-
Notifications
You must be signed in to change notification settings - Fork 38
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Socketmap Permission denied / Postfix chroot problem? #141
Comments
The warning about the home directory of nobody is harmless and can be ignored. Can you check the permissions assigned to the socket file |
Thanks for looking into this. Looks like it has wrong permissions 0755:
Should I just manually change the permissions or will this file get recreated on every Systemd service restart? Any idea why this happened in the build/install process? maybe because of my $ umask
0022 |
I confirm this working with 0666 permissions. But after every Systemd $ chmod a+w /var/spool/postfix/srs As a workaround I tried to put this in a Systemd override, [Service]
ExecStartPost=/bin/chmod a+w /var/spool/postfix/srs but that won't work - that post command seems to get executed but probably to early, so perms are still wrong (0755) @roehling Can you please fix this upstream by explicitly assigning correct permissions to that socket? |
I had to give up on PostSRSd 2.0.2 again, as again it caused major problems on my production host. Even with
only a |
I'm not sure what is going on with your system. The socket file is newly created on startup, but PostSRSd sets the umask first, so the permissions should include write permissions for everyone. One thing I did notice is
The If you cannot figure what messes with your permissions, a possible workaround would be using TCP sockets instead of Unix sockets, i.e. set |
Thanks for pointing me into the right direction! For years now I had those ACLs set for Telegraf monitoring Postfix queue directories, a legacy solution which was replaced by Zabbix/Grafana monitoring long time ago: $ setfacl -m g:telegraf:rX /var/spool/postfix
$ setfacl -Rm g:telegraf:rX /var/spool/postfix/{active,hold,incoming,deferred,maildrop}
$ setfacl -Rdm g:telegraf:rX /var/spool/postfix/{,active,hold,incoming,deferred,maildrop} I thought this was just about giving extra permissions for group $ setfacl -Rbk /var/spool/postfix So far, PostSRSd 2.0.2 runs fine and on a restart generates the socket with 0777 perms:
will keep you posted if this keeps running stable. Because last night, it suddenly stopped working after 00:58AM, even though permissions were still correct. |
Still having the same problem, after 1-2hrs, PostSRSd 2.0.2 stops working and I get I have now migrated to |
Bad luck. Even with TCP socketmaps I am experiencing the same issue, PostSRSd service only works for ~80mins and then reports
Restarting the service works, but probably just for another 80mins. |
Do you have any logging output from PostSRSd that might help tracking down the issue? |
Currently not, as I only noticed the last successful It looks like this is rather a Postfix issue with some kind of timeout / Postfix not closing socketmap connections and running out of some limit?? But the ~80mins seem quite weird - it was a similar timespan after it stopped working also when using Or was it maybe that weird lookup of
|
I'll look into it and see if I can reproduce the problem. Thank you for now. |
This is a follow-up for #141. Now that the main process properly closes the connection socket, the connection is properly terminated if the child exits.
@roehling wonderful! Thanks for the 2.0.3 release. Have it already running in production and will give you a feedback soon. |
I confirm this working. At least for 3h10min now, without any issues. Now running it with default |
I am trying to get PostSRSd 2.0.2 running on a Debian Bullseye host with Postfix 3.5.17, but can't get it working (PostSRSd 1.12 working fine) with the following Postfix setup (see #76 - Only rewrite sender when forwarding and dynamically exclude local domains):
Installed PostSRSd 2.0.2 (over previous 1.12) from sources like this:
Previous PostSRSd 1.12 config vars (merged from
/usr/local/share/postsrsd/postsrsd-systemd-launcher
and/etc/default/postsrsd
):New PostSRSd 2.0.2
/usr/local/etc/postsrsd.conf
(copied from_build/postsrsd.conf
):I am getting a
cannot chdir to home directory of user nobody
warning:and in
mail.log
, I am getting this:So this looks like some chroot issue. Both
/usr/local/lib/postsrsd
(from previous PostSRSd 1.12 install) and new/usr/local/var/lib/postsrsd
directories exist. I would like to stick with the new recommended pathes, so I kept the ones from the compiledpostsrsd.conf
.Can you please give me some advice what is configured wrong here? I know, this doesn't seem to be an issue with PostSRSd, rather a misunderstanding from my side. But it might help others to get it running on a Debian with chrooted Postfix.
The text was updated successfully, but these errors were encountered: