Loading ...
Sorry, an error occurred while loading the content.

Re: proxymap permission denied

Expand Messages
  • Birta Levente
    ... Yes, I use proxy_read_maps. Initially permission was same as yours. Question is these maps are shareable between instances? I found nothing about this in
    Message 1 of 6 , Feb 19, 2013
    • 0 Attachment
      On 19/02/2013 11:58, Reindl Harald wrote:
      > and why do you reply off-list?
      >
      > Am 19.02.2013 10:36, schrieb Birta Levente:
      >> On 19/02/2013 11:29, Reindl Harald wrote:
      >>>
      >>>
      >>> Am 19.02.2013 10:04, schrieb Birta Levente:
      >>>> Today I restarted the postfix server because one misconfiguration in the master.cf: unknown smtpd restriction:
      >>>> "reject_unauth_destionation"
      >>
      >> I think not too dangerous ... at submission service it was:
      >> -o smtpd_relay_restrictions=permit_sasl_authenticated, reject_unauth_destination
      >> -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
      >
      > which does not affect the smtpd on port 25
      >
      >>> ouch - this was a dangerous typo
      >>>
      >>>> Then in the maillog appears other errors, I think not related to above:
      >>>> /proxymap[9105]: error: open /etc/postfix/mysql-virtual_forwardings.cf: Permission denied
      >>>> /proxymap[9105]: error: open /etc/postfix/mysql-virtual_email2email.cf: Permission denied
      >>>> /proxymap[9105]: error: open /etc/postfix/mysql-virtual_mailboxes.cf: Permission denied
      >
      > hm strange - no expierience with multi-setup and
      > the permissions are looking open enough, they are
      > even too open, one reason for proxymap is that
      > users and sendmail need no access to files which
      > contains mysql user-data
      >
      > are you using "proxy_read_maps", see below mine and my
      > directory listing
      >
      > proxy_read_maps = proxy:mysql:/etc/postfix/mysql-mynetworks.cf
      > proxy:mysql:/etc/postfix/mysql-mydestination.cf
      > proxy:mysql:/etc/postfix/mysql-recipients.cf
      > proxy:mysql:/etc/postfix/mysql-rewritedomains.cf
      > proxy:mysql:/etc/postfix/mysql-rewritesenders.cf
      > proxy:mysql:/etc/postfix/mysql-transport.cf
      > proxy:mysql:/etc/postfix/mysql-sender_relay_hosts.cf
      > proxy:mysql:/etc/postfix/mysql-sender_relay_hosts_auth.cf
      > proxy:mysql:/etc/postfix/mysql-aliases.cf
      > proxy:mysql:/etc/postfix/mysql-senderaccess.cf
      > proxy:mysql:/etc/postfix/mysql-spamfilter.cf
      > proxy:mysql:/etc/postfix/mysql-forwarders.cf
      >
      >
      >

      Yes, I use proxy_read_maps.

      Initially permission was same as yours.

      Question is these maps are shareable between instances? I found nothing
      about this in doc/google.

      Levi
    • Birta Levente
      ... OK, after a look up in $daemon_directory/postfix-files I see the $config_directory need 0755 permission ... but main was 0644 ... why worked until now ...
      Message 2 of 6 , Feb 19, 2013
      • 0 Attachment
        On 19/02/2013 11:58, Reindl Harald wrote:
        > and why do you reply off-list?
        >
        > Am 19.02.2013 10:36, schrieb Birta Levente:
        >> On 19/02/2013 11:29, Reindl Harald wrote:
        >>>
        >>>
        >>> Am 19.02.2013 10:04, schrieb Birta Levente:
        >>>> Today I restarted the postfix server because one misconfiguration in the master.cf: unknown smtpd restriction:
        >>>> "reject_unauth_destionation"
        >>
        >> I think not too dangerous ... at submission service it was:
        >> -o smtpd_relay_restrictions=permit_sasl_authenticated, reject_unauth_destination
        >> -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
        >
        > which does not affect the smtpd on port 25
        >
        >>> ouch - this was a dangerous typo
        >>>
        >>>> Then in the maillog appears other errors, I think not related to above:
        >>>> /proxymap[9105]: error: open /etc/postfix/mysql-virtual_forwardings.cf: Permission denied
        >>>> /proxymap[9105]: error: open /etc/postfix/mysql-virtual_email2email.cf: Permission denied
        >>>> /proxymap[9105]: error: open /etc/postfix/mysql-virtual_mailboxes.cf: Permission denied
        >
        > hm strange - no expierience with multi-setup and
        > the permissions are looking open enough, they are
        > even too open, one reason for proxymap is that
        > users and sendmail need no access to files which
        > contains mysql user-data
        >
        > are you using "proxy_read_maps", see below mine and my
        > directory listing
        >
        > proxy_read_maps = proxy:mysql:/etc/postfix/mysql-mynetworks.cf
        > proxy:mysql:/etc/postfix/mysql-mydestination.cf
        > proxy:mysql:/etc/postfix/mysql-recipients.cf
        > proxy:mysql:/etc/postfix/mysql-rewritedomains.cf
        > proxy:mysql:/etc/postfix/mysql-rewritesenders.cf
        > proxy:mysql:/etc/postfix/mysql-transport.cf
        > proxy:mysql:/etc/postfix/mysql-sender_relay_hosts.cf
        > proxy:mysql:/etc/postfix/mysql-sender_relay_hosts_auth.cf
        > proxy:mysql:/etc/postfix/mysql-aliases.cf
        > proxy:mysql:/etc/postfix/mysql-senderaccess.cf
        > proxy:mysql:/etc/postfix/mysql-spamfilter.cf
        > proxy:mysql:/etc/postfix/mysql-forwarders.cf
        >
        >

        OK, after a look up in $daemon_directory/postfix-files I see the
        $config_directory need 0755 permission ... but main was 0644 ...

        why worked until now ... i don't now ...

        Thanks for help

        Levi
      • Reindl Harald
        ... well, directories always need 755/750/700 instead 644/640/600 ... because the permissions where OK before someone or something changed them i should have
        Message 3 of 6 , Feb 19, 2013
        • 0 Attachment
          Am 19.02.2013 12:00, schrieb Birta Levente:
          > OK, after a look up in $daemon_directory/postfix-files I see the $config_directory need 0755 permission ... but
          > main was 0644 ...

          well, directories always need 755/750/700 instead 644/640/600

          > why worked until now ... i don't now ...

          because the permissions where OK before someone or something changed them

          i should have been notice this in your listing
          drw-r--r--. 2 root root 4.0K Feb 19 10:51 .
        Your message has been successfully submitted and would be delivered to recipients shortly.