Re: Beginner help
On Tue, 18 Feb 2014 13:04:24 +0100 Isak Andersson wrote: > Hi Eriik and Jason! > > It sounds very much like it could be an issue with permissions. I have been > trying to change the permissions around a little bit and making the owner > the smtpd (which is the user that systemd starts it as) user (there is also > an smtpq user which I guess does the sendning? q for queue?). I still get > the same error and an additional warning that the certificate is not owned > by uid 0. Here is the errors and permissions: > > ``` > [root@BrutusBjare isak]# systemctl restart smtpd > Job for smtpd.service failed. See 'systemctl status smtpd.service' and > 'journalctl -xn' for details. > [root@BrutusBjare isak]# journalctl -xn > -- Logs begin at Fri 2013-03-29 01:07:20 UTC, end at Tue 2014-02-18 > 12:03:16 UTC. -- > Feb 18 12:00:28 BrutusBjare systemd[1]: Unit smtpd.service entered failed > state. > Feb 18 12:02:17 BrutusBjare sshd[5738]: pam_unix(sshd:auth): authentication > failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ns215641.ovh.net > user=root > Feb 18 12:02:18 BrutusBjare sshd[5738]: Failed password for root from > 94.23.247.130 port 44229 ssh2 > Feb 18 12:02:18 BrutusBjare sshd[5738]: Received disconnect from > 94.23.247.130: 11: Bye Bye [preauth] > Feb 18 12:03:16 BrutusBjare systemd[1]: Starting OpenSMTPD... > -- Subject: Unit smtpd.service has begun with start-up > -- Defined-By: systemd > -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel > -- > -- Unit smtpd.service has begun starting up. > Feb 18 12:03:16 BrutusBjare smtpd[5742]: warn: > /etc/ssl/certs/puffinmail.crt: not owned by uid 0 > Feb 18 12:03:16 BrutusBjare smtpd[5742]: fatal: load_ssl_tree: failed to > load certificate file > Feb 18 12:03:16 BrutusBjare systemd[1]: smtpd.service: control process > exited, code=exited status=1 > Feb 18 12:03:16 BrutusBjare systemd[1]: Failed to start OpenSMTPD. > -- Subject: Unit smtpd.service has failed > -- Defined-By: systemd > -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel > -- Documentation: > http://www.freedesktop.org/wiki/Software/systemd/catalog/be02cf6855d2428ba40df7e9d022f03d > -- > -- Unit smtpd.service has failed. > -- > -- The result is failed. > Feb 18 12:03:16 BrutusBjare systemd[1]: Unit smtpd.service entered failed > state. > [root@BrutusBjare isak]# smtpd -n > warn: /etc/ssl/certs/puffinmail.crt: not owned by uid 0 > fatal: load_ssl_tree: failed to load certificate file > [root@BrutusBjare isak]# ls -l /etc/ssl/certs/puffinmail.crt > -rw-r--r-- 1 smtpd root 6335 Feb 18 02:02 /etc/ssl/certs/puffinmail.crt > [root@BrutusBjare isak]# ls -l /etc/ssl/private/puffinmail.key > -rw-r--r-- 1 smtpd root 12603 Feb 18 02:00 /etc/ssl/private/puffinmail.key > [root@BrutusBjare isak]# What happens if you change owner to root (crt and key file) and chmod 600 at least the key file? -- Herbert -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: Article about Opensmtpd on OpenBSD 5.4
Messieurs,Mesdames, L'article sera publié sur le site unix-expérience mais il a aussi fait l'objet d'une dêpeche sur linuxfr. https://linuxfr.org/news/opensmtpd-premiers-pas Merci à vous Cordialement Olivier Calzi Le 17 février 2014 10:01, Gilles Chehade a écrit : > Desole pour le delai, j'ai du quitter Paris en urgence ;-) > > L'article est sympa, je n'ai rien vu de choquant > > > -- > Gilles Chehade > > https://www.poolp.org @poolpOrg >
Re: Beginner help
Yeah I would imagine it does sometihng like that for that reason indeed. It is probably the reason for the warning, but root should be able to read any file regardless of owner as far as I know. And initially I did make root the owner according to the examples on the opensmtpd website and even set the permissions to 600. Basically I recreated the cert exactly the same way that they did on the website. Only with more bits on the cert (16384) There is a wheel group that my user is in to be able to do root actions with sudo. But is it a good idea to let other program users be in the same group? Such as smtpd/smtpq? On Tue, Feb 18, 2014 at 1:31 PM, Erik LE VACON wrote: > Remember any program trying to open a port < 1024 needs to launch for > itself a process using uid 0, then after it calls > setuid/gid(ID_value(usually > 1000)) to lower its privileges. > Don't know how smtpd works internally, but for sure it has to be root > during the socket init. So question is: is it still root while reading > certs and keys, reason for the error you got ? > OpenBSD proposes a *wheel* group for a daemonID to be able to su for such > actions. On arch, i don't know... > > > > Le 18/02/2014 13:10, Isak Andersson a écrit : > > Woops, forgot about the /etc/ssl directory: > > ``` > root@BrutusBjare isak]# ls -l /etc/ | grep ssl > drwxr-xr-x 5 root root 4096 Feb 17 03:19 ssl > ``` > > Cheers! > > > On Tue, Feb 18, 2014 at 1:04 PM, Isak Andersson wrote: > >> Hi Eriik and Jason! >> >> It sounds very much like it could be an issue with permissions. I have >> been trying to change the permissions around a little bit and making the >> owner the smtpd (which is the user that systemd starts it as) user (there >> is also an smtpq user which I guess does the sendning? q for queue?). I >> still get the same error and an additional warning that the certificate is >> not owned by uid 0. Here is the errors and permissions: >> >> ``` >> [root@BrutusBjare isak]# systemctl restart smtpd >> Job for smtpd.service failed. See 'systemctl status smtpd.service' and >> 'journalctl -xn' for details. >> [root@BrutusBjare isak]# journalctl -xn >> -- Logs begin at Fri 2013-03-29 01:07:20 UTC, end at Tue 2014-02-18 >> 12:03:16 UTC. -- >> Feb 18 12:00:28 BrutusBjare systemd[1]: Unit smtpd.service entered failed >> state. >> Feb 18 12:02:17 BrutusBjare sshd[5738]: pam_unix(sshd:auth): >> authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost= >> ns215641.ovh.net user=root >> Feb 18 12:02:18 BrutusBjare sshd[5738]: Failed password for root from >> 94.23.247.130 port 44229 ssh2 >> Feb 18 12:02:18 BrutusBjare sshd[5738]: Received disconnect from >> 94.23.247.130: 11: Bye Bye [preauth] >> Feb 18 12:03:16 BrutusBjare systemd[1]: Starting OpenSMTPD... >> -- Subject: Unit smtpd.service has begun with start-up >> -- Defined-By: systemd >> -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel >> -- >> -- Unit smtpd.service has begun starting up. >> Feb 18 12:03:16 BrutusBjare smtpd[5742]: warn: >> /etc/ssl/certs/puffinmail.crt: not owned by uid 0 >> Feb 18 12:03:16 BrutusBjare smtpd[5742]: fatal: load_ssl_tree: failed to >> load certificate file >> Feb 18 12:03:16 BrutusBjare systemd[1]: smtpd.service: control process >> exited, code=exited status=1 >> Feb 18 12:03:16 BrutusBjare systemd[1]: Failed to start OpenSMTPD. >> -- Subject: Unit smtpd.service has failed >> -- Defined-By: systemd >> -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel >> -- Documentation: >> http://www.freedesktop.org/wiki/Software/systemd/catalog/be02cf6855d2428ba40df7e9d022f03d >> -- >> -- Unit smtpd.service has failed. >> -- >> -- The result is failed. >> Feb 18 12:03:16 BrutusBjare systemd[1]: Unit smtpd.service entered failed >> state. >> [root@BrutusBjare isak]# smtpd -n >> warn: /etc/ssl/certs/puffinmail.crt: not owned by uid 0 >> >> fatal: load_ssl_tree: failed to load certificate file >> [root@BrutusBjare isak]# ls -l /etc/ssl/certs/puffinmail.crt >> -rw-r--r-- 1 smtpd root 6335 Feb 18 02:02 /etc/ssl/certs/puffinmail.crt >> [root@BrutusBjare isak]# ls -l /etc/ssl/private/puffinmail.key >> -rw-r--r-- 1 smtpd root 12603 Feb 18 02:00 /etc/ssl/private/puffinmail.key >> [root@BrutusBjare isak]# >> ``` >> >> Thanks! >> >> >> On Tue, Feb 18, 2014 at 12:36 PM, Jason Barbier wrote: >> >>> On , Isak Andersson wrote: >>> Hello! >>> HEY! >>> >>> *snip* >>> >>> Which is strange because the files are indeed there: BrutusBjare% ls /etc/ssl/certs/puffinmail.crt /etc/ssl/certs/puffinmail.crt BrutusBjare% ls /etc/ssl/private puffinmail.key `` *snip* >>> Could you show us the permissions you have the certs set to, and your >>> /etc/ssl directory. there may be a chance that OpenSMTPD can not transverse >>> them or read the cert. >>> >> >> > > -- > Erik LE VACON > 8 Rue de Vaucouleurs > 75011 Paris > Tel: +33951715528 > Fax: +33956715528 > ema
Re: Beginner help
Woops, forgot about the /etc/ssl directory: ``` root@BrutusBjare isak]# ls -l /etc/ | grep ssl drwxr-xr-x 5 root root 4096 Feb 17 03:19 ssl ``` Cheers! On Tue, Feb 18, 2014 at 1:04 PM, Isak Andersson wrote: > Hi Eriik and Jason! > > It sounds very much like it could be an issue with permissions. I have > been trying to change the permissions around a little bit and making the > owner the smtpd (which is the user that systemd starts it as) user (there > is also an smtpq user which I guess does the sendning? q for queue?). I > still get the same error and an additional warning that the certificate is > not owned by uid 0. Here is the errors and permissions: > > ``` > [root@BrutusBjare isak]# systemctl restart smtpd > Job for smtpd.service failed. See 'systemctl status smtpd.service' and > 'journalctl -xn' for details. > [root@BrutusBjare isak]# journalctl -xn > -- Logs begin at Fri 2013-03-29 01:07:20 UTC, end at Tue 2014-02-18 > 12:03:16 UTC. -- > Feb 18 12:00:28 BrutusBjare systemd[1]: Unit smtpd.service entered failed > state. > Feb 18 12:02:17 BrutusBjare sshd[5738]: pam_unix(sshd:auth): > authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost= > ns215641.ovh.net user=root > Feb 18 12:02:18 BrutusBjare sshd[5738]: Failed password for root from > 94.23.247.130 port 44229 ssh2 > Feb 18 12:02:18 BrutusBjare sshd[5738]: Received disconnect from > 94.23.247.130: 11: Bye Bye [preauth] > Feb 18 12:03:16 BrutusBjare systemd[1]: Starting OpenSMTPD... > -- Subject: Unit smtpd.service has begun with start-up > -- Defined-By: systemd > -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel > -- > -- Unit smtpd.service has begun starting up. > Feb 18 12:03:16 BrutusBjare smtpd[5742]: warn: > /etc/ssl/certs/puffinmail.crt: not owned by uid 0 > Feb 18 12:03:16 BrutusBjare smtpd[5742]: fatal: load_ssl_tree: failed to > load certificate file > Feb 18 12:03:16 BrutusBjare systemd[1]: smtpd.service: control process > exited, code=exited status=1 > Feb 18 12:03:16 BrutusBjare systemd[1]: Failed to start OpenSMTPD. > -- Subject: Unit smtpd.service has failed > -- Defined-By: systemd > -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel > -- Documentation: > http://www.freedesktop.org/wiki/Software/systemd/catalog/be02cf6855d2428ba40df7e9d022f03d > -- > -- Unit smtpd.service has failed. > -- > -- The result is failed. > Feb 18 12:03:16 BrutusBjare systemd[1]: Unit smtpd.service entered failed > state. > [root@BrutusBjare isak]# smtpd -n > warn: /etc/ssl/certs/puffinmail.crt: not owned by uid 0 > > fatal: load_ssl_tree: failed to load certificate file > [root@BrutusBjare isak]# ls -l /etc/ssl/certs/puffinmail.crt > -rw-r--r-- 1 smtpd root 6335 Feb 18 02:02 /etc/ssl/certs/puffinmail.crt > [root@BrutusBjare isak]# ls -l /etc/ssl/private/puffinmail.key > -rw-r--r-- 1 smtpd root 12603 Feb 18 02:00 /etc/ssl/private/puffinmail.key > [root@BrutusBjare isak]# > ``` > > Thanks! > > > On Tue, Feb 18, 2014 at 12:36 PM, Jason Barbier wrote: > >> On , Isak Andersson wrote: >> >>> Hello! >>> >>> >> HEY! >> >> *snip* >> >> Which is strange because the files are indeed there: >>> >>> BrutusBjare% ls /etc/ssl/certs/puffinmail.crt >>> /etc/ssl/certs/puffinmail.crt >>> BrutusBjare% ls /etc/ssl/private >>> puffinmail.key >>> `` >>> >>> *snip* >> Could you show us the permissions you have the certs set to, and your >> /etc/ssl directory. there may be a chance that OpenSMTPD can not transverse >> them or read the cert. >> > >
Re: Beginner help
Hi Eriik and Jason! It sounds very much like it could be an issue with permissions. I have been trying to change the permissions around a little bit and making the owner the smtpd (which is the user that systemd starts it as) user (there is also an smtpq user which I guess does the sendning? q for queue?). I still get the same error and an additional warning that the certificate is not owned by uid 0. Here is the errors and permissions: ``` [root@BrutusBjare isak]# systemctl restart smtpd Job for smtpd.service failed. See 'systemctl status smtpd.service' and 'journalctl -xn' for details. [root@BrutusBjare isak]# journalctl -xn -- Logs begin at Fri 2013-03-29 01:07:20 UTC, end at Tue 2014-02-18 12:03:16 UTC. -- Feb 18 12:00:28 BrutusBjare systemd[1]: Unit smtpd.service entered failed state. Feb 18 12:02:17 BrutusBjare sshd[5738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ns215641.ovh.net user=root Feb 18 12:02:18 BrutusBjare sshd[5738]: Failed password for root from 94.23.247.130 port 44229 ssh2 Feb 18 12:02:18 BrutusBjare sshd[5738]: Received disconnect from 94.23.247.130: 11: Bye Bye [preauth] Feb 18 12:03:16 BrutusBjare systemd[1]: Starting OpenSMTPD... -- Subject: Unit smtpd.service has begun with start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit smtpd.service has begun starting up. Feb 18 12:03:16 BrutusBjare smtpd[5742]: warn: /etc/ssl/certs/puffinmail.crt: not owned by uid 0 Feb 18 12:03:16 BrutusBjare smtpd[5742]: fatal: load_ssl_tree: failed to load certificate file Feb 18 12:03:16 BrutusBjare systemd[1]: smtpd.service: control process exited, code=exited status=1 Feb 18 12:03:16 BrutusBjare systemd[1]: Failed to start OpenSMTPD. -- Subject: Unit smtpd.service has failed -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- Documentation: http://www.freedesktop.org/wiki/Software/systemd/catalog/be02cf6855d2428ba40df7e9d022f03d -- -- Unit smtpd.service has failed. -- -- The result is failed. Feb 18 12:03:16 BrutusBjare systemd[1]: Unit smtpd.service entered failed state. [root@BrutusBjare isak]# smtpd -n warn: /etc/ssl/certs/puffinmail.crt: not owned by uid 0 fatal: load_ssl_tree: failed to load certificate file [root@BrutusBjare isak]# ls -l /etc/ssl/certs/puffinmail.crt -rw-r--r-- 1 smtpd root 6335 Feb 18 02:02 /etc/ssl/certs/puffinmail.crt [root@BrutusBjare isak]# ls -l /etc/ssl/private/puffinmail.key -rw-r--r-- 1 smtpd root 12603 Feb 18 02:00 /etc/ssl/private/puffinmail.key [root@BrutusBjare isak]# ``` Thanks! On Tue, Feb 18, 2014 at 12:36 PM, Jason Barbier wrote: > On , Isak Andersson wrote: > >> Hello! >> >> > HEY! > > *snip* > > Which is strange because the files are indeed there: >> >> BrutusBjare% ls /etc/ssl/certs/puffinmail.crt >> /etc/ssl/certs/puffinmail.crt >> BrutusBjare% ls /etc/ssl/private >> puffinmail.key >> `` >> >> *snip* > Could you show us the permissions you have the certs set to, and your > /etc/ssl directory. there may be a chance that OpenSMTPD can not transverse > them or read the cert. >
Re: Beginner help
On , Isak Andersson wrote: Hello! HEY! *snip* Which is strange because the files are indeed there: BrutusBjare% ls /etc/ssl/certs/puffinmail.crt /etc/ssl/certs/puffinmail.crt BrutusBjare% ls /etc/ssl/private puffinmail.key `` *snip* Could you show us the permissions you have the certs set to, and your /etc/ssl directory. there may be a chance that OpenSMTPD can not transverse them or read the cert. -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
