Re: [qpsmtpd] Still looking: tcpserver startup for qpsmtpd-prefork 0.81
On Wed, May 20, 2009 at 09:40:21PM -0400, Charlie Brady wrote: I think the -T *should* be there on the command line, but there are some bugs in qpsmtpd and/or your plugins which need to be fixed before it will work. forkserver has used -T since 29ac2860, back in 2004. Obviously prefork is newer and has seen less testing, but most of the module code and plugins have seen plenty of taint-checked use. -- Devin \ aqua(at)devin.com, IRC:Requiem; http://www.devin.com Carraway \ 1024D/E9ABFCD2: 13E7 199E DD1E 65F0 8905 2E43 5395 CA0D E9AB FCD2
Re: [qpsmtpd] Still looking: tcpserver startup for qpsmtpd-prefork 0.81
On Thu, 21 May 2009, Devin Carraway wrote: On Wed, May 20, 2009 at 09:40:21PM -0400, Charlie Brady wrote: I think the -T *should* be there on the command line, but there are some bugs in qpsmtpd and/or your plugins which need to be fixed before it will work. forkserver has used -T since 29ac2860, back in 2004. Obviously prefork is newer and has seen less testing, but most of the module code and plugins have seen plenty of taint-checked use. I guess this raises a question: The return values from config() are tainted. Should we de-taint them? Matt.
Re: [qpsmtpd] Still looking: tcpserver startup for qpsmtpd-prefork 0.81
After kludging the insecure dependency error... I get 5 permanent copies of prefork in the process table, and one copy that keeps on starting and dying (new PID every time I look). It seems to take a long time before anything shows up in the log, though, which is why it may have taken so long for me to get this far... Looking at the log, I see the startup, but that pesky 6th process is associated with the following lines in the log file: FATAL: Failed to start daemon. Reason: Address already in use (It may be nessesary to wait 20 secs before starting daemon again) I'll keep plugging at it :-/ J.
Re: [qpsmtpd] Still looking: tcpserver startup for qpsmtpd-prefork 0.81
On Thu, 21 May 2009, J wrote: I'll keep plugging at it :-/ Progress, I think. I added back the sh -c '...' stuff to my run file, but without the other stuff Charlie said shouldn't be there. Here's what I have now: #!/bin/sh exec 21 \ sh -c ' exec \ /usr/local/bin/softlimit -m 1 \ /usr/bin/perl -T ./qpsmtpd-prefork \ --port 25 \ --port 587 \ --children 30 \ --idle-children 5 \ --renice-parent 5 \ --max-from-ip 10 \ --user smtpd ' = This appears to work, for the most part. Apart from my manual test connection being identified as an unauthorized relay attempt (this is not fully configured, yet), there are two issues that I see: 1) The disconnection from the remote host (manual connection and 'quit') leaves a process in the table: ./qpsmtpd-prefork [192.168.1.50 : testlaptop : 16:16:03 2009-05-21] It's been there for about 10 minutes, now, and shows no sign of going anywhere, soon. 2) I was unable to connect to port 25 (Connection Refused). I checked with 'netstat' and found that port 25 was not being listened on. Is there still a problem with prefork only being able to listen on a single port? Thanks. J.
Re: [qpsmtpd] Still looking: tcpserver startup for qpsmtpd-prefork 0.81
On Thu, 21 May 2009, Matt Sergeant wrote: On Thu, 21 May 2009, Devin Carraway wrote: On Wed, May 20, 2009 at 09:40:21PM -0400, Charlie Brady wrote: I think the -T *should* be there on the command line, but there are some bugs in qpsmtpd and/or your plugins which need to be fixed before it will work. forkserver has used -T since 29ac2860, back in 2004. Obviously prefork is newer and has seen less testing, but most of the module code and plugins have seen plenty of taint-checked use. I guess this raises a question: The return values from config() are tainted. Should we de-taint them? That depends IMO on whether they can contain attack data. I don't see how they could, so therefore the taint checking is just a nuisance, rather than providing protection against unchecked hostile data. Hence blanket de-taint is probably reasonable.
Re: [qpsmtpd] Still looking: tcpserver startup for qpsmtpd-prefork 0.81
On Thu, May 21, 2009 at 07:23:55AM +, Matt Sergeant wrote: I guess this raises a question: The return values from config() are tainted. Should we de-taint them? I think so. Integrity of the config files is an issue handled much higher up, not by taint checks way down in plugins. -- Devin \ aqua(at)devin.com, IRC:Requiem; http://www.devin.com Carraway \ 1024D/E9ABFCD2: 13E7 199E DD1E 65F0 8905 2E43 5395 CA0D E9AB FCD2
Re: [qpsmtpd] Still looking: tcpserver startup for qpsmtpd-prefork 0.81
J wrote: Can we get this put into the wiki? Feel free to edit the wiki. It's open to all. Regards James Turnbull -- Author of: * Pro Linux Systems Administration (http://www.amazon.com/gp/product/1430219122/) * Pulling Strings with Puppet (http://www.amazon.com/gp/product/1590599780/) * Pro Nagios 2.0 (http://www.amazon.com/gp/product/1590596099/) * Hardening Linux (http://www.amazon.com/gp/product/159059/)
Re: [qpsmtpd] Still looking: tcpserver startup for qpsmtpd-prefork 0.81
On Tue, 19 May 2009, J wrote: I reinstalled clean, from scratch. I changed my 'run' file to the following: #!/bin/sh exec 21 \ sh -c ' exec \ /usr/local/bin/softlimit -m 1 \ ${PERL-perl} -T ./qpsmtpd-prefork \ --port 25 \ --port 587 \ --children 30 \ --idle-children 5 \ --pid-file /var/run/qpsmtpd.pid \ --renice-parent 5 \ --detach \ --max-from-ip 10 \ --user smtpd ' You're not setting $PERL, do you don't need to use sh -x. You don't want --detach either - supervise won't provide a controlling terminal, and you mustn't daemonise. You also don't need --pid-file with supervise/runit. So try: #!/bin/sh exec 21 \ exec \ /usr/local/bin/softlimit -m 1 \ /usr/bin/perl -T ./qpsmtpd-prefork \ --port 25 \ --port 587 \ --children 30 \ --idle-children 5 \ --renice-parent 5 \ --max-from-ip 10 \ --user smtpd
Re: [qpsmtpd] Still looking: tcpserver startup for qpsmtpd-prefork 0.81
On Wed, 20 May 2009, Charlie Brady wrote: I changed my 'run' file to the following: #!/bin/sh exec 21 \ sh -c ' exec \ /usr/local/bin/softlimit -m 1 \ ${PERL-perl} -T ./qpsmtpd-prefork \ --port 25 \ --port 587 \ --children 30 \ --idle-children 5 \ --pid-file /var/run/qpsmtpd.pid \ --renice-parent 5 \ --detach \ --max-from-ip 10 \ --user smtpd ' You're not setting $PERL, do you don't need to use sh -x. You don't want --detach either - supervise won't provide a controlling terminal, and you mustn't daemonise. You also don't need --pid-file with supervise/runit. So try: #!/bin/sh exec 21 \ exec \ /usr/local/bin/softlimit -m 1 \ /usr/bin/perl -T ./qpsmtpd-prefork \ --port 25 \ --port 587 \ --children 30 \ --idle-children 5 \ --renice-parent 5 \ --max-from-ip 10 \ --user smtpd Yes! Perfect!! Thanks!!! You've come through for me again, Charlie - thanks so much. The stock config/plugins runs. Now I just need to see how broken my plugins are (or aren't). Can we get this put into the wiki? J.
Re: [qpsmtpd] Still looking: tcpserver startup for qpsmtpd-prefork 0.81
On Wed, 20 May 2009, Charlie Brady wrote: So try: #!/bin/sh exec 21 \ exec \ /usr/local/bin/softlimit -m 1 \ /usr/bin/perl -T ./qpsmtpd-prefork \ --port 25 \ --port 587 \ --children 30 \ --idle-children 5 \ --renice-parent 5 \ --max-from-ip 10 \ --user smtpd Looks like I spoke too soon... I set everything up with the stock config/plugins, and that run file, and after I linked qpsmtpd into /service/, it loaded as expected, waiting for connections. However, when I use 'svc' to HUP or bring the service down and then up, I get the following error, repeating: ./run: line 2: exec: exec: not found The process table shows prefork loading and dying, over and over. Ideas? Thanks. J.
Re: [qpsmtpd] Still looking: tcpserver startup for qpsmtpd-prefork 0.81
On Wed, 20 May 2009, J wrote: On Wed, 20 May 2009, Charlie Brady wrote: So try: #!/bin/sh exec 21 \ exec \ /usr/local/bin/softlimit -m 1 \ /usr/bin/perl -T ./qpsmtpd-prefork \ --port 25 \ --port 587 \ --children 30 \ --idle-children 5 \ --renice-parent 5 \ --max-from-ip 10 \ --user smtpd Looks like I spoke too soon... I set everything up with the stock config/plugins, and that run file, and after I linked qpsmtpd into /service/, it loaded as expected, waiting for connections. However, when I use 'svc' to HUP or bring the service down and then up, I get the following error, repeating: ./run: line 2: exec: exec: not found The process table shows prefork loading and dying, over and over. I compared the run file with other run files (i.e. djbdns and qmail) and I think the problem is with the trailing ' \' on the 2nd line (the first exec). When I remove that (and installed a missing Math::BigInt package from CPAN), everything loads, but complains about an insecure dependency on line 416 in setpriority (in qpsmtpd-prefork). (And the prefork processes keep showing up in the process table, and dying.) I expect that this was tested before being released, so there is probably still something wrong with my setup :-( I even reduced the config/plugins file to just: dont_require_anglebrackets check_relay rcpt_ok Not sure what to try next... J.
Re: [qpsmtpd] Still looking: tcpserver startup for qpsmtpd-prefork 0.81
On Wed, 20 May 2009, J wrote: I compared the run file with other run files (i.e. djbdns and qmail) and I think the problem is with the trailing ' \' on the 2nd line (the first exec). Indeed. That shouldn't be there. When I remove that (and installed a missing Math::BigInt package from CPAN), everything loads, but complains about an insecure dependency on line 416 in setpriority (in qpsmtpd-prefork). (And the prefork processes keep showing up in the process table, and dying.) I expect that this was tested before being released, so there is probably still something wrong with my setup :-( I think the -T shouldn't be there on the command line. Though it is probably a bug, I'm guessing we don't test with taint on. Matt.
Re: [qpsmtpd] Still looking: tcpserver startup for qpsmtpd-prefork 0.81
On Wed, 20 May 2009, J wrote: On Wed, 20 May 2009, Charlie Brady wrote: So try: #!/bin/sh exec 21 \ exec \ /usr/local/bin/softlimit -m 1 \ ... ./run: line 2: exec: exec: not found Sorry, I cut and pasted without checking each line. You are asking shell to run this: exec 21 exec /usr/local/bin/softlimit -m 1 ... You want it to do this: exec 21 and then: exec /usr/local/bin/softlimit -m 1 ...
Re: [qpsmtpd] Still looking: tcpserver startup for qpsmtpd-prefork 0.81
On Thu, 21 May 2009, Matt Sergeant wrote: On Wed, 20 May 2009, J wrote: When I remove that (and installed a missing Math::BigInt package from CPAN), everything loads, but complains about an insecure dependency on line 416 in setpriority (in qpsmtpd-prefork). (And the prefork processes keep showing up in the process table, and dying.) I expect that this was tested before being released, so there is probably still something wrong with my setup :-( I think the -T shouldn't be there on the command line. I think the -T *should* be there on the command line, but there are some bugs in qpsmtpd and/or your plugins which need to be fixed before it will work. Though it is probably a bug, I'm guessing we don't test with taint on. Perl taint mode is an underutilised gem. --- Charlie
Re: [qpsmtpd] Still looking: tcpserver startup for qpsmtpd-prefork 0.81
On Wed, 20 May 2009, Charlie Brady wrote: Though it is probably a bug, I'm guessing we don't test with taint on. Perl taint mode is an underutilised gem. It is, but it's also buggy and annoying. (there's a completely ignored bug in perl with -T and hash keys which I filed months ago) Matt.
Re: [qpsmtpd] Still looking: tcpserver startup for qpsmtpd-prefork 0.81
On Wed, May 20, 2009 at 10:28 PM, Matt Sergeant m...@sergeant.org wrote: (there's a completely ignored bug in perl with -T and hash keys which I filed months ago) Matt. that hash keys are never tainted is documented, if that's your bug. It allows for a quick and dirty sub detaint($){ [ keys %{{ $_[0] = 1 }} ] - [0] } -- between myriad opposing forces
Re: [qpsmtpd] Still looking: tcpserver startup for qpsmtpd-prefork 0.81
On Wed, 20 May 2009, David Nicol wrote: On Wed, May 20, 2009 at 10:28 PM, Matt Sergeant m...@sergeant.org wrote: (there's a completely ignored bug in perl with -T and hash keys which I filed months ago) that hash keys are never tainted is documented, if that's your bug. It allows for a quick and dirty sub detaint($){ [ keys %{{ $_[0] = 1 }} ] - [0] } Nope. #56842. Very annoying. Matt.