Loading ...
Sorry, an error occurred while loading the content.

Re: proxymap permission denied

Expand Messages
  • Reindl Harald
    ... ouch - this was a dangerous typo ... ls -lha /etc/postfix/
    Message 1 of 6 , Feb 19, 2013
    • 0 Attachment
      Am 19.02.2013 10:04, schrieb Birta Levente:
      > Today I restarted the postfix server because one misconfiguration in the master.cf: unknown smtpd restriction:
      > "reject_unauth_destionation"

      ouch - this was a dangerous typo

      > Then in the maillog appears other errors, I think not related to above:
      > /proxymap[9105]: error: open /etc/postfix/mysql-virtual_forwardings.cf: Permission denied
      > /proxymap[9105]: error: open /etc/postfix/mysql-virtual_email2email.cf: Permission denied
      > /proxymap[9105]: error: open /etc/postfix/mysql-virtual_mailboxes.cf: Permission denied

      ls -lha /etc/postfix/
    • Reindl Harald
      and why do you reply off-list? ... which does not affect the smtpd on port 25 ... hm strange - no expierience with multi-setup and the permissions are looking
      Message 2 of 6 , Feb 19, 2013
      • 0 Attachment
        and why do you reply off-list?

        Am 19.02.2013 10:36, schrieb Birta Levente:
        > On 19/02/2013 11:29, Reindl Harald wrote:
        >>
        >>
        >> Am 19.02.2013 10:04, schrieb Birta Levente:
        >>> Today I restarted the postfix server because one misconfiguration in the master.cf: unknown smtpd restriction:
        >>> "reject_unauth_destionation"
        >
        > I think not too dangerous ... at submission service it was:
        > -o smtpd_relay_restrictions=permit_sasl_authenticated, reject_unauth_destination
        > -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject

        which does not affect the smtpd on port 25

        >> ouch - this was a dangerous typo
        >>
        >>> Then in the maillog appears other errors, I think not related to above:
        >>> /proxymap[9105]: error: open /etc/postfix/mysql-virtual_forwardings.cf: Permission denied
        >>> /proxymap[9105]: error: open /etc/postfix/mysql-virtual_email2email.cf: Permission denied
        >>> /proxymap[9105]: error: open /etc/postfix/mysql-virtual_mailboxes.cf: Permission denied

        hm strange - no expierience with multi-setup and
        the permissions are looking open enough, they are
        even too open, one reason for proxymap is that
        users and sendmail need no access to files which
        contains mysql user-data

        are you using "proxy_read_maps", see below mine and my
        directory listing

        proxy_read_maps = proxy:mysql:/etc/postfix/mysql-mynetworks.cf
        proxy:mysql:/etc/postfix/mysql-mydestination.cf
        proxy:mysql:/etc/postfix/mysql-recipients.cf
        proxy:mysql:/etc/postfix/mysql-rewritedomains.cf
        proxy:mysql:/etc/postfix/mysql-rewritesenders.cf
        proxy:mysql:/etc/postfix/mysql-transport.cf
        proxy:mysql:/etc/postfix/mysql-sender_relay_hosts.cf
        proxy:mysql:/etc/postfix/mysql-sender_relay_hosts_auth.cf
        proxy:mysql:/etc/postfix/mysql-aliases.cf
        proxy:mysql:/etc/postfix/mysql-senderaccess.cf
        proxy:mysql:/etc/postfix/mysql-spamfilter.cf
        proxy:mysql:/etc/postfix/mysql-forwarders.cf


        [root@srv-rhsoft:~]$ ls /etc/postfix/
        insgesamt 184K
        drwxr-x--- 2 root postfix 4,0K 2012-12-23 22:24 certs
        -rw-r--r-- 1 root root 21K 2013-02-12 10:09 access
        -rw-r--r-- 1 root root 12K 2013-02-12 10:09 canonical
        -rw-r--r-- 1 root root 9,7K 2013-02-12 10:09 generic
        -rw-r--r-- 1 root root 22K 2013-02-12 10:09 header_checks
        -rw-r--r-- 1 root root 6,7K 2013-02-12 10:09 relocated
        -rw-r--r-- 1 root root 13K 2013-02-12 10:09 transport
        -rw-r--r-- 1 root root 13K 2013-02-12 10:09 virtual
        -rw-r--r-- 1 root root 4,0K 2011-01-16 04:05 bounce.cf
        -rw-r--r-- 1 root root 8,6K 2013-02-12 10:12 main.cf
        -rw-r--r-- 1 root root 3,1K 2013-02-12 12:26 master.cf
        -rw-r----- 1 root postfix 195 2011-04-27 18:59 mysql-aliases.cf
        -rw-r----- 1 root postfix 294 2011-05-28 19:06 mysql-forwarders.cf
        -rw-r----- 1 root postfix 201 2011-04-27 18:59 mysql-mydestination.cf
        -rw-r----- 1 root postfix 195 2011-04-27 18:59 mysql-mynetworks.cf
        -rw-r----- 1 root postfix 196 2011-04-27 18:59 mysql-recipients.cf
        -rw-r----- 1 root postfix 463 2011-04-27 18:59 mysql-rewritedomains.cf
        -rw-r----- 1 root postfix 203 2011-04-27 18:59 mysql-rewritesenders.cf
        -rw-r----- 1 root postfix 327 2011-04-27 18:59 mysql-senderaccess.cf
        -rw-r----- 1 root postfix 365 2011-05-12 23:32 mysql-sender_relay_hosts_auth.cf
        -rw-r----- 1 root postfix 202 2011-04-27 18:59 mysql-sender_relay_hosts.cf
        -rw-r----- 1 root postfix 198 2011-04-27 18:59 mysql-spamfilter.cf
        -rw-r----- 1 root postfix 262 2011-04-27 18:59 mysql-transport.cf


        >> ls -lha /etc/postfix/
        >>
        > drw-r--r--. 2 root root 4.0K Feb 19 10:51 .
        > drwxr-xr-x. 99 root root 12K Feb 19 03:07 ..
        > -rw-r--r-- 1 root root 21K Jan 31 16:04 access
        > -rw-r--r-- 1 root root 12K Jan 31 16:04 access.db
        > -rw-r--r--. 1 root root 2.3K Aug 29 10:42 aliases
        > -rw-r--r--. 1 root root 12K Feb 14 12:21 aliases.db
        > -rw-r--r-- 1 root root 0 Jul 22 2012 body_checks
        > -rw-r--r-- 1 root root 3.5K Feb 14 11:56 bounce.cf.default
        > -rw-r--r-- 1 root root 12K Feb 14 11:56 canonical
        > -rw-r--r-- 1 root root 12K Jan 28 14:16 .db
        > lrwxrwxrwx 1 root root 52 Feb 14 12:21 examples -> /usr/share/doc/postfix-2.10.0-documentation/examples
        > -rw-r--r-- 1 root root 9.7K Feb 14 11:56 generic
        > -rw-r--r-- 1 root root 22K Feb 19 09:40 header_checks
        > -rw-r--r-- 1 root root 22K Feb 14 11:56 header_checks.rpmnew
        > lrwxrwxrwx 1 root root 48 Feb 14 12:21 html -> /usr/share/doc/postfix-2.10.0-documentation/html
        > -rw-r--r-- 1 root root 12K Feb 14 11:56 LICENSE
        > -rw-r--r-- 1 root root 1.6K Feb 19 09:40 main.cf
        > -rw-r--r-- 1 root root 32K Feb 14 11:56 main.cf.default
        > -rw-r--r-- 1 root root 26K Feb 14 11:56 main.cf.rpmnew
        > -r--r--r-- 1 root root 971 Feb 14 11:56 makedefs.out
        > -rw-r--r--. 1 root root 5.9K Feb 19 09:40 master.cf
        > -rw-r--r-- 1 root root 6.0K Feb 14 11:56 master.cf.rpmnew
        > -rw-r--r-- 1 root root 0 Jul 22 2012 mime_header_checks
        > -rw-r--r-- 1 root postfix 231 Jul 22 2012 mysql-virtual_client.cf
        > -rw-r--r-- 1 root postfix 221 Jul 22 2012 mysql-virtual_domains.cf
        > -rw-r--r-- 1 root postfix 218 Jul 22 2012 mysql-virtual_email2email.cf
        > -rw-r--r-- 1 root postfix 230 Jul 22 2012 mysql-virtual_forwardings.cf
        > -rw-r--r-- 1 root postfix 288 Jul 22 2012 mysql-virtual_mailboxes.cf
        > -rw-r--r-- 1 root postfix 252 Jul 22 2012 mysql-virtual_recipient.cf
        > -rw-r--r-- 1 root postfix 224 Jul 22 2012 mysql-virtual_relaydomains.cf
        > -rw-r--r-- 1 root postfix 230 Jul 22 2012 mysql-virtual_relayrecipientmaps.cf
        > -rw-r--r-- 1 root postfix 249 Jul 22 2012 mysql-virtual_sender.cf
        > -rw-r--r-- 1 root postfix 227 Jul 22 2012 mysql-virtual_transports.cf
        > -rw-r--r-- 1 root root 0 Jul 22 2012 nested_header_checks
        > -rwxr-xr-x 1 root root 993 Oct 15 17:57 nulltrans
        > -rwxr-xr-x 1 root root 11K Feb 14 11:56 postfix-chroot.sh
        > -rw-r--r-- 1 root root 1.3K Feb 14 11:56 postfix.spec.cf
        > -rw-r--r-- 1 root root 93 Oct 5 09:41 postscreen_access.cidr
        > -rw-r--r-- 1 root root 12K Oct 5 09:41 postscreen_access.cidr.db
        > lrwxrwxrwx 1 root root 50 Feb 14 12:21 readme -> /usr/share/doc/postfix-2.10.0-documentation/readme
        > -rw-r--r-- 1 root root 1.6K Feb 14 11:56 README.rpm
        > -rw-r--r-- 1 root root 6.7K Feb 14 11:56 relocated
        > -rw-r--r-- 1 root root 497 Feb 19 09:40 sender_dependent_relayhosts
        > -rw-r--r-- 1 root root 1.2K Jul 22 2012 smtpd.cert
        > -rw-r----- 1 root root 1.7K Jul 22 2012 smtpd.key
        > -rw-r--r-- 1 root root 1.6K Feb 14 11:56 TLS_LICENSE
        > -rw-r--r-- 1 root root 13K Aug 21 17:32 transport
        > -rw-r--r-- 1 root root 12K Aug 21 17:36 transport.db
        > -rw-r--r-- 1 root root 13K Feb 14 11:56 virtual
      • Birta Levente
        ... Yes, I use proxy_read_maps. Initially permission was same as yours. Question is these maps are shareable between instances? I found nothing about this in
        Message 3 of 6 , Feb 19, 2013
        • 0 Attachment
          On 19/02/2013 11:58, Reindl Harald wrote:
          > and why do you reply off-list?
          >
          > Am 19.02.2013 10:36, schrieb Birta Levente:
          >> On 19/02/2013 11:29, Reindl Harald wrote:
          >>>
          >>>
          >>> Am 19.02.2013 10:04, schrieb Birta Levente:
          >>>> Today I restarted the postfix server because one misconfiguration in the master.cf: unknown smtpd restriction:
          >>>> "reject_unauth_destionation"
          >>
          >> I think not too dangerous ... at submission service it was:
          >> -o smtpd_relay_restrictions=permit_sasl_authenticated, reject_unauth_destination
          >> -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
          >
          > which does not affect the smtpd on port 25
          >
          >>> ouch - this was a dangerous typo
          >>>
          >>>> Then in the maillog appears other errors, I think not related to above:
          >>>> /proxymap[9105]: error: open /etc/postfix/mysql-virtual_forwardings.cf: Permission denied
          >>>> /proxymap[9105]: error: open /etc/postfix/mysql-virtual_email2email.cf: Permission denied
          >>>> /proxymap[9105]: error: open /etc/postfix/mysql-virtual_mailboxes.cf: Permission denied
          >
          > hm strange - no expierience with multi-setup and
          > the permissions are looking open enough, they are
          > even too open, one reason for proxymap is that
          > users and sendmail need no access to files which
          > contains mysql user-data
          >
          > are you using "proxy_read_maps", see below mine and my
          > directory listing
          >
          > proxy_read_maps = proxy:mysql:/etc/postfix/mysql-mynetworks.cf
          > proxy:mysql:/etc/postfix/mysql-mydestination.cf
          > proxy:mysql:/etc/postfix/mysql-recipients.cf
          > proxy:mysql:/etc/postfix/mysql-rewritedomains.cf
          > proxy:mysql:/etc/postfix/mysql-rewritesenders.cf
          > proxy:mysql:/etc/postfix/mysql-transport.cf
          > proxy:mysql:/etc/postfix/mysql-sender_relay_hosts.cf
          > proxy:mysql:/etc/postfix/mysql-sender_relay_hosts_auth.cf
          > proxy:mysql:/etc/postfix/mysql-aliases.cf
          > proxy:mysql:/etc/postfix/mysql-senderaccess.cf
          > proxy:mysql:/etc/postfix/mysql-spamfilter.cf
          > proxy:mysql:/etc/postfix/mysql-forwarders.cf
          >
          >
          >

          Yes, I use proxy_read_maps.

          Initially permission was same as yours.

          Question is these maps are shareable between instances? I found nothing
          about this in doc/google.

          Levi
        • Birta Levente
          ... OK, after a look up in $daemon_directory/postfix-files I see the $config_directory need 0755 permission ... but main was 0644 ... why worked until now ...
          Message 4 of 6 , Feb 19, 2013
          • 0 Attachment
            On 19/02/2013 11:58, Reindl Harald wrote:
            > and why do you reply off-list?
            >
            > Am 19.02.2013 10:36, schrieb Birta Levente:
            >> On 19/02/2013 11:29, Reindl Harald wrote:
            >>>
            >>>
            >>> Am 19.02.2013 10:04, schrieb Birta Levente:
            >>>> Today I restarted the postfix server because one misconfiguration in the master.cf: unknown smtpd restriction:
            >>>> "reject_unauth_destionation"
            >>
            >> I think not too dangerous ... at submission service it was:
            >> -o smtpd_relay_restrictions=permit_sasl_authenticated, reject_unauth_destination
            >> -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
            >
            > which does not affect the smtpd on port 25
            >
            >>> ouch - this was a dangerous typo
            >>>
            >>>> Then in the maillog appears other errors, I think not related to above:
            >>>> /proxymap[9105]: error: open /etc/postfix/mysql-virtual_forwardings.cf: Permission denied
            >>>> /proxymap[9105]: error: open /etc/postfix/mysql-virtual_email2email.cf: Permission denied
            >>>> /proxymap[9105]: error: open /etc/postfix/mysql-virtual_mailboxes.cf: Permission denied
            >
            > hm strange - no expierience with multi-setup and
            > the permissions are looking open enough, they are
            > even too open, one reason for proxymap is that
            > users and sendmail need no access to files which
            > contains mysql user-data
            >
            > are you using "proxy_read_maps", see below mine and my
            > directory listing
            >
            > proxy_read_maps = proxy:mysql:/etc/postfix/mysql-mynetworks.cf
            > proxy:mysql:/etc/postfix/mysql-mydestination.cf
            > proxy:mysql:/etc/postfix/mysql-recipients.cf
            > proxy:mysql:/etc/postfix/mysql-rewritedomains.cf
            > proxy:mysql:/etc/postfix/mysql-rewritesenders.cf
            > proxy:mysql:/etc/postfix/mysql-transport.cf
            > proxy:mysql:/etc/postfix/mysql-sender_relay_hosts.cf
            > proxy:mysql:/etc/postfix/mysql-sender_relay_hosts_auth.cf
            > proxy:mysql:/etc/postfix/mysql-aliases.cf
            > proxy:mysql:/etc/postfix/mysql-senderaccess.cf
            > proxy:mysql:/etc/postfix/mysql-spamfilter.cf
            > proxy:mysql:/etc/postfix/mysql-forwarders.cf
            >
            >

            OK, after a look up in $daemon_directory/postfix-files I see the
            $config_directory need 0755 permission ... but main was 0644 ...

            why worked until now ... i don't now ...

            Thanks for help

            Levi
          • Reindl Harald
            ... well, directories always need 755/750/700 instead 644/640/600 ... because the permissions where OK before someone or something changed them i should have
            Message 5 of 6 , Feb 19, 2013
            • 0 Attachment
              Am 19.02.2013 12:00, schrieb Birta Levente:
              > OK, after a look up in $daemon_directory/postfix-files I see the $config_directory need 0755 permission ... but
              > main was 0644 ...

              well, directories always need 755/750/700 instead 644/640/600

              > why worked until now ... i don't now ...

              because the permissions where OK before someone or something changed them

              i should have been notice this in your listing
              drw-r--r--. 2 root root 4.0K Feb 19 10:51 .
            Your message has been successfully submitted and would be delivered to recipients shortly.