Loading ...
Sorry, an error occurred while loading the content.
 

Postfix 2.9.3 on Debian: chroot failed, and missing dovecot_destination_recipient_limit policy_time_lim it

Expand Messages
  • Simon Loewenthal
    Hi, This email contains several questions and all related my upgrade on Debian 6 of Postfix from version 2.7 to 2.9.3 (and for Debian this is
    Message 1 of 15 , Nov 12, 2013

      Hi,

       This email contains several questions and all related my upgrade on Debian 6 of Postfix from version 2.7 to 2.9.3 (and for Debian this is 2.9.3-2.1~bpo60+1)


      I pipe email to dovecot via SA for content scanning and delivery, and had this option added ,

      dovecot_destination_recipient_limit=1
      This should make sure delivery of recipients is done one at a time. My server lacks memory and CPU.

      policy_time_limit=3600s

      I use this to keep SPF perl module from dying and restarting too often and I recall I had problems with this set at the defaults because SPF policy would not start again. My hack was to increase the policy time because there is always one email withing 3600 seconds, and not 1200 seconds.  I have this in my master.cf:

      policy-spf  unix  -       n       n       -       -       spawn
           user=nobody argv=/usr/sbin/postfix-policyd-spf-perl

      I would like to know what replaced these commands, and if they weren't replaced, then what changed within postfix that ensured I don't need to use them anymore, because I have this warning:

      postconf: warning: /etc/postfix/main.cf: unused parameter: dovecot_destination_recipient_limit=1
      postconf: warning: /etc/postfix/main.cf: unused parameter: policy_time_limit=3600s

      Finally, I tried to turn of chroot in the master.cf and postfix would not start:  postfix/master[28375]: fatal: /etc/postfix/master.cf: line 13: field "chroot": bad value: "no"

      I put this back a hyphen and postfix works!

       

      Thanks lots in advance if someone could shed a little light over here. 


      Si.

    • Simon Loewenthal
      Please disregard my chroot silliness because this was embarrassingly caused by a typo. y|n not yes|no.
      Message 2 of 15 , Nov 12, 2013

        Please disregard my chroot silliness because this was embarrassingly caused by a typo.  y|n not yes|no.

        On 2013-11-12 11:44, Simon Loewenthal wrote:

        Hi,

         This email contains several questions and all related my upgrade on Debian 6 of Postfix from version 2.7 to 2.9.3 (and for Debian this is 2.9.3-2.1~bpo60+1)


        I pipe email to dovecot via SA for content scanning and delivery, and had this option added ,

        dovecot_destination_recipient_limit=1
        This should make sure delivery of recipients is done one at a time. My server lacks memory and CPU.

        policy_time_limit=3600s

        I use this to keep SPF perl module from dying and restarting too often and I recall I had problems with this set at the defaults because SPF policy would not start again. My hack was to increase the policy time because there is always one email withing 3600 seconds, and not 1200 seconds.  I have this in my master.cf:

        policy-spf  unix  -       n       n       -       -       spawn
             user=nobody argv=/usr/sbin/postfix-policyd-spf-perl

        I would like to know what replaced these commands, and if they weren't replaced, then what changed within postfix that ensured I don't need to use them anymore, because I have this warning:

        postconf: warning: /etc/postfix/main.cf: unused parameter: dovecot_destination_recipient_limit=1
        postconf: warning: /etc/postfix/main.cf: unused parameter: policy_time_limit=3600s

        Finally, I tried to turn of chroot in the master.cf and postfix would not start:  postfix/master[28375]: fatal: /etc/postfix/master.cf: line 13: field "chroot": bad value: "no"

        I put this back a hyphen and postfix works!

         

        Thanks lots in advance if someone could shed a little light over here. 


        Si.

      • Simon Loewenthal
        And also since I m on the silliness track: dovecot-spamass_destination_recipient_limit = 1 ##dovecot_destination_recipient_limit = 1 This is mine and what I
        Message 3 of 15 , Nov 12, 2013

           

          And also since I'm on the silliness track:

          dovecot-spamass_destination_recipient_limit = 1
          ##dovecot_destination_recipient_limit = 1
          This is mine and what I want.  Again disregard my unused parameter: question for dovecot_destination_recipient_limit.  I was not even using this.

          Finally, was policy_time_limit replaced with policy-spf_time_limit?

          Thanks, S

          On 2013-11-12 12:24, Simon Loewenthal wrote:

          Please disregard my chroot silliness because this was embarrassingly caused by a typo.  y|n not yes|no.

          On 2013-11-12 11:44, Simon Loewenthal wrote:

          Hi,

           This email contains several questions and all related my upgrade on Debian 6 of Postfix from version 2.7 to 2.9.3 (and for Debian this is 2.9.3-2.1~bpo60+1)


          I pipe email to dovecot via SA for content scanning and delivery, and had this option added ,

          dovecot_destination_recipient_limit=1
          This should make sure delivery of recipients is done one at a time. My server lacks memory and CPU.

          policy_time_limit=3600s

          I use this to keep SPF perl module from dying and restarting too often and I recall I had problems with this set at the defaults because SPF policy would not start again. My hack was to increase the policy time because there is always one email withing 3600 seconds, and not 1200 seconds.  I have this in my master.cf:

          policy-spf  unix  -       n       n       -       -       spawn
               user=nobody argv=/usr/sbin/postfix-policyd-spf-perl

          I would like to know what replaced these commands, and if they weren't replaced, then what changed within postfix that ensured I don't need to use them anymore, because I have this warning:

          postconf: warning: /etc/postfix/main.cf: unused parameter: dovecot_destination_recipient_limit=1
          postconf: warning: /etc/postfix/main.cf: unused parameter: policy_time_limit=3600s

          Finally, I tried to turn of chroot in the master.cf and postfix would not start:  postfix/master[28375]: fatal: /etc/postfix/master.cf: line 13: field "chroot": bad value: "no"

          I put this back a hyphen and postfix works!

           

          Thanks lots in advance if someone could shed a little light over here. 


          Si.

        • Wietse Venema
          ... master.cf says policy-spf , not policy . Therefore the parameter name is policy-spf_time_limit , not policy_time_limit . BTW to turn off chroot specify
          Message 4 of 15 , Nov 12, 2013
            Simon Loewenthal:
            > policy-spf unix - n n - - spawn
            > user=nobody argv=/usr/sbin/postfix-policyd-spf-perl
            >
            > Finally, was policy_time_limit replaced with policy-spf_time_limit?

            master.cf says "policy-spf", not "policy". Therefore the parameter
            name is "policy-spf_time_limit", not "policy_time_limit".

            BTW to turn off chroot specify 'n' not '-'.

            Wietse
          • Wietse Venema
            ... With this, you have chroot TURNED ON. Wietse
            Message 5 of 15 , Nov 12, 2013
              Simon Loewenthal:
              > Finally, I tried to turn of chroot in the master.cf and postfix would not start: postfix/master[28375]: fatal: /etc/postfix/master.cf: line 13: field "chroot": bad value: "no"
              >
              > I put this back a hyphen and postfix works!

              With this, you have chroot TURNED ON.

              Wietse
            • Simon Loewenthal
              Please! You are mixing up different email threads. The error message is and running without chroot. Nov 12 13:37:08 lt postfix/smtpd[30776]: warning: connect
              Message 6 of 15 , Nov 12, 2013
                Please! You are mixing up different email threads.

                The error message is and running without chroot.


                  Nov 12 13:37:08 lt postfix/smtpd[30776]: warning: connect to Milter service unix:/var/spool/postfix/spamass/spamass.sock: No such file or directory


                  simon@klunky .co.uk
                pgp 4BA78604
                On 12/11/2013 19:15, Wietse Venema wrote:
                Simon Loewenthal:
                
                Finally, I tried to turn of chroot in the master.cf and postfix would not start: postfix/master[28375]: fatal: /etc/postfix/master.cf: line 13: field "chroot": bad value: "no" 
                
                I put this back a hyphen and postfix works! 
                
                With this, you have chroot TURNED ON.
                
                	Wietse
                

              • Erwan David
                ... If ypu chroot smtpd, then your socket must be un /var/spool/postfix/spamass/spamass.sock because smtpd looks for the socket inside its
                Message 7 of 15 , Nov 12, 2013
                  Le 12/11/2013 19:19, Simon Loewenthal a écrit :
                  > Please! You are mixing up different email threads.
                  >
                  > The error message is and running without chroot.
                  >
                  >
                  > Nov 12 13:37:08 lt postfix/smtpd[30776]: warning: connect to Milter
                  > service unix:/var/spool/postfix/spamass/spamass.sock: No such file or
                  > directory
                  >
                  >
                  > simon@klunky .co.uk
                  > pgp 4BA78604
                  >

                  If ypu chroot smtpd, then your socket must be un
                  <postfix_root>/var/spool/postfix/spamass/spamass.sock because smtpd
                  looks for the socket inside its chroot.
                • Simon Loewenthal
                  simon@klunky .co.uk pgp 4BA78604 ... I m _*not *_running with chroot and I don t want to! simon@klunky .co.uk pgp 4BA78604 On 12/11/2013 19:23, Erwan David
                  Message 8 of 15 , Nov 12, 2013

                      simon@klunky .co.uk
                    pgp 4BA78604
                    On 12/11/2013 19:23, Erwan David wrote:
                    Le 12/11/2013 19:19, Simon Loewenthal a écrit :
                    
                    Please! You are mixing up different email threads.
                    
                    The error message is and running without chroot.
                    
                    
                      Nov 12 13:37:08 lt postfix/smtpd[30776]: warning: connect to Milter
                    service unix:/var/spool/postfix/spamass/spamass.sock: No such file or
                    directory
                    
                    
                      simon@klunky .co.uk
                    pgp 4BA78604
                    
                    
                    If ypu chroot smtpd, then your socket must be un
                    <postfix_root>/var/spool/postfix/spamass/spamass.sock because smtpd
                    looks for the socket inside its chroot.
                    
                    I'm not running with chroot and I don't want to!
                  • Wietse Venema
                    ... Does /var/spool/postfix/spamass/spamass.sock exist? Why do you believe that Postfix chroot is turned off? Wietse
                    Message 9 of 15 , Nov 12, 2013
                      Simon Loewenthal:
                      > Please! You are mixing up different email threads.
                      >
                      > The error message is and running without chroot.
                      >
                      > Nov 12 13:37:08 lt postfix/smtpd[30776]: warning: connect to Milter
                      > service unix:/var/spool/postfix/spamass/spamass.sock: No such file or
                      > directory

                      Does /var/spool/postfix/spamass/spamass.sock exist?

                      Why do you believe that Postfix chroot is turned off?

                      Wietse
                    • Simon Loewenthal
                      ... Because: # ls -ld /var/spool/postfix/spamass/spamass.sock srw-rw---- 1 postfix postfix 0 Nov 11 15:08 /var/spool/postfix/spamass/spamass.sock # ls -ld
                      Message 10 of 15 , Nov 12, 2013
                        On 12/11/2013 19:30, Wietse Venema wrote:
                        Simon Loewenthal:
                        
                        Please! You are mixing up different email threads.
                        
                        The error message is and running without chroot.
                        
                          Nov 12 13:37:08 lt postfix/smtpd[30776]: warning: connect to Milter
                        service unix:/var/spool/postfix/spamass/spamass.sock: No such file or
                        directory
                        
                        Does /var/spool/postfix/spamass/spamass.sock exist?
                        
                        Why do you believe that Postfix chroot is turned off?
                        
                        	Wietse
                        

                        Because:
                        # ls -ld  /var/spool/postfix/spamass/spamass.sock
                          srw-rw---- 1 postfix postfix 0 Nov 11 15:08 /var/spool/postfix/spamass/spamass.sock

                          # ls -ld  /var/spool/postfix/spamass/
                          drwxr-xr-x 2 spamass-milter root 1024 Nov 11 15:08 /var/spool/postfix/spamass/

                        master.cf:
                        # ==========================================================================
                        # service type  private unpriv  chroot  wakeup  maxproc command + args
                        #               (yes)   (yes)   (yes)   (never) (100)
                        # ==========================================================================
                        smtp      inet  n       -       n       -       150       smtpd
                          -o smtpd_sasl_auth_enable=no


                      • Wietse Venema
                        ... Turn off selinux. Turn off apparmor. Or tell them that it is OK for Postfix to access the socket in this location. Wietse
                        Message 11 of 15 , Nov 12, 2013
                          Simon Loewenthal:
                          > On 12/11/2013 19:30, Wietse Venema wrote:
                          > > Simon Loewenthal:
                          > >> Please! You are mixing up different email threads.
                          > >>
                          > >> The error message is and running without chroot.
                          > >>
                          > >> Nov 12 13:37:08 lt postfix/smtpd[30776]: warning: connect to Milter
                          > >> service unix:/var/spool/postfix/spamass/spamass.sock: No such file or
                          > >> directory
                          > > Does /var/spool/postfix/spamass/spamass.sock exist?
                          > >
                          > > Why do you believe that Postfix chroot is turned off?
                          > >
                          > > Wietse
                          >
                          > Because:
                          > # ls -ld /var/spool/postfix/spamass/spamass.sock
                          > srw-rw---- 1 postfix postfix 0 Nov 11 15:08
                          > /var/spool/postfix/spamass/spamass.sock

                          Turn off selinux.

                          Turn off apparmor.

                          Or tell them that it is OK for Postfix to access the socket in this
                          location.

                          Wietse
                        • Simon Loewenthal
                          ... Hi, I am not using SELinux nor apparmor that I am aware of. # dpkg -l apparmor No packages found matching apparmor. # dpkg -l selinux-basics
                          Message 12 of 15 , Nov 12, 2013
                            On 12/11/2013 20:29, Wietse Venema wrote:
                            > Simon Loewenthal:
                            >> On 12/11/2013 19:30, Wietse Venema wrote:
                            >>> Simon Loewenthal:
                            >>>> Please! You are mixing up different email threads.
                            >>>>
                            >>>> The error message is and running without chroot.
                            >>>>
                            >>>> Nov 12 13:37:08 lt postfix/smtpd[30776]: warning: connect to Milter
                            >>>> service unix:/var/spool/postfix/spamass/spamass.sock: No such file or
                            >>>> directory
                            >>> Does /var/spool/postfix/spamass/spamass.sock exist?
                            >>>
                            >>> Why do you believe that Postfix chroot is turned off?
                            >>>
                            >>> Wietse
                            >> Because:
                            >> # ls -ld /var/spool/postfix/spamass/spamass.sock
                            >> srw-rw---- 1 postfix postfix 0 Nov 11 15:08
                            >> /var/spool/postfix/spamass/spamass.sock
                            > Turn off selinux.
                            >
                            > Turn off apparmor.
                            >
                            > Or tell them that it is OK for Postfix to access the socket in this
                            > location.
                            >
                            > Wietse
                            Hi, I am not using SELinux nor apparmor that I am aware of.

                            # dpkg -l apparmor
                            No packages found matching apparmor.
                            # dpkg -l selinux-basics selinux-policy-default
                            No packages found matching selinux-basics.
                            No packages found matching selinux-policy-default.

                            And just in case for auditd:
                            # auditctl -l
                            No rules
                          • Simon Loewenthal
                            ... Problem solved : try a relative pathname: smtpd_milters = unix:spamass/spamass.sock chroot or not chroot, it s always relative to the current directory (
                            Message 13 of 15 , Nov 12, 2013
                              On 12/11/2013 20:36, Simon Loewenthal wrote:
                              > On 12/11/2013 20:29, Wietse Venema wrote:
                              >> Simon Loewenthal:
                              >>> On 12/11/2013 19:30, Wietse Venema wrote:
                              >>>> Simon Loewenthal:
                              >>>>> Please! You are mixing up different email threads.
                              >>>>>
                              >>>>> The error message is and running without chroot.
                              >>>>>
                              >>>>> Nov 12 13:37:08 lt postfix/smtpd[30776]: warning: connect to Milter
                              >>>>> service unix:/var/spool/postfix/spamass/spamass.sock: No such file or
                              >>>>> directory
                              >>>> Does /var/spool/postfix/spamass/spamass.sock exist?
                              >>>>
                              >>>> Why do you believe that Postfix chroot is turned off?
                              >>>>
                              >>>> Wietse
                              >>> Because:
                              >>> # ls -ld /var/spool/postfix/spamass/spamass.sock
                              >>> srw-rw---- 1 postfix postfix 0 Nov 11 15:08
                              >>> /var/spool/postfix/spamass/spamass.sock
                              >> Turn off selinux.
                              >>
                              >> Turn off apparmor.
                              >>
                              >> Or tell them that it is OK for Postfix to access the socket in this
                              >> location.
                              >>
                              >> Wietse
                              > Hi, I am not using SELinux nor apparmor that I am aware of.
                              >
                              > # dpkg -l apparmor
                              > No packages found matching apparmor.
                              > # dpkg -l selinux-basics selinux-policy-default
                              > No packages found matching selinux-basics.
                              > No packages found matching selinux-policy-default.
                              >
                              > And just in case for auditd:
                              > # auditctl -l
                              > No rules
                              >
                              Problem solved :

                              "try a relative pathname:
                              smtpd_milters = unix:spamass/spamass.sock

                              chroot or not chroot, it's always relative to the current directory
                              ( postconf ${queue_directory} in most cases )"

                              ,

                              smtpd_milters = unix:/spamass/spamass.sock
                              to this
                              smtpd_milters = unix:spamass/spamass.sock

                              And now this works :D
                            • Wietse Venema
                              ... Then, you had chroot still turned on (forgot to postfix reload after editing master.cf).
                              Message 14 of 15 , Nov 12, 2013
                                Simon Loewenthal:
                                >
                                > "try a relative pathname:
                                > smtpd_milters = unix:spamass/spamass.sock

                                Then, you had chroot still turned on (forgot to "postfix reload"
                                after editing master.cf).
                              • Simon Loewenthal
                                ... Yes, I had chroot turned on yesterday and today chroot was turned off. Today, I was running without the milter because it did not work, and therefore no I
                                Message 15 of 15 , Nov 12, 2013
                                  On 12/11/2013 21:03, Wietse Venema wrote:
                                  > Simon Loewenthal:
                                  >> "try a relative pathname:
                                  >> smtpd_milters = unix:spamass/spamass.sock
                                  > Then, you had chroot still turned on (forgot to "postfix reload"
                                  > after editing master.cf).
                                  Yes, I had chroot turned on yesterday and today chroot was turned off.
                                  Today, I was running without the milter because it did not work, and
                                  therefore no I did not forget to "postfix reload" :-)


                                  Thanks to everyone for their patience and help.
                                Your message has been successfully submitted and would be delivered to recipients shortly.