hi,
i filed bug 137216 for a problem that seems pretty serious to me. sendmail drops outgoing email with
Oct 25 14:25:40 rome sendmail[9106]: NOQUEUE: SYSERR(cpg): can not chdir(/var/spool/clientmqueue/): Permission denied
i gave it high priority because it loses data. details at:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=137216
however, i don't see anyone else having an issue on this.
the only thing different than standard config is something that most people downloading email will have to do and that is:
define(`SMART_HOST',`smtp.comcast.net') MASQUERADE_DOMAIN(myowndomain.com)dnl MASQUERADE_AS(myowndomain.com)dnl
noone running into this?
-c
Am Do, den 28.10.2004 schrieb Carlos Puchol um 1:09:
i filed bug 137216 for a problem that seems pretty serious to me. sendmail drops outgoing email with
Oct 25 14:25:40 rome sendmail[9106]: NOQUEUE: SYSERR(cpg): can not chdir(/var/spool/clientmqueue/): Permission denied
noone running into this?
No. A test with "date | mail -s test recipient" succeeded without a problem.
-c
With which MUA do you try to send mail? Seems the mail client running as user cpg tries to directly feed the submission queue. So it is a task to configure your client properly.
Or which permissions does the /usr/sbin/sendmail.sendmail binary have?
Alexander
hi alexander,
Alexander Dalloz wrote:
Am Do, den 28.10.2004 schrieb Carlos Puchol um 1:09:
Oct 25 14:25:40 rome sendmail[9106]: NOQUEUE: SYSERR(cpg): can not chdir(/var/spool/clientmqueue/): Permission denied
noone running into this?
No. A test with "date | mail -s test recipient" succeeded without a problem.
-c
With which MUA do you try to send mail? Seems the mail client running as user cpg tries to directly feed the submission queue. So it is a task to configure your client properly.
i use mutt. from what you say, i am guessing that the cpg in SYSERR(cpg) means that the id under which it is run is cpg. in that case, the issue is understandable that the process cannot go into the clientmqueue.
Or which permissions does the /usr/sbin/sendmail.sendmail binary have?
interesting that you ask that. turns out that it was actually owned by cpg.cpg.
hmmm. not sure how that happened, since i typically do all my work under either sudo or su.
at any rate, i changed it to smmsp.smmsp and tried again, but got the same issue. furthermore, i got it with the example you mention:
[22:12:50](2)rome:~$ date | mail -s test myuser@mydomain.com WARNING: RunAsUser for MSP ignored, check group ids (egid=100, want=51) can not chdir(/var/spool/clientmqueue/): Permission denied Program mode requires special privileges, e.g., root or TrustedUser. [22:15:30](2)rome:~$
that clearly indicates that the user id _is_ the issue.
[22:23:38](2)rome:~$ id cpg uid=500(cpg) gid=100(users) groups=100(users) [22:23:43](2)rome:~$ id smmsp uid=51(smmsp) gid=51(smmsp) groups=51(smmsp) [22:23:44](2)rome:~$
i removed the rpm, but i took a look at the permissions before doing that:
22:24:38](3)rome:cpg# ll -L /usr/sbin/sendmail* -rwxr-xr-x 1 smmsp smmsp 748296 Sep 1 03:20 /usr/sbin/sendmail -rwsr-xr-x 1 root root 2089729 Sep 13 09:20 /usr/sbin/sendmail.exim -rwxr-xr-x 1 root root 141344 Aug 5 08:03 /usr/sbin/sendmail.postfix -rwxr-xr-x 1 smmsp smmsp 748296 Sep 1 03:20 /usr/sbin/sendmail.sendmail [22:24:42](3)rome:cpg#
and the reinstalled. i got this:
[22:27:55](3)rome:cpg# ll -L /usr/sbin/sendmail* -rwxr-sr-x 1 root smmsp 748296 Sep 1 03:20 /usr/sbin/sendmail -rwsr-xr-x 1 root root 2089729 Sep 13 09:20 /usr/sbin/sendmail.exim -rwxr-xr-x 1 root root 141344 Aug 5 08:03 /usr/sbin/sendmail.postfix -rwxr-sr-x 1 root smmsp 748296 Sep 1 03:20 /usr/sbin/sendmail.sendmail [22:28:01](3)rome:cpg#
which clearly _would_ make things work. if it weren't for the fact that the settings (masquerade and smart host) also reset. then i set them up
[22:31:12](3)rome:mail# diff sendmail.mc.rpmsave sendmail.mc 22c22 < define(`SMART_HOST',`smtp.comcast.net') ---
dnl define(`SMART_HOST',`smtp.your.provider')
153c153 < FEATURE(masquerade_envelope)dnl ---
dnl FEATURE(masquerade_envelope)dnl
159,160c159 < MASQUERADE_DOMAIN(mydomain.com)dnl < MASQUERADE_AS(mydomain.com)dnl ---
dnl MASQUERADE_DOMAIN(localhost)dnl
[22:31:33](3)rome:mail# cp sendmail.mc.rpmsave sendmail.mc cp: overwrite `sendmail.mc'? y [22:31:37](3)rome:mail#
then restarted sendmail a couple of times from the command line and also from the services GUI, in case i could reproduce it.
i can't. so -- i am baffled as to how the user/group and the setuid was changed. i am 100% certain i did not change the permissions or user/group by hand.
thanks for your help, even though this will remain a mystery. if nothing else, this prompted me to finally switch to postfix, at least for outbound mail.
-c
self follow up ...
carlos puchol cpg@users.sourceforge.net wrote:
[22:27:55](3)rome:cpg# ll -L /usr/sbin/sendmail* -rwxr-sr-x 1 root smmsp 748296 Sep 1 03:20 /usr/sbin/sendmail -rwsr-xr-x 1 root root 2089729 Sep 13 09:20 /usr/sbin/sendmail.exim -rwxr-xr-x 1 root root 141344 Aug 5 08:03 /usr/sbin/sendmail.postfix -rwxr-sr-x 1 root smmsp 748296 Sep 1 03:20 /usr/sbin/sendmail.sendmail [22:28:01](3)rome:cpg#
i can't. so -- i am baffled as to how the user/group and the setuid was changed. i am 100% certain i did not change the permissions or user/group by hand.
after rebooting a couple of times i got the clientmqueue error again today and mail got dropped! admittedly i didn't notice before because i did not try sending email from the machine subject to this bug.
the permissions to /usr/sbin/sendmail.sendmail have gone _again_ to a user (my user - cpg)!!!
[15:02:38](1)rome:cpg# ll -L /usr/sbin/sendmail* -rwxr-xr-x 1 root root 141344 Aug 5 08:03 /usr/sbin/sendmail -rwsr-xr-x 1 root root 2089729 Sep 13 09:20 /usr/sbin/sendmail.exim -rwxr-xr-x 1 root root 141344 Aug 5 08:03 /usr/sbin/sendmail.postfix -rwxr-xr-x 1 cpg users 748296 Sep 1 03:20 /usr/sbin/sendmail.sendmail [15:02:40](1)rome:cpg#
i don't know how this can happen. this seems quite dangerous! thankfully the setuid is no longer there, but this seems awfully "close" to a security issue - some process is (incorrectly) changing permissions of sensitive system files.
more later when i have a chance to debug this ...
-c
Carlos Puchol wrote:
self follow up ...
carlos puchol cpg@users.sourceforge.net wrote:
[22:27:55](3)rome:cpg# ll -L /usr/sbin/sendmail* -rwxr-sr-x 1 root smmsp 748296 Sep 1 03:20 /usr/sbin/sendmail -rwsr-xr-x 1 root root 2089729 Sep 13 09:20 /usr/sbin/sendmail.exim -rwxr-xr-x 1 root root 141344 Aug 5 08:03 /usr/sbin/sendmail.postfix -rwxr-sr-x 1 root smmsp 748296 Sep 1 03:20 /usr/sbin/sendmail.sendmail [22:28:01](3)rome:cpg#
i can't. so -- i am baffled as to how the user/group and the setuid was changed. i am 100% certain i did not change the permissions or user/group by hand.
after rebooting a couple of times i got the clientmqueue error again today and mail got dropped! admittedly i didn't notice before because i did not try sending email from the machine subject to this bug.
the permissions to /usr/sbin/sendmail.sendmail have gone _again_ to a user (my user - cpg)!!!
[15:02:38](1)rome:cpg# ll -L /usr/sbin/sendmail* -rwxr-xr-x 1 root root 141344 Aug 5 08:03 /usr/sbin/sendmail -rwsr-xr-x 1 root root 2089729 Sep 13 09:20 /usr/sbin/sendmail.exim -rwxr-xr-x 1 root root 141344 Aug 5 08:03 /usr/sbin/sendmail.postfix -rwxr-xr-x 1 cpg users 748296 Sep 1 03:20 /usr/sbin/sendmail.sendmail [15:02:40](1)rome:cpg#
First of all: Why is /usr/sbin/sendmail a copy and not a soft-link? alternatives generates soft-links. Have you made this change by hand?
And at the moment you are using a copy of postfix and not sendmail.
i don't know how this can happen. this seems quite dangerous! thankfully the setuid is no longer there, but this seems awfully "close" to a security issue - some process is (incorrectly) changing permissions of sensitive system files.
more later when i have a chance to debug this ...
This is really strange. I have not seen this before.
-c
[15:02:38](1)rome:cpg# ll -L /usr/sbin/sendmail* -rwxr-xr-x 1 root root 141344 Aug 5 08:03 /usr/sbin/sendmail -rwsr-xr-x 1 root root 2089729 Sep 13 09:20 /usr/sbin/sendmail.exim -rwxr-xr-x 1 root root 141344 Aug 5 08:03 /usr/sbin/sendmail.postfix -rwxr-xr-x 1 cpg users 748296 Sep 1 03:20 /usr/sbin/sendmail.sendmail [15:02:40](1)rome:cpg#
First of all: Why is /usr/sbin/sendmail a copy and not a soft-link? alternatives generates soft-links. Have you made this change by hand?
And at the moment you are using a copy of postfix and not sendmail.
Is this system a hand-made copy of another system? sendmail.exim should be a link, too.
hi thomas, thanks for your reply.
Thomas Woerner twoerner@redhat.com wrote:
at the moment you are using a copy of postfix and not sendmail.
yes, i changed out of frustration.
First of all: Why is /usr/sbin/sendmail a copy and not a soft-link? alternatives generates soft-links.
it is a soft link. notice i used -L in the examples.
[12:09:43](1)rome:~$ ll /usr/sbin/sendmail* lrwxrwxrwx 1 root root 21 Oct 22 22:45 /usr/sbin/sendmail -> /etc/alternatives/mta lrwxrwxrwx 1 root root 4 Oct 22 23:09 /usr/sbin/sendmail.exim -> exim -rwxr-xr-x 1 root root 141344 Aug 5 08:03 /usr/sbin/sendmail.postfix -rwxr-sr-x 1 root smmsp 748296 Sep 1 03:20 /usr/sbin/sendmail.sendmail [12:09:49](1)rome:~$
Have you made this change by hand?
nothing like changing owners/groups (i know better than that). below is what i did by hand. i repeated now.
of course, with murphy presented itself, so now i don't see things changing.
the only thing i can think of is that to get to a root prompt, i may have done just su, not su - or ssh into root. does simple su (without a login shell) have traces of the invoking user?
in the trace below, i do what i did the other day. however, this time i have postfix as the alternative agent. how do i change the default mta to sendmail via a command line? (i usually do it via the applet thingie, but i am not using X at the moment - only remote shell in use.)
[11:33:17](1)rome:~# ll -L /usr/sbin/sendmail* -rwxr-xr-x 1 root root 141344 Aug 5 08:03 /usr/sbin/sendmail -rwsr-xr-x 1 root root 2089729 Sep 13 09:20 /usr/sbin/sendmail.exim -rwxr-xr-x 1 root root 141344 Aug 5 08:03 /usr/sbin/sendmail.postfix -rwxr-xr-x 1 cpg users 748296 Sep 1 03:20 /usr/sbin/sendmail.sendmail [11:33:19](1)rome:~# rpm -q sendmail sendmail-8.13.1-2 [11:33:25](1)rome:~# [11:33:59](1)rome:~# rpm -e sendmail warning: /var/log/mail/statistics saved as /var/log/mail/statistics.rpmsave warning: /etc/mail/submit.cf saved as /etc/mail/submit.cf.rpmsave warning: /etc/mail/sendmail.mc saved as /etc/mail/sendmail.mc.rpmsave warning: /etc/mail/sendmail.cf saved as /etc/mail/sendmail.cf.rpmsave [11:34:07](1)rome:~# ll -L /usr/sbin/sendmail* -rwxr-xr-x 1 root root 141344 Aug 5 08:03 /usr/sbin/sendmail -rwsr-xr-x 1 root root 2089729 Sep 13 09:20 /usr/sbin/sendmail.exim -rwxr-xr-x 1 root root 141344 Aug 5 08:03 /usr/sbin/sendmail.postfix [11:34:10](1)rome:~# [11:36:28](1)rome:~# rpm -Uvh /tmp/sendmail-8.13.1-2.x86_64.rpm warning: /tmp/sendmail-8.13.1-2.x86_64.rpm: V3 DSA signature: NOKEY, key ID 30c9ecf8 Preparing... ########################################### [100%] 1:sendmail ########################################### [100%] [11:36:50](1)rome:~# ll -L /usr/sbin/sendmail* -rwxr-xr-x 1 root root 141344 Aug 5 08:03 /usr/sbin/sendmail -rwsr-xr-x 1 root root 2089729 Sep 13 09:20 /usr/sbin/sendmail.exim -rwxr-xr-x 1 root root 141344 Aug 5 08:03 /usr/sbin/sendmail.postfix -rwxr-sr-x 1 root smmsp 748296 Sep 1 03:20 /usr/sbin/sendmail.sendmail [11:37:06](1)rome:~# [11:37:06](1)rome:~# cd /etc/mail 11:48:56](1)rome:mail# cat my.diff --- sendmail.mc 2004-09-01 03:20:22.000000000 -0700 +++ sendmail.mc.rpmsave 2004-10-27 22:31:37.000000000 -0700 -dnl define(`SMART_HOST',`smtp.your.provider') +define(`SMART_HOST',`smtp.comcast.net') dnl # define(`confDEF_USER_ID',``8:12'')dnl dnl define(`confAUTO_REBUILD')dnl @@ -150,13 +150,14 @@ dnl # dnl # masquerade not just the headers, but the envelope as well dnl # -dnl FEATURE(masquerade_envelope)dnl +FEATURE(masquerade_envelope)dnl dnl # dnl # masquerade not just @mydomainalias.com, but @*.mydomainalias.com as well dnl # dnl FEATURE(masquerade_entire_domain)dnl dnl # -dnl MASQUERADE_DOMAIN(localhost)dnl +MASQUERADE_DOMAIN(mydomain.com)dnl +MASQUERADE_AS(mydomain.com)dnl dnl MASQUERADE_DOMAIN(localhost.localdomain)dnl dnl MASQUERADE_DOMAIN(mydomainalias.com)dnl dnl MASQUERADE_DOMAIN(mydomain.lan)dnl [11:49:00](1)rome:mail# [11:49:34](1)rome:mail# patch -p0 < my.diff patching file sendmail.mc [11:49:43](1)rome:mail# make -C /etc/mail make: Entering directory `/etc/mail' make: Leaving directory `/etc/mail' [11:50:48](1)rome:mail# [11:53:55](1)rome:mail# ll -L /usr/sbin/sendmail* -rwxr-xr-x 1 root root 141344 Aug 5 08:03 /usr/sbin/sendmail -rwsr-xr-x 1 root root 2089729 Sep 13 09:20 /usr/sbin/sendmail.exim -rwxr-xr-x 1 root root 141344 Aug 5 08:03 /usr/sbin/sendmail.postfix -rwxr-sr-x 1 root smmsp 748296 Sep 1 03:20 /usr/sbin/sendmail.sendmail [11:54:00](1)rome:mail#
reboot ...
[12:11:11](1)rome:~$ ll -L /usr/sbin/sendmail* -rwxr-xr-x 1 root root 141344 Aug 5 08:03 /usr/sbin/sendmail -rwsr-xr-x 1 root root 2089729 Sep 13 09:20 /usr/sbin/sendmail.exim -rwxr-xr-x 1 root root 141344 Aug 5 08:03 /usr/sbin/sendmail.postfix -rwxr-sr-x 1 root smmsp 748296 Sep 1 03:20 /usr/sbin/sendmail.sendmail [12:11:14](1)rome:~$