[pfx] Re: [en@sympa] Little problem

[John Fawcett via Postfix-users]

On 05/02/2026 14:30, Ruud Baart via Postfix-users wrote:

I found a way to work around the problem. I still don't understand de 
exact reason for the problem.

I am glad you found a solution, but I'll add a few comments that maybe 
can help if anyone else gets the same issue

But Wietse Veenema hinted that perhaps an underlying and not very 
clear protection system prohibited the open() call in the binary 
queue. One possibility could have been the systemd service but 
changing to a start/stop script in init.d wasn't the solution.

The way the sympa service is being invoked i.e. via systemd or via 
init.d scripts is not really relevant to the issue (as you yourself 
observed). The reason for that is that the failure is happening in a 
different context from the running sympa service.

You are invoking this command: "/usr/local/sympa/bin/queue" from within 
postfix under user sympa. You are not interacting with a daemon running 
under the sympa service.

So the relevant context is the one in which postfix is running.

Today I decided to install a fresh sympa in a more debian way. 
Configure and install without the prefix /usr/local/sympa. The 
configure I used  is now:

./configure \
   -enable-fhs \
   --sysconfdir=/etc/sympa \
   --sbindir=/usr/lib/sympa/bin \
   --libexecdir=/usr/lib/sympa/bin \
   --with-cgidir=/usr/lib/cgi-bin/sympa \
   --with-staticdir=/usr/share/sympa/static_content \
   --with-cssdir=/var/lib/sympa/css \
   --with-picturesdir=/var/lib/sympa/pictures \
   --datadir=/usr/share \
   --localedir=/usr/share/locale \
   --mandir=/usr/share/man \
   --docdir=/usr/share/doc/sympa \
   --with-piddir=/run/sympa \
   --without-initdir \
   --with-unitsdir=/etc/systemd/system \
   --with-user=sympa \
   --with-group=sympa \
   --with-aliases_file=/etc/mail/sympa/aliases \

And it runs without a problem (sofar). Thanks for all the help and 
suggestions.

PS: It made me nostalgic. Back in the day, we were still in charge on 
a Linux/unix system.


When you had prefix of /usr/local/sympa and I am guessing that also you 
didn't have --enable-fhs at that time, therefore you were expecting the 
sympa queue files to be created in directory

/usr/local/sympa/spool and not in /var/spool/sympa

If you are running the postfix service with the systemd setting (cf 
/usr/lib/systemd/system/postfix.service)

ProtectSystem=full

then postfix would not have write access to various file systems 
including the /usr file system.

Also the processes spawned from postfix including the 
/usr/local/sympa/bin/queue will also not have write access to those file 
systems.

So when  the /usr/local/sympa/bin/queue command tried to create a file 
in /usr/local/sympa/spool it failed due to /usr being mounted as read only.

Once you reinstalled sympa to a standard file layout, sympa queue files 
will be created under /var/spool/sympa which is not one of the file 
systems that is remouned read only with ProtectSystem=full, hence it is 
now working. It could also have been made to work in the previous case 
by turning off ProtectSystem for postfix.

John


Op 4-2-2026 om 21:42 schreef Ruud Baart:

If i follow your strace statement, the mail is stored in the postfix 
active spool directory

    -Queue ID-  --Size-- ----Arrival Time---- -Sender/Recipient-------
    3DEF95F444E*    2688 Wed Feb  4 21:32:05 r.j.ba...@tiswe.fr
    tiswe...@listserver.prompt.nl

It is stored as expected in /var/spool/postfix/active/3DEF95F444E

in de logging:

Feb 04 20:14:20 monk postfix/pipe[17727]: 00C185F444E: 
to=<tiswe...@listserver.prompt.nl>, relay=sympa, delay=1695,  
delays=694/0.01/ 0/1000, dsn=5.3.0, status=bounced (Command time 
limit exceeded: "/usr/bin/strace")
Feb 04 21:32:05 monk kernel: audit: type=1326 
audit(1770237125.277:124): auid=4294967295 uid=120 gid=126 
ses=4294967295 subj=unconfined pid=26499 comm="strace" 
exe="/usr/bin/strace" sig=31 arch=c000003e syscall=101 compat=0 
ip=0x7f9eef626888 code=0x80000000


Op 4-2-2026 om 19:01 schreef Jean Charles Delépine:
Quoting Ruud Baart <r.j.ba...@prompt.nl>:

In postfix master.cf

sympa   unix    -       n       n       -       -       pipe
  flags=hqRu null_sender= user=sympa 
argv=/usr/local/sympa/bin/queue ${nexthop}

Change that by :
sympa   unix    -       n       n       -       -       pipe
   flags=hqRu null_sender= user=sympa argv=strace -o /var/tmp/queue 
/usr/local/sympa/bin/queue ${nexthop}

And send a mail.

You should find something like :
[...]
chdir("/var/spool/sympa/queue")         = 0
umask(027)                              = 077
getpid()                                = 445618
openat(AT_FDCWD, "t.t...@listes.u-picardie.fr.1770227652.445618", 
O_WRONLY|O_CREAT, 0600) = 3
[...]

Maybe that can clarify things.


_______________________________________________
Postfix-users mailing list --postfix-users@postfix.org
To unsubscribe send an email topostfix-users-le...@postfix.org_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org