> Am 24.12.2015 um 04:46 schrieb Tim van der Molen <[email protected]>:
>
> Simon McFarlane (2015-12-24 00:49 +0100):
>> I'm running an installation of today's snapshot (23-Dec-2015), and can't
>> seem to get smtpd to launch when it is set to query a sqlite database. This
>> is the complete output to /var/log/maillog from launch to crash:
>>
>> info: OpenSMTPD master starting
>> warn: lost child: lookup terminated; signal 6
>> info: control process exiting
>> info: scheduler handler exiting
>> info: queue handler exiting
>> warn: ca -> control: pipe closed
>> warn: pony -> lka: pipe closed
>> warn: parent terminating
>>
>> and in dmesg, I see this:
>>
>> smtpd(29857): syscall 2 "proc"
>
> This diff adds the missing pledges. But there's another problem: smtpd
> looks in /usr/libexec/smtpd instead of /usr/local/libexec/smtpd:
CVS head/GIT master tries both paths.
> Dec 24 04:31:04 sigma smtpd[11617]: execl: /usr/libexec/smtpd/table-sqlite:
> No such file or directory
>
> Index: lka.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/smtpd/lka.c,v
> retrieving revision 1.189
> diff -p -u -r1.189 lka.c
> --- lka.c 14 Dec 2015 10:22:12 -0000 1.189
> +++ lka.c 24 Dec 2015 03:28:11 -0000
> @@ -449,7 +449,7 @@ lka(void)
> /* Ignore them until we get our config */
> mproc_disable(p_pony);
>
> - if (pledge("stdio rpath inet dns getpw recvfd", NULL) == -1)
> + if (pledge("stdio rpath inet dns getpw recvfd proc exec", NULL) == -1)
> err(1, "pledge");
>
> if (event_dispatch() < 0)
> Index: smtpd.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/smtpd/smtpd.c,v
> retrieving revision 1.268
> diff -p -u -r1.268 smtpd.c
> --- smtpd.c 20 Dec 2015 14:06:24 -0000 1.268
> +++ smtpd.c 24 Dec 2015 03:28:11 -0000
> @@ -841,7 +841,8 @@ fork_proc_backend(const char *key, const
> procname = name;
>
> execl(path, procname, arg, NULL);
> - err(1, "execl: %s", path);
> + log_warn("execl: %s", path);
> + exit(1);
> }
>
> /* parent process */
>
>> It looks like smtpd pledges proc during initialization (smtpd.c:704).
>> Running a ktrace/kdump on smtpd -d shows only one call to pledge(), with
>> proc and exec included. Also,
>>
>> # smtpd -d &
>> [1] 4597
>> # info: OpenSMTPD master starting
>> warn: lost child: lookup terminated; signal 6
>> info: queue handler exiting
>> info: control process exiting
>> info: scheduler handler exiting
>> warn: pony -> lka: pipe closed
>> warn: parent terminating
>>
>> [1] + Done (1) smtpd -d
>> # dmesg | tail -n 1
>> smtpd(31636): syscall 2 "proc"
>>
>> The master process (pid 4597 in this instance) is not the process which
>> tries to step outside its pledge boundary (pid 31636 is the offender here).
>>
>> Maybe a worker process needs to have proc added to its pledge in some cases?
>>
>> For reference, my config files look like this:
>>
>> #### smtpd.conf
>>
>> # Tables
>> table aliases file:/etc/mail/aliases
>> table passwd sqlite:/etc/mail/sqlite.conf
>> table users sqlite:/etc/mail/sqlite.conf
>> table domains sqlite:/etc/mail/sqlite.conf
>>
>> # Ports
>> listen on lo0
>> listen on lo0 port 10028 tag DKIM
>> listen on egress port smtp tls
>> listen on egress smtps auth <passwd>
>>
>> # Incoming
>> accept from local for local alias <aliases> \
>> deliver to lmtp "/var/dovecot/lmtp" rcpt-to
>>
>> accept from any for domain <domains> virtual <users> \
>> deliver to lmtp "/var/dovecot/lmtp" rcpt-to
>>
>> # Outgoing
>> accept tagged DKIM for any relay
>> accept for any relay via smtp://127.0.0.1:10027
>>
>> #### sqlite.conf
>>
>> dbpath /etc/mail/users.db
>>
>> query_credentials SELECT username||'@'||domain, password FROM users
>> WHERE (username||'@'||domain)=?;
>>
>> query_domain SELECT domain FROM users WHERE domain=? LIMIT 1;
>>
>> query_alias SELECT 'vmail' FROM users WHERE ? LIKE
>> (username||'@'||domain);
>>
>> ####
>>
>> Thanks,
>> Simon
>>
>> --
>> You received this mail because you are subscribed to [email protected]
>> To unsubscribe, send a mail to: [email protected]
>
> --
> You received this mail because you are subscribed to [email protected]
> To unsubscribe, send a mail to: [email protected]
>
--
You received this mail because you are subscribed to [email protected]
To unsubscribe, send a mail to: [email protected]
