Loading ...
Sorry, an error occurred while loading the content.

Configuration issues with milter socket and non chrooted smtp

Expand Messages
  • Simon Loewenthal
    Hi there, If I turn off chroot for smpt then postfix cannot access the milter using the fully qualified path name and if I turn on chroot, then postfix can
    Message 1 of 12 , Nov 12, 2013
    • 0 Attachment

      Hi there,

       

       If I turn off chroot for smpt then postfix cannot access the milter using the fully qualified path name and if I turn on chroot, then postfix can access the socket using the chrooted value.  Server is Debian 6 running with Postfix 2.9.3-2.1~bpo60+1.

      Values running smpd in default chroot environment, and smtp chroots to /var/spool/postfix.

        smtpd_milters = unix:/spamass/spamass.sock

      Values running smtp in non-chroot environment,

        smtpd_milters = unix:/var/spool/postfix/spamass/spamass.sock

      Error message is this:

        Nov 12 13:37:08 lt postfix/smtpd[30776]: warning: connect to Milter service unix:/var/spool/postfix/spamass/spamass.sock: No such file or directory

      Files and directories were present and rw for postfix user,

        # ls -ld  /var/spool/postfix/spamass/spamass.sock
        srw-rw---- 1 postfix postfix 0 Nov 11 15:08 /var/spool/postfix/spamass/spamass.sock

        # ls -ld  /var/spool/postfix/spamass/
        drwxr-xr-x 2 spamass-milter root 1024 Nov 11 15:08 /var/spool/postfix/spamass/

      The milter works perfectly well and responded correctly, and the milter is spamass-milter.

      I'd be very grateful for some tips.

      Thanks, Si

    • Wietse Venema
      ... As the name suggests, chroot CHanges the ROOT directory. Don t turn it on if you can t handle it. Wietse
      Message 2 of 12 , Nov 12, 2013
      • 0 Attachment
        Simon Loewenthal:
        > Hi there,
        >
        > If I turn off chroot for smpt then postfix cannot access the milter
        > using the fully qualified path name and if I turn on chroot, then

        As the name suggests, chroot CHanges the ROOT directory. Don't turn
        it on if you can't handle it.

        Wietse
      • Simon Loewenthal
        You misread my email. I don t want chroot on. I want it off, but sockets to the milter won t work with it on. On is default with Debian.
        Message 3 of 12 , Nov 12, 2013
        • 0 Attachment

          You misread my email.  I don't want chroot on. I want it off, but sockets to the milter won't work with it on. On is default with Debian.

           

           

          On 2013-11-12 14:26, wietse@... wrote:

          Simon Loewenthal:
          Hi there, If I turn off chroot for smpt then postfix cannot access the milter using the fully qualified path name and if I turn on chroot, then
          As the name suggests, chroot CHanges the ROOT directory. Don't turn
          it on if you can't handle it.
          
          	Wietse
          
        • Wietse Venema
          ... To turn off chroot, edit master.cf, then postfix reload . Look in the maillog file for error or warning messages. Wietse
          Message 4 of 12 , Nov 12, 2013
          • 0 Attachment
            Simon Loewenthal:
            > You misread my email. I don't want chroot on. I want it off, but sockets
            > to the milter won't work with it on. On is default with Debian.

            To turn off chroot, edit master.cf, then "postfix reload".
            Look in the maillog file for error or warning messages.

            Wietse
          • Andreas Schulze
            ... use inet sockets. that avoid any socketpath/chroot problems. works perfect in most cases until the inet overhead hurts. And it hurts only at *very high*
            Message 5 of 12 , Nov 12, 2013
            • 0 Attachment
              Am 12.11.2013 13:50 schrieb Simon Loewenthal:
              > Values running smpd in default chroot environment, and smtp chroots to
              > /var/spool/postfix.

              use inet sockets. that avoid any socketpath/chroot problems.

              works perfect in most cases until the inet overhead hurts. And it hurts
              only at *very high* message volume ...

              running postfix at isp level with 6 milters (via inet) is no problem.

              Andreas
            • Simon Loewenthal
              ... Hi Andreas, Thanks for your email. I don t understand why everyone thinks there is a problem with chroot. I m _not_using chroot!!! My subject line states
              Message 6 of 12 , Nov 12, 2013
              • 0 Attachment
                On 12/11/2013 18:46, Andreas Schulze wrote:
                Am 12.11.2013 13:50 schrieb Simon Loewenthal:
                
                Values running smpd in default chroot environment, and smtp chroots to
                /var/spool/postfix. 
                
                use inet sockets. that avoid any socketpath/chroot problems.
                
                works perfect in most cases until the inet overhead hurts. And it hurts
                only at *very high* message volume ...
                
                running postfix at isp level with 6 milters (via inet) is no problem.
                
                Andreas
                
                Hi Andreas,

                    Thanks for your email. I don't understand why everyone thinks there is a problem with chroot.  I'm _not_using chroot!!!  My subject line states "...and non chrooted ...". 

                Back to milters, I would be happy to be using  inet sockets but spamass-milter from that I can see only allows file sockets.


                Many thanks for you reply,
                Si
              • Andreas Schulze
                ... try a relative pathname: smtpd_milters = unix:spamass/spamass.sock chroot or not chroot, it s always relative to the current directory ( postconf
                Message 7 of 12 , Nov 12, 2013
                • 0 Attachment
                  Am 12.11.2013 13:50 schrieb Simon Loewenthal:
                  > smtpd_milters = unix:/spamass/spamass.sock
                  try a relative pathname:
                  smtpd_milters = unix:spamass/spamass.sock

                  chroot or not chroot, it's always relative to the current directory
                  ( postconf ${queue_directory} in most cases )

                  Andreas
                • Simon Loewenthal
                  ... Andreas, thank-you so much! Problem solved by changing this, smtpd_milters = unix:/spamass/spamass.sock to this smtpd_milters = unix:spamass/spamass.sock
                  Message 8 of 12 , Nov 12, 2013
                  • 0 Attachment
                    On 12/11/2013 20:50, Andreas Schulze wrote:
                    > Am 12.11.2013 13:50 schrieb Simon Loewenthal:
                    >> smtpd_milters = unix:/spamass/spamass.sock
                    > try a relative pathname:
                    > smtpd_milters = unix:spamass/spamass.sock
                    >
                    > chroot or not chroot, it's always relative to the current directory
                    > ( postconf ${queue_directory} in most cases )
                    >
                    > Andreas
                    Andreas, thank-you so much! Problem solved by changing this,

                    smtpd_milters = unix:/spamass/spamass.sock
                    to this
                    smtpd_milters = unix:spamass/spamass.sock

                    And now this works :D

                    I shall add this to the other thread for historical preservation.
                  • Wietse Venema
                    ... Why were you complaining about smtpd[30776]: warning: connect to Milter service unix:/var/spool/postfix/spamass/spamass.sock: No such file or directory.
                    Message 9 of 12 , Nov 12, 2013
                    • 0 Attachment
                      Simon Loewenthal:
                      > Andreas, thank-you so much! Problem solved by changing this,
                      >
                      > smtpd_milters = unix:/spamass/spamass.sock
                      > to this
                      > smtpd_milters = unix:spamass/spamass.sock

                      Why were you complaining about smtpd[30776]: warning: connect to
                      Milter service unix:/var/spool/postfix/spamass/spamass.sock: No
                      such file or directory.

                      Wietse
                    • Simon Loewenthal
                      ... Because I tried running with the milter several times trying to figure out where I had gone wrong. After I got the error messages I removed the milter
                      Message 10 of 12 , Nov 12, 2013
                      • 0 Attachment
                        On 12/11/2013 21:06, Wietse Venema wrote:
                        > Simon Loewenthal:
                        >> Andreas, thank-you so much! Problem solved by changing this,
                        >>
                        >> smtpd_milters = unix:/spamass/spamass.sock
                        >> to this
                        >> smtpd_milters = unix:spamass/spamass.sock
                        > Why were you complaining about smtpd[30776]: warning: connect to
                        > Milter service unix:/var/spool/postfix/spamass/spamass.sock: No
                        > such file or directory.
                        >
                        > Wietse
                        Because I tried running with the milter several times trying to figure
                        out where I had gone wrong. After I got the error messages I removed
                        the milter from smtpd_milters and reloaded postfix.
                      • Wietse Venema
                        ... In your case the configuration was /spamass/spamass.sock but you were reporting an error message for a configuration with
                        Message 11 of 12 , Nov 12, 2013
                        • 0 Attachment
                          Simon Loewenthal:
                          > On 12/11/2013 21:06, Wietse Venema wrote:
                          > > Simon Loewenthal:
                          > >> Andreas, thank-you so much! Problem solved by changing this,
                          > >>
                          > >> smtpd_milters = unix:/spamass/spamass.sock
                          > >> to this
                          > >> smtpd_milters = unix:spamass/spamass.sock
                          > > Why were you complaining about smtpd[30776]: warning: connect to
                          > > Milter service unix:/var/spool/postfix/spamass/spamass.sock: No
                          > > such file or directory.
                          > >
                          > Because I tried running with the milter several times trying to figure
                          > out where I had gone wrong. After I got the error messages I removed
                          > the milter from smtpd_milters and reloaded postfix.

                          In your case the configuration was /spamass/spamass.sock but you
                          were reporting an error message for a configuration with
                          /var/spool/postfix/spamass/spamass.sock.

                          Please report consistent error and configuration information.

                          Wietse
                        • Simon Loewenthal
                          ... I reported one working example from when I ran in chroot mode, and one broken example when I ran without chroot. My apologies if this had been misleading.
                          Message 12 of 12 , Nov 12, 2013
                          • 0 Attachment
                            On 12/11/2013 21:16, Wietse Venema wrote:
                            > Simon Loewenthal:
                            >> On 12/11/2013 21:06, Wietse Venema wrote:
                            >>> Simon Loewenthal:
                            >>>> Andreas, thank-you so much! Problem solved by changing this,
                            >>>>
                            >>>> smtpd_milters = unix:/spamass/spamass.sock
                            >>>> to this
                            >>>> smtpd_milters = unix:spamass/spamass.sock
                            >>> Why were you complaining about smtpd[30776]: warning: connect to
                            >>> Milter service unix:/var/spool/postfix/spamass/spamass.sock: No
                            >>> such file or directory.
                            >>>
                            >> Because I tried running with the milter several times trying to figure
                            >> out where I had gone wrong. After I got the error messages I removed
                            >> the milter from smtpd_milters and reloaded postfix.
                            > In your case the configuration was /spamass/spamass.sock but you
                            > were reporting an error message for a configuration with
                            > /var/spool/postfix/spamass/spamass.sock.
                            >
                            > Please report consistent error and configuration information.
                            >
                            > Wietse
                            I reported one working example from when I ran in chroot mode, and one
                            broken example when I ran without chroot. My apologies if this had been
                            misleading.
                          Your message has been successfully submitted and would be delivered to recipients shortly.