1 Topic by sherwood

  • sherwood
  • Member
  • Offline
  • Registered: 2010-04-19
  • Posts: 20

Topic: postfix/proxymap permission issue

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.5-1
- Linux/BSD distribution name and version: centos 7.2.1511 (openvz)
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? no
- Related log if you're reporting an issue: /var/log/maillog
====

I did a new iRedMail installation on a hosted virtual centos 7.2 box.

After the installation I had some trouble with slapd an insufficient rights in /etc/openldap. slapd wan not able to start and therefor the installer was not able to create the necessary LDAP entries.
I could fix the rights issue with the following:
   chown -R ldap:ldap /etc/openldap

To get the missing LDAP entries I've started the iRedMail installation again.

Everything went fine, just had to change the MySQL password of the iRedAdmin settings.py back to the one from the first installation, cause MySQL kept the old ones.


I'm able to login to iRedMail admin and LDAP looks fine too.

The issue I've is, that I'm not able to get postfix working.
When I start de demon I'll get the following errors in /var/log/maillog:

postfix/proxymap[5480]: error: open /etc/postfix/ldap/relay_domains.cf: Permission denied
Jun 14 14:24:01 h2580380 sSMTP[5488]: Unable to locate mail
Jun 14 14:24:01 h2580380 sSMTP[5488]: Cannot open mail:25


The permission are all correct :

-rw-r----- 1 root postfix  425 14. Jun 10:19 catchall_maps.cf
-rw-r----- 1 root postfix  489 14. Jun 10:19 recipient_bcc_maps_domain.cf
-rw-r----- 1 root postfix  533 14. Jun 10:19 recipient_bcc_maps_user.cf
-rw-r----- 1 root postfix  496 14. Jun 12:25 relay_domains.cf
-rw-r----- 1 root postfix  483 14. Jun 10:19 sender_bcc_maps_domain.cf
-rw-r----- 1 root postfix  527 14. Jun 10:19 sender_bcc_maps_user.cf
-rw-r----- 1 root postfix  450 14. Jun 10:19 sender_dependent_relayhost_maps_domain.cf
-rw-r----- 1 root postfix  442 14. Jun 10:19 sender_dependent_relayhost_maps_user.cf
-rw-r----- 1 root postfix  483 14. Jun 10:19 sender_login_maps.cf
-rw-r----- 1 root postfix  447 14. Jun 10:19 transport_maps_domain.cf
-rw-r----- 1 root postfix  439 14. Jun 10:19 transport_maps_user.cf
-rw-r----- 1 root postfix  523 14. Jun 10:19 virtual_alias_maps.cf
-rw-r----- 1 root postfix  588 14. Jun 10:19 virtual_group_maps.cf
-rw-r----- 1 root postfix  486 14. Jun 10:19 virtual_group_members_maps.cf
-rw-r----- 1 root postfix  499 14. Jun 10:19 virtual_mailbox_domains.cf
-rw-r----- 1 root postfix  528 14. Jun 10:19 virtual_mailbox_maps.cf

I'm also able to access LDAP with the configured relay_domains.cf credentials :

ldapsearch -x -D 'cn=vmail,dc=xyz,dc=net' -W -b "o=domains,dc=xyz,dc=net" dn

# extended LDIF
#
# LDAPv3
# base <o=domains,dc=xyz,dc=net> with scope subtree
# filter: (objectclass=*)
# requesting: dn
#
.
.
.
# search result
search: 2
result: 0 Success

# numResponses: 8
# numEntries: 7


I don't have any clue where it stuck. Anyone have a clue where I can investigate more?
Do I have to take care about other config files regarding a MySQL password change?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,170

Re: postfix/proxymap permission issue

sherwood wrote:

postfix/proxymap[5480]: error: open /etc/postfix/ldap/relay_domains.cf: Permission denied

What's the log context before/after this line?

sherwood wrote:

Jun 14 14:24:01 h2580380 sSMTP[5488]: Unable to locate mail
Jun 14 14:24:01 h2580380 sSMTP[5488]: Cannot open mail:25

What's sSMTP?

3 Reply by sherwood

  • sherwood
  • Member
  • Offline
  • Registered: 2010-04-19
  • Posts: 20

Re: postfix/proxymap permission issue

there's no more context before the error. 

postfix/postfix-script[5387]: stopping the Postfix mail system
Jun 14 14:23:16 postfix/master[3696]: terminating on signal 15
Jun 14 14:23:17 postfix/postfix-script[5475]: starting the Postfix mail system
Jun 14 14:23:17 postfix/master[5477]: daemon started -- version 2.10.1, configuration /etc/postfix
Jun 14 14:23:17 postfix/proxymap[5480]: error: open /etc/postfix/ldap/relay_domains.cf: Permission denied

journalctl spits out the following after a postfix restart:

aliasesdb[6709]: newaliases: In sSMTP aliases are read from a plain text file

sSMTP is sendmail, I guess it tries to deliver local mails.

NAME
       ssmtp, sendmail - send a message using smtp

SYNOPSIS
       ssmtp [ flags ] [ address ... ]
       /usr/lib/sendmail [ flags ] [ address ... ]

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,170

Re: postfix/proxymap permission issue

Do you have SELinux enabled?

5 Reply by sherwood

  • sherwood
  • Member
  • Offline
  • Registered: 2010-04-19
  • Posts: 20

Re: postfix/proxymap permission issue

ZhangHuangbin wrote:

Do you have SELinux enabled?


nope, it's disabled

sestatus 
SELinux status:                 disabled

6 Reply by sherwood

  • sherwood
  • Member
  • Offline
  • Registered: 2010-04-19
  • Posts: 20

Re: postfix/proxymap permission issue

I guess the sendmail/sSMTP error is not the problem and maybe a fact of the previous postfix.

Any idea how I can debug the postfix/proxymap issue?

7 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,170

Re: postfix/proxymap permission issue

No idea yet. Need ssh access for further debug. Are you willing to buy a support ticket?
http://www.iredmail.org/support.html

Or, maybe you can reinstall server OS and install iRedMail again?

8 Reply by sherwood

  • sherwood
  • Member
  • Offline
  • Registered: 2010-04-19
  • Posts: 20

Re: postfix/proxymap permission issue

A reinstall will not help, I'm pretty sure to bump into the same issue.


sSMTP can be disabled or better change the default centOS 7 MTA to postfix

alternatives --config mta

After that I've still the permission issues.

Jun 14 19:50:55  postfix/postfix-script[2345]: starting the Postfix mail system
Jun 14 19:50:55  postfix/master[2347]: daemon started -- version 2.10.1, configuration /etc/postfix
Jun 14 19:50:55  postfix/proxymap[2350]: error: open /etc/postfix/ldap/relay_domains.cf: Permission denied
Jun 14 19:50:55  postfix/proxymap[2350]: error: open /etc/postfix/ldap/virtual_alias_maps.cf: Permission denied
Jun 14 19:50:55  postfix/proxymap[2350]: error: open /etc/postfix/ldap/virtual_group_maps.cf: Permission denied
Jun 14 19:50:55  postfix/proxymap[2350]: error: open /etc/postfix/ldap/virtual_group_members_maps.cf: Permission denied
Jun 14 19:50:55  postfix/proxymap[2350]: error: open /etc/postfix/ldap/catchall_maps.cf: Permission denied
Jun 14 19:50:55  postfix/proxymap[2350]: error: open /etc/postfix/ldap/sender_bcc_maps_user.cf: Permission denied
Jun 14 19:50:55  postfix/proxymap[2350]: error: open /etc/postfix/ldap/sender_bcc_maps_domain.cf: Permission denied
Jun 14 19:50:55  postfix/proxymap[2350]: error: open /etc/postfix/ldap/recipient_bcc_maps_user.cf: Permission denied
Jun 14 19:50:55  postfix/proxymap[2350]: error: open /etc/postfix/ldap/recipient_bcc_maps_domain.cf: Permission denied
Jun 14 19:50:55  postfix/pickup[2348]: 417F21E00143F: uid=992 from=<sogo>
Jun 14 19:50:55  postfix/proxymap[2350]: error: open /etc/postfix/ldap/virtual_mailbox_domains.cf: Permission denied
Jun 14 19:50:55  postfix/proxymap[2350]: error: open /etc/postfix/ldap/transport_maps_user.cf: Permission denied
Jun 14 19:50:55  postfix/proxymap[2350]: error: open /etc/postfix/ldap/transport_maps_domain.cf: Permission denied
Jun 14 19:50:55  postfix/proxymap[2350]: error: open /etc/postfix/ldap/sender_dependent_relayhost_maps_user.cf: Permission denied
Jun 14 19:50:55  postfix/proxymap[2350]: fatal: too many errors - program terminated
Jun 14 19:50:56  postfix/master[2347]: warning: process /usr/libexec/postfix/proxymap pid 2350 exit status 1
Jun 14 19:50:56  postfix/trivial-rewrite[2352]: warning: private/proxymap socket: service dict_proxy_open: Success
Jun 14 19:50:57  postfix/proxymap[2353]: error: open /etc/postfix/ldap/sender_dependent_relayhost_maps_user.cf: Permission denied
Jun 14 19:50:57  postfix/proxymap[2353]: error: open /etc/postfix/ldap/sender_dependent_relayhost_maps_domain.cf: Permission denied
Jun 14 19:50:57  postfix/proxymap[2353]: error: open /etc/postfix/ldap/transport_maps_user.cf: Permission denied
Jun 14 19:50:57  postfix/proxymap[2353]: warning: ldap:/etc/postfix/ldap/transport_maps_user.cf is unavailable. open /etc/postfix/ldap/transport_maps_user.cf: Permission denied
Jun 14 19:50:57  postfix/trivial-rewrite[2352]: warning: proxy:ldap:/etc/postfix/ldap/transport_maps_user.cf lookup error for "*"
Jun 14 19:50:57  postfix/proxymap[2353]: warning: ldap:/etc/postfix/ldap/transport_maps_user.cf is unavailable. open /etc/postfix/ldap/transport_maps_user.cf: Permission denied
Jun 14 19:50:57  postfix/trivial-rewrite[2352]: warning: proxy:ldap:/etc/postfix/ldap/transport_maps_user.cf lookup error for "*"
Jun 14 19:50:57  postfix/proxymap[2353]: error: open /etc/postfix/ldap/sender_bcc_maps_user.cf: Permission denied
Jun 14 19:50:57  postfix/proxymap[2353]: warning: ldap:/etc/postfix/ldap/sender_bcc_maps_user.cf is unavailable. open /etc/postfix/ldap/sender_bcc_maps_user.cf: Permission denied

9 Reply by sherwood

  • sherwood
  • Member
  • Offline
  • Registered: 2010-04-19
  • Posts: 20

Re: postfix/proxymap permission issue

verifying the rights in /etc/postfix/ldap/* did the trick.

-rw-r----- 1 root    postfix  425 14. Jun 10:19 catchall_maps.cf
-rw-r----- 1 root    postfix  489 14. Jun 10:19 recipient_bcc_maps_domain.cf
-rw-r----- 1 root    postfix  533 14. Jun 10:19 recipient_bcc_maps_user.cf
-rw-r----- 1 root    postfix  496 14. Jun 12:25 relay_domains.cf
-rw-r----- 1 root    postfix  483 14. Jun 10:19 sender_bcc_maps_domain.cf
-rw-r----- 1 root    postfix  527 14. Jun 10:19 sender_bcc_maps_user.cf
-rw-r----- 1 root    postfix  450 14. Jun 10:19 sender_dependent_relayhost_maps_domain.cf
-rw-r----- 1 root    postfix  442 14. Jun 10:19 sender_dependent_relayhost_maps_user.cf
-rw-r----- 1 root    postfix  483 14. Jun 10:19 sender_login_maps.cf
-rw-r----- 1 root    postfix  447 14. Jun 10:19 transport_maps_domain.cf
-rw-r----- 1 root    postfix  439 14. Jun 10:19 transport_maps_user.cf
-rw-r----- 1 root    postfix  523 14. Jun 10:19 virtual_alias_maps.cf
-rw-r----- 1 root    postfix  588 14. Jun 10:19 virtual_group_maps.cf
-rw-r----- 1 root    postfix  486 14. Jun 10:19 virtual_group_members_maps.cf
-rw-r----- 1 root    postfix  499 14. Jun 10:19 virtual_mailbox_domains.cf
-rw-r----- 1 root    postfix  528 14. Jun 10:19 virtual_mailbox_maps.cf

now postfix is been working

10 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,170

Re: postfix/proxymap permission issue

sherwood wrote:

verifying the rights in /etc/postfix/ldap/* did the trick.

What do you mean "verify the rights"?
The ownership and permission look just same as the ones in your previous post.

11 Reply by sherwood

  • sherwood
  • Member
  • Offline
  • Registered: 2010-04-19
  • Posts: 20

Re: postfix/proxymap permission issue

ZhangHuangbin wrote:
sherwood wrote:

verifying the rights in /etc/postfix/ldap/* did the trick.

What do you mean "verify the rights"?
The ownership and permission look just same as the ones in your previous post.

You're right.
I'had to change the /etc/postfix/ldap/ directory to 770. Previous was 700.

drwxrwx---  2 root postfix  4096 14. Jun 12:25 ldap