \
> deliver to lmtp "/var/dovecot/lmtp" rcpt-to
>
> # Outgoing
> accept tagged DKIM for any relay
> accept for any relay via smtp://127.0.0.1:10027
>
> #### sqlite.conf
>
> dbpath /etc/mail/users.db
>
> query_credentials SELECT username||'@'||domain, password FROM users
> WHERE (username||'@'||domain)=?;
>
> query_domain SELECT domain FROM users WHERE domain=? LIMIT 1;
>
> query_alias SELECT 'vmail' FROM users WHERE ? LIKE
> (username||'@'||domain);
>
> ####
>
> Thanks,
> Simon
>
> --
> You received this mail because you are subscribed to [email protected]
> To unsubscribe, send a mail to: [email protected]
>
--
You received this mail because you are subscribed to [email protected]
To unsubscribe, send a mail to: [email protected]
