Discussion:
Postfix -> proemial issues..
(too old to reply)
Don Krause
2016-08-05 22:20:11 UTC
Permalink
I know this is probably the wrong place for this question, but maybe someone can point out the “Hey Idiot, you missed something” part of the setup.

New Debian 8 install, distribution provided postfix and procmail. (This is a pre-upgrade, test box. Mail is just being forwarded from my regular postfix email server to this one for testing.)

Email reception and delivery appear to work fine, no errors in the log file.

Log file says:

Aug 5 14:43:58 electron postfix/local[976]: 808D751D: to=<***@electron2.admin.optivus.com>, relay=local, delay=0.07, delays=0.01/0/0/0.06, dsn=2.0.0, status=sent (delivered to command: procmail)
Aug 5 14:43:58 electron postfix/qmgr[964]: 808D751D: removed

Procmail is SUID GUID, and delivers to the correct place. It’s running verbose, and reports no errors.

ls -la /usr/bin/procmail
-rwsr-sr-x 1 root mail 89248 Feb 11 2015 /usr/bin/procmail

Mail type is Maildir.

procmail KNOWS who I am, it’s delivering in my home folder, in exactly the right place. It’s creating log files with my username in them. (This pretty much means that postfix is passing user info along for the ride)

From ***@optivus.com Fri Aug 5 14:43:53 2016
Subject: RE: New User Account
Folder: /home/testing/towelie/dkrause/Maildir/new/1470433433.977_0.e 5563
procmail: [978] Fri Aug 5 14:43:58 2016
procmail: Assigning "PATH=/usr/bin:/usr/local/bin:/usr/bin:/bin"
procmail: Assigning "SHELL=/bin/sh"
procmail: Assigning "INCLUDERC=/home/testing/towelie/dkrause/.procmailrc"
procmail: Couldn't read "/home/testing/towelie/dkrause/.procmailrc"
procmail: Acquiring kernel-lock
procmail: Assigning "LASTFOLDER=/home/testing/towelie/dkrause/Maildir/new/1470433433.977_0.electron"
procmail: Notified comsat: "***@0:/home/testing/towelie/dkrause/Maildir/new/147033433.977_0.electron"


But, no matter what I do, mail files are owned by root:mail

# ls -la
total 248
drwx------ 2 dkrause gensw 4096 Aug 5 15:03 .
drwxr-xr-x 97 dkrause gensw 4096 Aug 5 11:59 ..
-rw------- 1 root mail 12434 Aug 5 14:28 1470432530.5969_0.electron
-rw------- 1 root mail 5504 Aug 5 14:38 1470433109.6006_0.electron
-rw------- 1 root mail 5563 Aug 5 14:43 1470433433.977_0.electron
-rw------- 1 root mail 15034 Aug 5 14:43 1470433438.978_0.electron
-rw------- 1 root mail 7334 Aug 5 14:44 1470433457.979_0.electron
-rw------- 1 root mail 23582 Aug 5 14:46 1470433606.1005_0.electron
-rw------- 1 root mail 9368 Aug 5 14:48 1470433739.1011_0.electron
-rw------- 1 root mail 7557 Aug 5 14:50 1470433815.1012_0.electron
-rw------- 1 root mail 33175 Aug 5 14:52 1470433947.1018_0.electron
-rw------- 1 root mail 42598 Aug 5 14:56 1470434201.1024_0.electron
-rw------- 1 root mail 48232 Aug 5 14:58 1470434292.1026_0.electron
-rw------- 1 root mail 5133 Aug 5 15:03 1470434628.1041_0.electron
-rw------- 1 root mail 3798 Aug 5 15:03 1470434628.1043_0.electron

pwd
/home/testing/towelie/dkrause/Maildir/new

procmail is postfix’s mailbox_command, these options all produce the exact same results.

#mailbox_command = /usr/bin/procmail -d "$USER" -a "$EXTENSION"
#mailbox_command = procmail -a "$EXTENSION"
mailbox_command = procmail

I’m hoping I’m just too blind to see the error today, and someone out there has a quick fix.

Thanks.

--
Don Krause

"This message represents the official view of the voices in my head."
Don Krause
2016-08-06 00:22:03 UTC
Permalink
Post by Don Krause
I know this is probably the wrong place for this question, but maybe someone can point out the “Hey Idiot, you missed something” part of the setup.
New Debian 8 install, distribution provided postfix and procmail. (This is a pre-upgrade, test box. Mail is just being forwarded from my regular postfix email server to this one for testing.)
Email reception and delivery appear to work fine, no errors in the log file.
Aug 5 14:43:58 electron postfix/qmgr[964]: 808D751D: removed
Procmail is SUID GUID, and delivers to the correct place. It’s running verbose, and reports no errors.
ls -la /usr/bin/procmail
-rwsr-sr-x 1 root mail 89248 Feb 11 2015 /usr/bin/procmail
Mail type is Maildir.
procmail KNOWS who I am, it’s delivering in my home folder, in exactly the right place. It’s creating log files with my username in them. (This pretty much means that postfix is passing user info along for the ride)
Subject: RE: New User Account
Folder: /home/testing/towelie/dkrause/Maildir/new/1470433433.977_0.e 5563
procmail: [978] Fri Aug 5 14:43:58 2016
procmail: Assigning "PATH=/usr/bin:/usr/local/bin:/usr/bin:/bin"
procmail: Assigning "SHELL=/bin/sh"
procmail: Assigning "INCLUDERC=/home/testing/towelie/dkrause/.procmailrc"
procmail: Couldn't read "/home/testing/towelie/dkrause/.procmailrc"
procmail: Acquiring kernel-lock
procmail: Assigning "LASTFOLDER=/home/testing/towelie/dkrause/Maildir/new/1470433433.977_0.electron"
Running “local” verbose, it’s NOT a postfix issue.

Aug 5 17:08:46 electron postfix/local[1436]: mac_parse: $home/.forward
Aug 5 17:08:46 electron postfix/local[1436]: set_eugid: euid 1462 egid 202
Aug 5 17:08:46 electron postfix/local[1436]: set_eugid: euid 108 egid 114
Aug 5 17:08:46 electron postfix/local[1436]: deliver_dotforward: path /home/testing/towelie/dkrause/.forward expand_status 0 look_status -1
Aug 5 17:08:46 electron postfix/local[1436]: deliver_mailbox[3]: local dkrause recip ***@electron2.admin.optivus.com exten deliver ***@electron2.admin.optivus.com exp_from
Aug 5 17:08:46 electron postfix/local[1436]: been_here: mailbox dkrause: 0
Aug 5 17:08:46 electron postfix/local[1436]: deliver_mailbox[3]: set user_attr: dkrause
Aug 5 17:08:46 electron postfix/local[1436]: deliver_command[4]: local dkrause recip ***@electron2.admin.optivus.com exten deliver ***@electron2.admin.optivus.com exp_from
Aug 5 17:08:46 electron postfix/local[1436]: been_here: command dkrause:1462 procmail: 0
Aug 5 17:08:46 electron postfix/local[1436]: mac_parse:
Aug 5 17:08:46 electron postfix/local[1446]: setugid: uid 1462 gid 202
Aug 5 17:08:46 electron postfix/local[1436]: BA22751D: to=<***@electron2.admin.optivus.com>, relay=local, delay=0.1, delays=0.03/0.02/0/0.06, dsn=2.0.0, status=sent (delivered to command: procmail)
Aug 5 17:08:46 electron postfix/local[1436]: deliver_request_final: send: "" 0
Aug 5 17:08:46 electron postfix/local[1436]: send attr status =
Aug 5 17:08:46 electron postfix/local[1436]: send attr diag_type =
Aug 5 17:08:46 electron postfix/local[1436]: send attr diag_text =
Aug 5 17:08:46 electron postfix/local[1436]: send attr mta_type =

You can see local sets the aid/gid correctly before calling procmail. So it stands to reason if procmail is being run as me, there’s no real reason for it to be SUID/GIUD. Remove that, and it appears to deliver as expected.


Sorry for the noise..

--
=Don “It’s been a long day
” Krause=

Loading...