Hello I have changed my MTA from sendmail to postfix and now i am not able to use procmail with postfix. I think it is the rights problem. I log procmail to a file /tmp/procmail.log and i keep all incoming mails in /var/spool/mail/postall and if you look at the file privileges, after sending mail for the first time, you see: -rw------- 1 john users 656 Sep 8 15:06 /tmp/procmail.log and the same for /var/spool/mail/postall. That is the state of the files after i sent mail from a user to user john. And then when I am trying to send mail to different user, the log says error while writting /tmp/procmail.log. Obviously considering the rights of the file. That means procmail always start its processes as user $LOGNAME (maybe not all of them) So is there any other way how to fix it than just change the rights of the file /tmp/procmail.log for group -w- and all the files in /var/spool/mail/... and /var/spool/mail/postall and so on I think this solution is not very secure, all the mailboxes of the users with rights for group "users" writable. All my users are in the group "users" I am starting procmail as user nobody in the file master.cf and in the file main.cf using mailbox_command = /usr/bin/procmail Jan West
Jan West said:
Hello I have changed my MTA from sendmail to postfix and now i am not able to use procmail with postfix. I think it is the rights problem. I log procmail to a file /tmp/procmail.log and i keep all incoming mails in /var/spool/mail/postall and if you look at the file privileges, after sending mail for the first time, you see: -rw------- 1 john users 656 Sep 8 15:06 /tmp/procmail.log and the same for /var/spool/mail/postall. That is the state of the files after i sent mail from a user to user john. And then when I am trying to send mail to different user, the log says error while writting /tmp/procmail.log. Obviously considering the rights of the file. That means procmail always start its processes as user $LOGNAME (maybe not all of them) So is there any other way how to fix it than just change the rights of the file /tmp/procmail.log for group -w- and all the files in /var/spool/mail/... and /var/spool/mail/postall and so on I think this solution is not very secure, all the mailboxes of the users with rights for group "users" writable. All my users are in the group "users"
I am starting procmail as user nobody in the file master.cf and in the file main.cf using mailbox_command = /usr/bin/procmail
Jan West
Have you changed the local MDA setting in postfix? Have a look at /etc/sysconfif/postfix make sure you have: POSTFIX_MDA=procmail by default this will be local, hence procmail won't be invoked. Once you have made the change run SuSEconfig and restart postfix David -- David Bottrill david@bottrill.org www.bottrill.org Registered Linux user number 330730 Internet SIP Phone: 1-747-244-2699
David Bottrill wrote:
Jan West said:
Hello I have changed my MTA from sendmail to postfix and now i am not able to use procmail with postfix. I think it is the rights problem. I log procmail to a file /tmp/procmail.log and i keep all incoming mails in /var/spool/mail/postall and if you look at the file privileges, after sending mail for the first time, you see: -rw------- 1 john users 656 Sep 8 15:06 /tmp/procmail.log and the same for /var/spool/mail/postall. That is the state of the files after i sent mail from a user to user john. And then when I am trying to send mail to different user, the log says error while writting /tmp/procmail.log. Obviously considering the rights of the file. That means procmail always start its processes as user $LOGNAME (maybe not all of them) So is there any other way how to fix it than just change the rights of the file /tmp/procmail.log for group -w- and all the files in /var/spool/mail/... and /var/spool/mail/postall and so on I think this solution is not very secure, all the mailboxes of the users with rights for group "users" writable. All my users are in the group "users"
I am starting procmail as user nobody in the file master.cf and in the file main.cf using mailbox_command = /usr/bin/procmail
Jan West
Have you changed the local MDA setting in postfix?
Have a look at /etc/sysconfif/postfix
make sure you have:
POSTFIX_MDA=procmail
by default this will be local, hence procmail won't be invoked.
Once you have made the change run SuSEconfig and restart postfix
David
thanks for your answer I have changed POSTFIX_MDA=procmail but it is still the same here is the log Sep 8 16:44:51 mail postfix/qmgr[23988]: 2BBCF6CF34: removed Sep 8 16:44:59 mail postfix/pickup[23987]: 1540D6CF34: uid=1001 from=<west> Sep 8 16:44:59 mail postfix/cleanup[23999]: 1540D6CF34: message-id=<413F1AEA.mailIJ211VENP@mail.kravare.cz> Sep 8 16:44:59 mail postfix/qmgr[23988]: 1540D6CF34: from=<west@kravare.cz>, size=869, nrcpt=1 (queue active) Sep 8 16:44:59 mail procmail[24019]: Error while writing to "/tmp/log-procmail.log" Sep 8 16:44:59 mail postfix/local[24001]: 1540D6CF34: to=<hahnm@kravare.cz>, orig_to=<hahnm>, relay=local, delay=1, status=sent (delivered to command: /usr/bin/procmail) Sep 8 16:44:59 mail postfix/qmgr[23988]: 1540D6CF34: removed
On Wednesday 08 September 2004 16:58, Jan West wrote:
Sep 8 16:44:59 mail procmail[24019]: Error while writing to "/tmp/log-procmail.log" Sep 8 16:44:59 mail postfix/local[24001]: 1540D6CF34: to=<hahnm@kravare.cz>, orig_to=<hahnm>, relay=local, delay=1, status=sent (delivered to command: /usr/bin/procmail)
I would say these lines tell you that it is in fact delivering to procmail. check your /etc/procmailrc and/or .procmailrc files to see where procmail is setup to send mail. If nothing is set up, your mail will probably land in /var/spool/mail -- Kind regards Hans du Plooy Newington Consulting Services hansdp at newingtoncs dot co dot za
Jan wrote regarding '[SLE] Procmail + postfix' on Wed, Sep 08 at 08:54:
Hello I have changed my MTA from sendmail to postfix and now i am not able to use procmail with postfix. I think it is the rights problem. I log procmail to a file /tmp/procmail.log and i keep all incoming mails in /var/spool/mail/postall and if you look at the file privileges, after sending mail for the first time, you see: -rw------- 1 john users 656 Sep 8 15:06 /tmp/procmail.log and the same for /var/spool/mail/postall. That is the state of the files after i sent mail from a user to user john. And then when I am trying to send mail to different user, the log says error while writting /tmp/procmail.log. Obviously considering the rights of the file. That means procmail always start its processes as user $LOGNAME (maybe not all of them) So is there any other way how to fix it than just change the rights of the file /tmp/procmail.log for group -w- and all the files in /var/spool/mail/... and /var/spool/mail/postall and so on I think this solution is not very secure, all the mailboxes of the users with rights for group "users" writable. All my users are in the group "users"
I am starting procmail as user nobody in the file master.cf and in the file main.cf using mailbox_command = /usr/bin/procmail
So, is the reasoning behind this that you want one directory to get a copy of all incoming mail? If so, you should look into postfix's always_bcc option instead. Anyway, procmail assumes the UID of the message's recipient. So, you can't have it logging to a file that's only writable by one user if the process is gonna run as multiple users - unless you make that file writable by all the users procmail will run under. I assume that you have set LOGFILE in /etc/procmailrc. A possible solution would be to set LOGFILE to /tmp/procmail-$LOGNAME.log or something similar, or maybe /tmp/procmail_log/$LOGNAME. You might also consider setting VERBOSE=1 in /etc/procmailrc in order to get more verbose debug logs, if you're still having problems with it. --Danny
Jan wrote regarding '[SLE] Procmail + postfix' on Wed, Sep 08 at 08:54:
Hello I have changed my MTA from sendmail to postfix and now i am not able to use procmail with postfix. I think it is the rights problem. I log procmail to a file /tmp/procmail.log and i keep all incoming mails in /var/spool/mail/postall and if you look at the file privileges, after sending mail for the first time, you see: -rw------- 1 john users 656 Sep 8 15:06 /tmp/procmail.log and the same for /var/spool/mail/postall. That is the state of the files after i sent mail from a user to user john. And then when I am trying to send mail to different user, the log says error while writting /tmp/procmail.log. Obviously considering the rights of the file. That means procmail always start its processes as user $LOGNAME (maybe not all of them) So is there any other way how to fix it than just change the rights of the file /tmp/procmail.log for group -w- and all the files in /var/spool/mail/... and /var/spool/mail/postall and so on I think this solution is not very secure, all the mailboxes of the users with rights for group "users" writable. All my users are in the group "users"
I am starting procmail as user nobody in the file master.cf and in the file main.cf using mailbox_command = /usr/bin/procmail
So, is the reasoning behind this that you want one directory to get a copy of all incoming mail? If so, you should look into postfix's always_bcc option instead.
Anyway, procmail assumes the UID of the message's recipient. So, you can't have it logging to a file that's only writable by one user if the process is gonna run as multiple users - unless you make that file writable by all the users procmail will run under. I assume that you have set LOGFILE in /etc/procmailrc. A possible solution would be to set LOGFILE to /tmp/procmail-$LOGNAME.log or something similar, or maybe /tmp/procmail_log/$LOGNAME.
You might also consider setting VERBOSE=1 in /etc/procmailrc in order to get more verbose debug logs, if you're still having problems with it.
--Danny
I will try the option always_bcc, it seems to be ok. Logging procmail acording to $LOGNAME is quite goot idea, i will go for it. thanx But there is still one problem with the file rights. I filter via procmail all the exe, bat, pif ... files and keep them in file /tmp/executable.files. This file has the rights as above -rw------, and i dont want to have it divided acording to $LOGNAME. sometimes i check the executable files with pine -f /tmp/executable.files. I would be annoying to check every users executable files. How to solve this one? Jan
Jan wrote regarding 'Re: [SLE] Procmail + postfix' on Thu, Sep 09 at 02:48: [...]
But there is still one problem with the file rights. I filter via procmail all the exe, bat, pif ... files and keep them in file /tmp/executable.files. This file has the rights as above -rw------, and i dont want to have it divided acording to $LOGNAME. sometimes i check the executable files with pine -f /tmp/executable.files. I would be annoying to check every users executable files. How to solve this one?
Make a directory for those things, say, /tmp/executable.files/, and put each user's messages into a file names $LOGNAME within that directory. You can then use any arbitrary program to see fi the files have grown. If you set the mode to 1775 (or 1777 if you don't wanna make a group), then users can only modify their own files or create new ones. If you have a mail program that can handle maildirs, you could make /tmp/executable.files/ as a directory, then make 3 dirs inside - "cur", "new", and "tmp". Make all three of those subdirs mode 1775 (or 1777, as above). Then the permission problem goes away, since each message is stored as a seperate file, but you can see them all when you view that directory in, say, mutt. Set procmail to deliver to the /tmp/executable.files/ directory (note the trailing slash!) and forget that there are three dirs in there. You can use solution #2 even if you don't have a maildir-compatible reader. The messages will go into the "new" subdir by default, and each message will be a seperate file. Personally, I prefer to just reject those messages using header checks in postfix, but that's just me. There's lots of documentation on how to do that online - both at postfix.org and on the postfix mailing list (which is searchable on google groups as the list mailers.postfix.users or something like that). In general, if you want to do somethign server-wide, you shoudl probably be doing it with a filter in postfix rather than as a global procmail rule. IMHO. --Danny
My problem is hereby SOLVED ...thanks to the parcipitants in this thread! Thanks, folks! -- "Yogi" CH Namaste Yoga Studio
The Wednesday 2004-09-08 at 15:53 +0200, Jan West wrote:
Obviously considering the rights of the file. That means procmail always start its processes as user $LOGNAME (maybe not all of them)
Correct, and that is intended. Exception is root: it is sent to 'nobody' instead, because postfix refuses to call procmail as root. Security reasons. I think you will have to change your procmail recipes accordingly. -- Cheers, Carlos Robinson
participants (6)
-
C Hamel -
Carlos E. R. -
Danny Sauer -
David Bottrill -
Hans du Plooy -
Jan West