Loading ...
Sorry, an error occurred while loading the content.

proxymap permission denied

Expand Messages
  • Birta Levente
    Hi all Today I restarted the postfix server because one misconfiguration in the master.cf: unknown smtpd restriction: reject_unauth_destionation Then in the
    Message 1 of 6 , Feb 19, 2013
    • 0 Attachment
      Hi all

      Today I restarted the postfix server because one misconfiguration in the
      master.cf: unknown smtpd restriction: "reject_unauth_destionation"

      Then in the maillog appears other errors, I think not related to above:
      /proxymap[9105]: error: open /etc/postfix/mysql-virtual_forwardings.cf:
      Permission denied
      /proxymap[9105]: error: open /etc/postfix/mysql-virtual_email2email.cf:
      Permission denied
      /proxymap[9105]: error: open /etc/postfix/mysql-virtual_mailboxes.cf:
      Permission denied

      It is a multi instance configuration with postfix 2.10 and mysql lookup
      tables are shared between instances. Until today I'm not even put the
      question that it is possible to share because it worked ... ?

      After update to 2.10 (4 days ago) I don't change anything and worked
      without problems until today.

      Without proxy: work.

      Any help is appreciated

      Thanks
      Levi
    • Reindl Harald
      ... ouch - this was a dangerous typo ... ls -lha /etc/postfix/
      Message 2 of 6 , Feb 19, 2013
      • 0 Attachment
        Am 19.02.2013 10:04, schrieb Birta Levente:
        > Today I restarted the postfix server because one misconfiguration in the master.cf: unknown smtpd restriction:
        > "reject_unauth_destionation"

        ouch - this was a dangerous typo

        > Then in the maillog appears other errors, I think not related to above:
        > /proxymap[9105]: error: open /etc/postfix/mysql-virtual_forwardings.cf: Permission denied
        > /proxymap[9105]: error: open /etc/postfix/mysql-virtual_email2email.cf: Permission denied
        > /proxymap[9105]: error: open /etc/postfix/mysql-virtual_mailboxes.cf: Permission denied

        ls -lha /etc/postfix/
      • Reindl Harald
        and why do you reply off-list? ... which does not affect the smtpd on port 25 ... hm strange - no expierience with multi-setup and the permissions are looking
        Message 3 of 6 , Feb 19, 2013
        • 0 Attachment
          and why do you reply off-list?

          Am 19.02.2013 10:36, schrieb Birta Levente:
          > On 19/02/2013 11:29, Reindl Harald wrote:
          >>
          >>
          >> Am 19.02.2013 10:04, schrieb Birta Levente:
          >>> Today I restarted the postfix server because one misconfiguration in the master.cf: unknown smtpd restriction:
          >>> "reject_unauth_destionation"
          >
          > I think not too dangerous ... at submission service it was:
          > -o smtpd_relay_restrictions=permit_sasl_authenticated, reject_unauth_destination
          > -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject

          which does not affect the smtpd on port 25

          >> ouch - this was a dangerous typo
          >>
          >>> Then in the maillog appears other errors, I think not related to above:
          >>> /proxymap[9105]: error: open /etc/postfix/mysql-virtual_forwardings.cf: Permission denied
          >>> /proxymap[9105]: error: open /etc/postfix/mysql-virtual_email2email.cf: Permission denied
          >>> /proxymap[9105]: error: open /etc/postfix/mysql-virtual_mailboxes.cf: Permission denied

          hm strange - no expierience with multi-setup and
          the permissions are looking open enough, they are
          even too open, one reason for proxymap is that
          users and sendmail need no access to files which
          contains mysql user-data

          are you using "proxy_read_maps", see below mine and my
          directory listing

          proxy_read_maps = proxy:mysql:/etc/postfix/mysql-mynetworks.cf
          proxy:mysql:/etc/postfix/mysql-mydestination.cf
          proxy:mysql:/etc/postfix/mysql-recipients.cf
          proxy:mysql:/etc/postfix/mysql-rewritedomains.cf
          proxy:mysql:/etc/postfix/mysql-rewritesenders.cf
          proxy:mysql:/etc/postfix/mysql-transport.cf
          proxy:mysql:/etc/postfix/mysql-sender_relay_hosts.cf
          proxy:mysql:/etc/postfix/mysql-sender_relay_hosts_auth.cf
          proxy:mysql:/etc/postfix/mysql-aliases.cf
          proxy:mysql:/etc/postfix/mysql-senderaccess.cf
          proxy:mysql:/etc/postfix/mysql-spamfilter.cf
          proxy:mysql:/etc/postfix/mysql-forwarders.cf


          [root@srv-rhsoft:~]$ ls /etc/postfix/
          insgesamt 184K
          drwxr-x--- 2 root postfix 4,0K 2012-12-23 22:24 certs
          -rw-r--r-- 1 root root 21K 2013-02-12 10:09 access
          -rw-r--r-- 1 root root 12K 2013-02-12 10:09 canonical
          -rw-r--r-- 1 root root 9,7K 2013-02-12 10:09 generic
          -rw-r--r-- 1 root root 22K 2013-02-12 10:09 header_checks
          -rw-r--r-- 1 root root 6,7K 2013-02-12 10:09 relocated
          -rw-r--r-- 1 root root 13K 2013-02-12 10:09 transport
          -rw-r--r-- 1 root root 13K 2013-02-12 10:09 virtual
          -rw-r--r-- 1 root root 4,0K 2011-01-16 04:05 bounce.cf
          -rw-r--r-- 1 root root 8,6K 2013-02-12 10:12 main.cf
          -rw-r--r-- 1 root root 3,1K 2013-02-12 12:26 master.cf
          -rw-r----- 1 root postfix 195 2011-04-27 18:59 mysql-aliases.cf
          -rw-r----- 1 root postfix 294 2011-05-28 19:06 mysql-forwarders.cf
          -rw-r----- 1 root postfix 201 2011-04-27 18:59 mysql-mydestination.cf
          -rw-r----- 1 root postfix 195 2011-04-27 18:59 mysql-mynetworks.cf
          -rw-r----- 1 root postfix 196 2011-04-27 18:59 mysql-recipients.cf
          -rw-r----- 1 root postfix 463 2011-04-27 18:59 mysql-rewritedomains.cf
          -rw-r----- 1 root postfix 203 2011-04-27 18:59 mysql-rewritesenders.cf
          -rw-r----- 1 root postfix 327 2011-04-27 18:59 mysql-senderaccess.cf
          -rw-r----- 1 root postfix 365 2011-05-12 23:32 mysql-sender_relay_hosts_auth.cf
          -rw-r----- 1 root postfix 202 2011-04-27 18:59 mysql-sender_relay_hosts.cf
          -rw-r----- 1 root postfix 198 2011-04-27 18:59 mysql-spamfilter.cf
          -rw-r----- 1 root postfix 262 2011-04-27 18:59 mysql-transport.cf


          >> ls -lha /etc/postfix/
          >>
          > drw-r--r--. 2 root root 4.0K Feb 19 10:51 .
          > drwxr-xr-x. 99 root root 12K Feb 19 03:07 ..
          > -rw-r--r-- 1 root root 21K Jan 31 16:04 access
          > -rw-r--r-- 1 root root 12K Jan 31 16:04 access.db
          > -rw-r--r--. 1 root root 2.3K Aug 29 10:42 aliases
          > -rw-r--r--. 1 root root 12K Feb 14 12:21 aliases.db
          > -rw-r--r-- 1 root root 0 Jul 22 2012 body_checks
          > -rw-r--r-- 1 root root 3.5K Feb 14 11:56 bounce.cf.default
          > -rw-r--r-- 1 root root 12K Feb 14 11:56 canonical
          > -rw-r--r-- 1 root root 12K Jan 28 14:16 .db
          > lrwxrwxrwx 1 root root 52 Feb 14 12:21 examples -> /usr/share/doc/postfix-2.10.0-documentation/examples
          > -rw-r--r-- 1 root root 9.7K Feb 14 11:56 generic
          > -rw-r--r-- 1 root root 22K Feb 19 09:40 header_checks
          > -rw-r--r-- 1 root root 22K Feb 14 11:56 header_checks.rpmnew
          > lrwxrwxrwx 1 root root 48 Feb 14 12:21 html -> /usr/share/doc/postfix-2.10.0-documentation/html
          > -rw-r--r-- 1 root root 12K Feb 14 11:56 LICENSE
          > -rw-r--r-- 1 root root 1.6K Feb 19 09:40 main.cf
          > -rw-r--r-- 1 root root 32K Feb 14 11:56 main.cf.default
          > -rw-r--r-- 1 root root 26K Feb 14 11:56 main.cf.rpmnew
          > -r--r--r-- 1 root root 971 Feb 14 11:56 makedefs.out
          > -rw-r--r--. 1 root root 5.9K Feb 19 09:40 master.cf
          > -rw-r--r-- 1 root root 6.0K Feb 14 11:56 master.cf.rpmnew
          > -rw-r--r-- 1 root root 0 Jul 22 2012 mime_header_checks
          > -rw-r--r-- 1 root postfix 231 Jul 22 2012 mysql-virtual_client.cf
          > -rw-r--r-- 1 root postfix 221 Jul 22 2012 mysql-virtual_domains.cf
          > -rw-r--r-- 1 root postfix 218 Jul 22 2012 mysql-virtual_email2email.cf
          > -rw-r--r-- 1 root postfix 230 Jul 22 2012 mysql-virtual_forwardings.cf
          > -rw-r--r-- 1 root postfix 288 Jul 22 2012 mysql-virtual_mailboxes.cf
          > -rw-r--r-- 1 root postfix 252 Jul 22 2012 mysql-virtual_recipient.cf
          > -rw-r--r-- 1 root postfix 224 Jul 22 2012 mysql-virtual_relaydomains.cf
          > -rw-r--r-- 1 root postfix 230 Jul 22 2012 mysql-virtual_relayrecipientmaps.cf
          > -rw-r--r-- 1 root postfix 249 Jul 22 2012 mysql-virtual_sender.cf
          > -rw-r--r-- 1 root postfix 227 Jul 22 2012 mysql-virtual_transports.cf
          > -rw-r--r-- 1 root root 0 Jul 22 2012 nested_header_checks
          > -rwxr-xr-x 1 root root 993 Oct 15 17:57 nulltrans
          > -rwxr-xr-x 1 root root 11K Feb 14 11:56 postfix-chroot.sh
          > -rw-r--r-- 1 root root 1.3K Feb 14 11:56 postfix.spec.cf
          > -rw-r--r-- 1 root root 93 Oct 5 09:41 postscreen_access.cidr
          > -rw-r--r-- 1 root root 12K Oct 5 09:41 postscreen_access.cidr.db
          > lrwxrwxrwx 1 root root 50 Feb 14 12:21 readme -> /usr/share/doc/postfix-2.10.0-documentation/readme
          > -rw-r--r-- 1 root root 1.6K Feb 14 11:56 README.rpm
          > -rw-r--r-- 1 root root 6.7K Feb 14 11:56 relocated
          > -rw-r--r-- 1 root root 497 Feb 19 09:40 sender_dependent_relayhosts
          > -rw-r--r-- 1 root root 1.2K Jul 22 2012 smtpd.cert
          > -rw-r----- 1 root root 1.7K Jul 22 2012 smtpd.key
          > -rw-r--r-- 1 root root 1.6K Feb 14 11:56 TLS_LICENSE
          > -rw-r--r-- 1 root root 13K Aug 21 17:32 transport
          > -rw-r--r-- 1 root root 12K Aug 21 17:36 transport.db
          > -rw-r--r-- 1 root root 13K Feb 14 11:56 virtual
        • Birta Levente
          ... Yes, I use proxy_read_maps. Initially permission was same as yours. Question is these maps are shareable between instances? I found nothing about this in
          Message 4 of 6 , Feb 19, 2013
          • 0 Attachment
            On 19/02/2013 11:58, Reindl Harald wrote:
            > and why do you reply off-list?
            >
            > Am 19.02.2013 10:36, schrieb Birta Levente:
            >> On 19/02/2013 11:29, Reindl Harald wrote:
            >>>
            >>>
            >>> Am 19.02.2013 10:04, schrieb Birta Levente:
            >>>> Today I restarted the postfix server because one misconfiguration in the master.cf: unknown smtpd restriction:
            >>>> "reject_unauth_destionation"
            >>
            >> I think not too dangerous ... at submission service it was:
            >> -o smtpd_relay_restrictions=permit_sasl_authenticated, reject_unauth_destination
            >> -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
            >
            > which does not affect the smtpd on port 25
            >
            >>> ouch - this was a dangerous typo
            >>>
            >>>> Then in the maillog appears other errors, I think not related to above:
            >>>> /proxymap[9105]: error: open /etc/postfix/mysql-virtual_forwardings.cf: Permission denied
            >>>> /proxymap[9105]: error: open /etc/postfix/mysql-virtual_email2email.cf: Permission denied
            >>>> /proxymap[9105]: error: open /etc/postfix/mysql-virtual_mailboxes.cf: Permission denied
            >
            > hm strange - no expierience with multi-setup and
            > the permissions are looking open enough, they are
            > even too open, one reason for proxymap is that
            > users and sendmail need no access to files which
            > contains mysql user-data
            >
            > are you using "proxy_read_maps", see below mine and my
            > directory listing
            >
            > proxy_read_maps = proxy:mysql:/etc/postfix/mysql-mynetworks.cf
            > proxy:mysql:/etc/postfix/mysql-mydestination.cf
            > proxy:mysql:/etc/postfix/mysql-recipients.cf
            > proxy:mysql:/etc/postfix/mysql-rewritedomains.cf
            > proxy:mysql:/etc/postfix/mysql-rewritesenders.cf
            > proxy:mysql:/etc/postfix/mysql-transport.cf
            > proxy:mysql:/etc/postfix/mysql-sender_relay_hosts.cf
            > proxy:mysql:/etc/postfix/mysql-sender_relay_hosts_auth.cf
            > proxy:mysql:/etc/postfix/mysql-aliases.cf
            > proxy:mysql:/etc/postfix/mysql-senderaccess.cf
            > proxy:mysql:/etc/postfix/mysql-spamfilter.cf
            > proxy:mysql:/etc/postfix/mysql-forwarders.cf
            >
            >
            >

            Yes, I use proxy_read_maps.

            Initially permission was same as yours.

            Question is these maps are shareable between instances? I found nothing
            about this in doc/google.

            Levi
          • Birta Levente
            ... OK, after a look up in $daemon_directory/postfix-files I see the $config_directory need 0755 permission ... but main was 0644 ... why worked until now ...
            Message 5 of 6 , Feb 19, 2013
            • 0 Attachment
              On 19/02/2013 11:58, Reindl Harald wrote:
              > and why do you reply off-list?
              >
              > Am 19.02.2013 10:36, schrieb Birta Levente:
              >> On 19/02/2013 11:29, Reindl Harald wrote:
              >>>
              >>>
              >>> Am 19.02.2013 10:04, schrieb Birta Levente:
              >>>> Today I restarted the postfix server because one misconfiguration in the master.cf: unknown smtpd restriction:
              >>>> "reject_unauth_destionation"
              >>
              >> I think not too dangerous ... at submission service it was:
              >> -o smtpd_relay_restrictions=permit_sasl_authenticated, reject_unauth_destination
              >> -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
              >
              > which does not affect the smtpd on port 25
              >
              >>> ouch - this was a dangerous typo
              >>>
              >>>> Then in the maillog appears other errors, I think not related to above:
              >>>> /proxymap[9105]: error: open /etc/postfix/mysql-virtual_forwardings.cf: Permission denied
              >>>> /proxymap[9105]: error: open /etc/postfix/mysql-virtual_email2email.cf: Permission denied
              >>>> /proxymap[9105]: error: open /etc/postfix/mysql-virtual_mailboxes.cf: Permission denied
              >
              > hm strange - no expierience with multi-setup and
              > the permissions are looking open enough, they are
              > even too open, one reason for proxymap is that
              > users and sendmail need no access to files which
              > contains mysql user-data
              >
              > are you using "proxy_read_maps", see below mine and my
              > directory listing
              >
              > proxy_read_maps = proxy:mysql:/etc/postfix/mysql-mynetworks.cf
              > proxy:mysql:/etc/postfix/mysql-mydestination.cf
              > proxy:mysql:/etc/postfix/mysql-recipients.cf
              > proxy:mysql:/etc/postfix/mysql-rewritedomains.cf
              > proxy:mysql:/etc/postfix/mysql-rewritesenders.cf
              > proxy:mysql:/etc/postfix/mysql-transport.cf
              > proxy:mysql:/etc/postfix/mysql-sender_relay_hosts.cf
              > proxy:mysql:/etc/postfix/mysql-sender_relay_hosts_auth.cf
              > proxy:mysql:/etc/postfix/mysql-aliases.cf
              > proxy:mysql:/etc/postfix/mysql-senderaccess.cf
              > proxy:mysql:/etc/postfix/mysql-spamfilter.cf
              > proxy:mysql:/etc/postfix/mysql-forwarders.cf
              >
              >

              OK, after a look up in $daemon_directory/postfix-files I see the
              $config_directory need 0755 permission ... but main was 0644 ...

              why worked until now ... i don't now ...

              Thanks for help

              Levi
            • Reindl Harald
              ... well, directories always need 755/750/700 instead 644/640/600 ... because the permissions where OK before someone or something changed them i should have
              Message 6 of 6 , Feb 19, 2013
              • 0 Attachment
                Am 19.02.2013 12:00, schrieb Birta Levente:
                > OK, after a look up in $daemon_directory/postfix-files I see the $config_directory need 0755 permission ... but
                > main was 0644 ...

                well, directories always need 755/750/700 instead 644/640/600

                > why worked until now ... i don't now ...

                because the permissions where OK before someone or something changed them

                i should have been notice this in your listing
                drw-r--r--. 2 root root 4.0K Feb 19 10:51 .
              Your message has been successfully submitted and would be delivered to recipients shortly.