OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Re: Problem in using Postfix sendmail by non-root users

From: Rolf E. Sonneveld (R.E.Sonneveldsonnection.nl)
Date: Thu Jan 03 2008 - 08:22:01 CST


mouss wrote:
> Rolf E. Sonneveld wrote:
>> Hi,
>>
>> running:
>> mail_version = 2.4.6
>>
>> Installed postfix from source, using --prefix=/usr/local/postfix
>> Configuration file(s) reside in /usr/local/postfix/etc
>>
>> Systemwide MAIL_CONFIG set to: /usr/local/postfix/etc
>>
>> Config directory in main.cf specified as:
>>
>> alternate_config_directories =
>> config_directory = /usr/local/postfix/etc
>>
>> According to the documentation, any user should be able to send mail
>> using the sendmail command (see http://www.postfix.org/postconf.5.html):
>>
>> *authorized_submit_users (default: static:anyone)*
>>
>> List of users who are authorized to submit mail with the sendmail(1)
>> <http://www.postfix.org/sendmail.1.html> command (and with the
>> privileged postdrop(1) <http://www.postfix.org/postdrop.1.html>
>> helper command).
>>
>> By default, all users are allowed to submit mail. Otherwise, the
>> real UID of the process is looked up in the system password file,
>> and access is granted only if the corresponding login name is on the
>> access list. The username "unknown" is used for processes whose real
>> UID is not found in the password file. To deny mail submission
>> access to all users specify an empty list.
>>
>> Specify a list of user names, "/file/name" or "type:table
>> <http://www.postfix.org/DATABASE_README.html>" patterns, separated
>> by commas and/or whitespace. The list is matched left to right, and
>> the search stops on the first match. A "/file/name" pattern is
>> replaced by its contents; a "type:table
>> <http://www.postfix.org/DATABASE_README.html>" lookup table is
>> matched when a name matches a lookup key (the lookup result is
>> ignored). Continue long lines by starting the next line with
>> whitespace. Specify "!pattern" to exclude a user name from the list.
>> The form "!/file/name" is supported only in Postfix version 2.4 and
>> later.
>>
>> Example:
>>
>> authorized_submit_users
>> <http://www.postfix.org/postconf.5.html#authorized_submit_users> =
>> !www, static:all
>> This feature is available in Postfix 2.2 and later.
>>
>>
>>
>> The actual configuration setting is:
>>
>> [userhost ~]$ postconf authorized_submit_users
>> authorized_submit_users = static:anyone
>>
>> The static map is supported:
>>
>> [userhost ~]$ postconf -m
>> btree
>> cidr
>> environ
>> hash
>> ldap
>> nis
>> pcre
>> proxy
>> regexp
>> static
>> unix
>>
>> However, when a user (not being root) tries to send mail, using the
>> sendmail command, the user gets an error message:
>>
>> [userhost ~]$ echo "test" | sendmail joe.usergmail.com
>> postdrop: fatal: open file /etc/postfix/main.cf: No such file or
>> directory
>> sendmail: warning: command "/usr/local/postfix/sbin/postdrop -r"
>> exited with status 1
>> sendmail: fatal: user(364): unable to execute
>> /usr/local/postfix/sbin/postdrop -r: Success
>>
>> When the -C switch is being used, the same problem:
>>
>> [userhost ~]$ echo "test" | sendmail -C /usr/local/postfix/etc
>> joe.usergmail.com
>> postdrop: fatal: open file /etc/postfix/main.cf: No such file or
>> directory
>> sendmail: warning: command "/usr/local/postfix/sbin/postdrop -r"
>> exited with status 1
>> sendmail: fatal: user(364): unable to execute
>> /usr/local/postfix/sbin/postdrop -r: Success
>>
>> The sendmail being used here is:
>>
>> [userhost ~]$ which sendmail
>> /usr/sbin/sendmail
>> [userhost ~]$ ls -l /usr/sbin/sendmail
>> lrwxrwxrwx 1 root root 21 Nov 14 04:04 /usr/sbin/sendmail ->
>> /etc/alternatives/mta
>> [userhost ~]$ ls -l /etc/alternatives/mta
>> lrwxrwxrwx 1 root root 32 Nov 23 15:41 /etc/alternatives/mta ->
>> /usr/local/postfix/sbin/sendmail
>> [userhost ~]$ ls -l /usr/local/postfix/sbin/sendmail
>> -rwxr-xr-x 1 root root 700607 Nov 16 15:42
>> /usr/local/postfix/sbin/sendmail
>>
>> When the primary group of the user is set to postdrop (the group
>> owner of the postdrop command) the problem is gone. And when the same
>> command is run from the user root, no problem shows up.
>>
>> The protections in /usr/local/postfix/sbin:
>>
>> [userhost ~]$ ls -l /usr/local/postfix/sbin
>> total 6152
>> -rwxr-xr-x 1 root root 647279 Nov 16 15:42 postalias
>> -rwxr-xr-x 1 root root 390704 Nov 16 15:42 postcat
>> -rwxr-xr-x 1 root root 715907 Nov 16 15:42 postconf
>> -rwxr-sr-x 1 root postdrop 611613 Nov 16 15:42 postdrop
>> -rwxr-xr-x 1 root root 346124 Nov 16 15:42 postfix
>> -rwxr-xr-x 1 root root 382150 Nov 16 15:42 postkick
>> -rwxr-xr-x 1 root root 375437 Nov 16 15:42 postlock
>> -rwxr-xr-x 1 root root 355693 Nov 16 15:42 postlog
>> -rwxr-xr-x 1 root root 618560 Nov 16 15:42 postmap
>> -rwxr-sr-x 1 root postdrop 663635 Nov 16 15:42 postqueue
>> -rwxr-xr-x 1 root root 409606 Nov 16 15:42 postsuper
>> -rwxr-xr-x 1 root root 700607 Nov 16 15:42 sendmail
>>
>> Any thoughts on what might be wrong here?
>
>
> where is output of 'postconf -n'? This would have shown what config
> dir postfix is using.

Here it is:

[userhost ~]$ postconf -n
alias_database =
alias_maps =
hash:/usr/local/postfix/etc/aliases,hash:/usr/local/mailman/data/aliases
alternate_config_directories =
bounce_queue_lifetime = 4d
broken_sasl_auth_clients = yes
canonical_classes = envelope_sender, header_sender, header_recipient
canonical_maps = hash:/usr/local/postfix/etc/canonical
command_directory = /usr/local/postfix/sbin
config_directory = /usr/local/postfix/etc
content_filter = amavisfeed:[127.0.0.1]:10024
daemon_directory = /usr/local/postfix/libexec
debug_peer_level = 2
hopcount_limit = 50
html_directory = /usr/local/postfix/html
inet_interfaces = all
local_recipient_maps = hash:/usr/local/postfix/etc/aliases,
hash:/usr/local/mailman/data/aliases
mail_owner = postfix
mailq_path = /usr/local/postfix/bin/mailq
manpage_directory = /usr/local/postfix/man
maximal_backoff_time = 2h
maximal_queue_lifetime = 4d
message_size_limit = 13981013
minimal_backoff_time = 30m
mydestination = $myhostname, localhost.$mydomain, localhost, hostname,
$myorigin
mydomain = mydomain.com
myhostname = mx1.mydomain.com
mynetworks = cidr:/usr/local/postfix/etc/mynetworks
myorigin = hostname.mydomain.com
newaliases_path = /bin/newaliases
parent_domain_matches_subdomains =
debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,smtpd_access_maps
queue_directory = /usr/local/postfix/spool
queue_run_delay = 300s
readme_directory = no
recipient_delimiter = +
relay_domains = hash:/usr/local/postfix/etc/relay_domains
relay_recipient_maps =
proxy:ldap:/usr/local/postfix/etc/relay_recipients.ldap
hash:/usr/local/postfix/etc/virtual
hash:/usr/local/postfix/etc/virtual_lists
proxy:ldap:/usr/local/postfix/etc/virtual_group.ldap
hash:/usr/local/postfix/etc/relay_recipients
sample_directory = /usr/local/postfix/etc
sendmail_path = /usr/local/postfix/sbin/sendmail
setgid_group = postdrop
smtp_generic_maps = hash:/usr/local/postfix/etc/generic
smtpd_client_restrictions = check_client_access
cidr:/usr/local/postfix/etc/access_internal_allow.cidr
cidr:/usr/local/postfix/etc/access_internal_deny.cidr
cidr:/usr/local/postfix/etc/access_external_allow.cidr
smtpd_delay_reject = no
smtpd_helo_required = yes
smtpd_recipient_limit = 100
smtpd_recipient_restrictions = permit_mynetworks
permit_sasl_authenticated reject_unauth_destination
smtpd_sasl_auth_enable = no
smtpd_sasl_authenticated_header = no
smtpd_sasl_path = /usr/local/postfix/spool/private/auth
smtpd_sasl_type = dovecot
soft_bounce = no
transport_maps = proxy:ldap:/usr/local/postfix/etc/transport.ldap
hash:/usr/local/postfix/etc/transport.misc
hash:/usr/local/postfix/etc/transport.internet
hash:/usr/local/postfix/etc/transport.reject
unknown_local_recipient_reject_code = 550
virtual_alias_domains = lists.mydomain.com
virtual_alias_maps = hash:/usr/local/postfix/etc/virtual
regexp:/usr/local/postfix/etc/virtual.regexp
hash:/usr/local/postfix/etc/virtual_postmaster
hash:/usr/local/postfix/etc/virtual_lists
proxy:ldap:/usr/local/postfix/etc/virtual_group.ldaphash:/usr/local/mailman/data/virtual-mailman

> apparently, it is looking for config in /etc/postfix/, not in
> /usr/local/postfix/etc/.

As you can see:

config_directory = /usr/local/postfix/etc

>
> Is there any reason you want this "custom" directory. It is generally
> a bad idea to fight against the system...

I'm not a sysadmin. The sysadmins of this site has chosen to install all
applications under /usr/local. I have another customer who always tries
to install everyl application under /usr/appl. Many sysadmins have
different views on how to manage a system; I can't judge whether their
reasons are good or not; in general I think an application should not
dictate where to install it. And Postfix provides the handles
(MAIL_CONFIG and config_directory) to deviate from the standard install.

/rolf