'Re: Problem using amavisd 2.9.and sendmail on Centos 7'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       amavis-user
Subject:    Re: Problem using amavisd 2.9.and sendmail on Centos 7
From:       Matthias Weigel <matthias.weigel () maweos ! de>
Date:       2015-05-20 16:25:54
Message-ID: 555CB592.8090107 () maweos ! de
[Download RAW message or body]

Hi Juan,

the problem is systemd.

The default systemd config for amavis seems to not allow sendmail to use
setgid, but sendmail needs that. So may other programs called by amavis.

systemd once again thinks it is the "Master Control Program".


Best Regards

Matthias

Am 20.05.2015 um 17:13 schrieb Juan Orti Alcaine:
> But my question is if it was because amavisd was trying to execute a
> suid binary to do that or, for example, it was a member of a secondary
> group and those permissions were not in effect.
> 
> 2015-05-20 17:06 GMT+02:00 bortolotti <daniela.bortolotti@bo.infn.it
> <mailto:daniela.bortolotti@bo.infn.it>>:
> 
>     Hi,
>     amavisd was not enable to push its mail into a sendmail dir
>     /var/spool/clientmqueue
>     of a S.O. Centos 7.
> 
>     Best regards
>     Daniela Bortolotti
> 
> 
> 
> 
>     On 05/20/2015 04:40 PM, Juan Orti Alcaine wrote:
>>     I'd like to know what was NoNewPrivileges forbidding. Was it
>>     amavisd changing uid when running a suid binary?
>>
>>
>>
>>     2015-05-20 16:00 GMT+02:00 bortolotti
>>     <daniela.bortolotti@bo.infn.it
>>     <mailto:daniela.bortolotti@bo.infn.it>>:
>>
>>         Hi Matthias,
>>         we changed the parameter NoNewPrivileges in
>>         amavisd boot script of Centos 7 and any problem disappeared.
>>
>>         Thank a lot for your help
>>
>>         Best regards
>>         Daniela Bortolotti
>>
>>
>>         On 05/15/2015 10:11 AM, Matthias Weigel wrote:
>>
>>             Hi Daniela,
>>
>>             NoNewPrivileges=false
>>
>>             seems to be needed.
>>             There are many other similar systemd settings that can
>>             cause your
>>             problem, e.g. SecureBits, Capabilities, and others.
>>
>>             Can you as a test try to run amavisd without systemd,
>>             directly from a shell?
>>             systemctl stop amavisd
>>             sudo -u amavis -s /usr/sbin/amavisd -c amavisd.conf debug
>>
>>             Best Regards
>>
>>             Matthias
>>
>>
>>
>>
>>
>>
>>     -- 
>>     Juan Orti
>>     https://miceliux.com
>>
>>     GPG key: https://miceliux.com/pub/pubkey.asc
>>     GPG fingerprint: 61F0 8272 6882 BCA6 3A35  88F6 B630 4B72 DEEB D08B
> 
> 
> 
> 
> -- 
> Juan Orti
> https://miceliux.com
> 
> GPG key: https://miceliux.com/pub/pubkey.asc
> GPG fingerprint: 61F0 8272 6882 BCA6 3A35  88F6 B630 4B72 DEEB D08B
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic