Re: pipe target not found

Tue, 30 Sep 2008 04:50:41 -0700 

On Tue, 30 Sep 2008, Len Conrad wrote:


mx1# ll /var/spool/snfilter/sniffer
-rwxrwxrwx  1 snfilter  snfilter  4013 Sep 29 20:54 /var/spool/snfilter/sniffer



Why is your PROGRAM file WRITABLE?


a temporary ploy to eliminate perms as the problem.



If you really must do that, use 555 (or 755), not 777. Some kernels won't 
let you exec group-writable or world-writable interpreted programs 
(#!/bin/sh, #!/usr/bin/perl, etc) because it's a security hole. (And even 
if yours lets you get away with it, it's a bad idea anyway.)



sniffer contains:

#!/bin/sh

...


Sep 29 21:06:56 mx1 postfix/pipe[6872]: 251A55C05A: to=<[EMAIL PROTECTED]>, 
relay=snfilter, delay=968, delays=968/0.04/0/0.08, dsn=4.3.0, status=deferred 
(temporary failure. Command output: pipe: fatal: pipe_command: execvp 
/var/spool/snfilter/sniffer: No such file or directory )

we've "-v" everything in master.cf and got no hints

suggestions?


Turn off Selinux.


haven't turned it on.


Turn off Apparmor.


haven't turned it on.

Freebsd ipfw has these rules for loopback:

IPF="ipfw -q add"

# loopback
$IPF 10 allow all from any to any via lo0
$IPF 20 deny  all from any to 127.0.0.0/8
$IPF 30 deny  all from 127.0.0.0/8 to any
$IPF 40 deny  tcp from any to any frag


Turn off other "security" software that interferes with Postfix.


ipfw is the only security. we disabled ipfw, no change.


What on FreeBSD 6.3 could be doing this?

Maybe you can insert a ktrace command:

snfilter  unix  -       n       n       -       10      pipe
     flags=q user=snfilter argv=/usr/bin/ktrace -f /tmp/ktrace.out
     /var/spool/snfilter/sniffer -f ${sender} ${recipient}

Then report output from:

# kdump -f /tmp/ktrace.out


kdump -f /tmp/ktrace.out
11268 ktrace   RET   ktrace 0
11268 ktrace   CALL  execve(0xbfbfef27,0xbfbfee70,0xbfbfee84)
11268 ktrace   NAMI  "/var/spool/snfilter/sniffer"
11268 ktrace   RET   execve -1 errno 13 Permission denied
11268 ktrace   CALL  stat(0xbfbfef27,0xbfbfe8c0)
11268 ktrace   NAMI  "/var/spool/snfilter/sniffer"
11268 ktrace   RET   stat -1 errno 13 Permission denied


ls -lgd /var /var/spool /var/spool/snfilter
mount | grep var

(Are you running this chrooted?)


11268 ktrace   CALL  write(0x2,0xbfbfe710,0x8)
11268 ktrace   GIO   fd 2 wrote 8 bytes
      "ktrace: "
11268 ktrace   RET   write 8
11268 ktrace   CALL  write(0x2,0xbfbfe730,0x2c)
11268 ktrace   GIO   fd 2 wrote 44 bytes
      "exec of '/var/spool/snfilter/sniffer' failed"
11268 ktrace   RET   write 44/0x2c
11268 ktrace   CALL  write(0x2,0x2813e224,0x2)
11268 ktrace   GIO   fd 2 wrote 2 bytes
      ": "
11268 ktrace   RET   write 2
11268 ktrace   CALL  write(0x2,0xbfbfe710,0x1a)
11268 ktrace   GIO   fd 2 wrote 26 bytes
      "No such file or directory
      "
11268 ktrace   RET   write 26/0x1a
11268 ktrace   CALL  exit(0x1)

thanks,
Len



______________________________________________
IMGate OpenSource Mail Firewall www.IMGate.net
























					Reply via email to