Joerg Jung (2015-12-28 07:47 +0100):
>
> > Am 24.12.2015 um 04:46 schrieb Tim van der Molen <[email protected]>:
> >
> > Simon McFarlane (2015-12-24 00:49 +0100):
> >> I'm running an installation of today's snapshot (23-Dec-2015), and can't
> >> seem to get smtpd to launch when it is set to query a sqlite database. This
> >> is the complete output to /var/log/maillog from launch to crash:
> >>
> >> info: OpenSMTPD master starting
> >> warn: lost child: lookup terminated; signal 6
> >> info: control process exiting
> >> info: scheduler handler exiting
> >> info: queue handler exiting
> >> warn: ca -> control: pipe closed
> >> warn: pony -> lka: pipe closed
> >> warn: parent terminating
> >>
> >> and in dmesg, I see this:
> >>
> >> smtpd(29857): syscall 2 "proc"
> >
> > This diff adds the missing pledges. But there's another problem: smtpd
> > looks in /usr/libexec/smtpd instead of /usr/local/libexec/smtpd:
>
> CVS head/GIT master tries both paths.
This is CVS head.
table_create() tries both paths, but fork_proc_backend() only tries
/usr/libexec/smtpd.
> > Dec 24 04:31:04 sigma smtpd[11617]: execl: /usr/libexec/smtpd/table-sqlite:
> > No such file or directory
> >
> > Index: lka.c
> > ===================================================================
> > RCS file: /cvs/src/usr.sbin/smtpd/lka.c,v
> > retrieving revision 1.189
> > diff -p -u -r1.189 lka.c
> > --- lka.c 14 Dec 2015 10:22:12 -0000 1.189
> > +++ lka.c 24 Dec 2015 03:28:11 -0000
> > @@ -449,7 +449,7 @@ lka(void)
> > /* Ignore them until we get our config */
> > mproc_disable(p_pony);
> >
> > - if (pledge("stdio rpath inet dns getpw recvfd", NULL) == -1)
> > + if (pledge("stdio rpath inet dns getpw recvfd proc exec", NULL) == -1)
> > err(1, "pledge");
> >
> > if (event_dispatch() < 0)
> > Index: smtpd.c
> > ===================================================================
> > RCS file: /cvs/src/usr.sbin/smtpd/smtpd.c,v
> > retrieving revision 1.268
> > diff -p -u -r1.268 smtpd.c
> > --- smtpd.c 20 Dec 2015 14:06:24 -0000 1.268
> > +++ smtpd.c 24 Dec 2015 03:28:11 -0000
> > @@ -841,7 +841,8 @@ fork_proc_backend(const char *key, const
> > procname = name;
> >
> > execl(path, procname, arg, NULL);
> > - err(1, "execl: %s", path);
> > + log_warn("execl: %s", path);
> > + exit(1);
> > }
> >
> > /* parent process */
> >
> >> It looks like smtpd pledges proc during initialization (smtpd.c:704).
> >> Running a ktrace/kdump on smtpd -d shows only one call to pledge(), with
> >> proc and exec included. Also,
> >>
> >> # smtpd -d &
> >> [1] 4597
> >> # info: OpenSMTPD master starting
> >> warn: lost child: lookup terminated; signal 6
> >> info: queue handler exiting
> >> info: control process exiting
> >> info: scheduler handler exiting
> >> warn: pony -> lka: pipe closed
> >> warn: parent terminating
> >>
> >> [1] + Done (1) smtpd -d
> >> # dmesg | tail -n 1
> >> smtpd(31636): syscall 2 "proc"
> >>
> >> The master process (pid 4597 in this instance) is not the process which
> >> tries to step outside its pledge boundary (pid 31636 is the offender here).
> >>
> >> Maybe a worker process needs to have proc added to its pledge in some
> >> cases?
> >>
> >> For reference, my config files look like this:
> >>
> >> #### smtpd.conf
> >>
> >> # Tables
> >> table aliases file:/etc/mail/aliases
> >> table passwd sqlite:/etc/mail/sqlite.conf
> >> table users sqlite:/etc/mail/sqlite.conf
> >> table domains sqlite:/etc/mail/sqlite.conf
> >>
> >> # Ports
> >> listen on lo0
> >> listen on lo0 port 10028 tag DKIM
> >> listen on egress port smtp tls
> >> listen on egress smtps auth <passwd>
> >>
> >> # Incoming
> >> accept from local for local alias <aliases> \
> >> deliver to lmtp "/var/dovecot/lmtp" rcpt-to
> >>
> >> accept from any for domain <domains> virtual <users> \
> >> deliver to lmtp "/var/dovecot/lmtp" rcpt-to
> >>
> >> # Outgoing
> >> accept tagged DKIM for any relay
> >> accept for any relay via smtp://127.0.0.1:10027
> >>
> >> #### sqlite.conf
> >>
> >> dbpath /etc/mail/users.db
> >>
> >> query_credentials SELECT username||'@'||domain, password FROM users
> >> WHERE (username||'@'||domain)=?;
> >>
> >> query_domain SELECT domain FROM users WHERE domain=? LIMIT 1;
> >>
> >> query_alias SELECT 'vmail' FROM users WHERE ? LIKE
> >> (username||'@'||domain);
> >>
> >> ####
> >>
> >> Thanks,
> >> Simon
> >>
> >> --
> >> You received this mail because you are subscribed to [email protected]
> >> To unsubscribe, send a mail to: [email protected]
> >
> > --
> > You received this mail because you are subscribed to [email protected]
> > To unsubscribe, send a mail to: [email protected]
> >
--
You received this mail because you are subscribed to [email protected]
To unsubscribe, send a mail to: [email protected]
