On 04/07/2012 06:08 AM, /dev/rob0 wrote:
On Fri, Apr 06, 2012 at 03:23:02PM -0400, sean darcy wrote:
Trying to route email to a script.
/etc/aliases
cat /etc/postfix/aliases
Hmm? Which of these is your alias_maps? /etc/postfix/aliases !=
/etc/aliases .
#fax
sendfax: |/home/sendfax/fax/test-fax.cmd
This is not necessary, remove this. You can do it using a
~sendfax/.forward file which contains only this line:
|/home/sendfax/fax/test-fax.cmd
~sendfax/.forward needs to be sendfax:sendfax owned and mode 400
minimum, but 644 is fine too.
cat /home/sendfax/fax/test-fax.cmd
#!/bin/sh
cat -> output
I've opened up all the permissions:
Not really. You're using alias_maps which I presume[1] are owned by
root, thus running the command as $default_privs user. You'd also be
running this inside ~$default_privs home directory.
Change "output" to "/tmp/output" and see what happens.
ls -l /home/sendfax
total 8
drwxrwxrwx 2 sendfax sendfax 4096 Apr 6 15:08 fax
No, 777 is never right. 1777 is right in some cases, such as /tmp,
but a $HOME should never be that. Typically 0711 is what you'd want.
drwx------ 5 sendfax sendfax 4096 Apr 5 20:25 Maildir
ls -l /home/sendfax/fax
total 4
-rwxrwxrwx 1 sendfax sendfax 25 Apr 6 15:08 test-fax.cmd
Likewise, this should be no more than 755.
but I still get "permission denied":
postfix/qmgr[25027]: EE71EAE0DFB:
from=<sendfax@localhost.hiddenbrook>, size=573, nrcpt=1 (queue
active)
local[25464]: fatal: execvp /home/sendfax/fax/test-fax.cmd:
Permission denied
postfix/local[25463]: EE71EAE0DFB: to=<sendfax@[10.10.11.180]>,
relay=local, delay=477, delays=477/0.03/0/0.04, dsn=4.3.0,
status=deferred (temporary failure. Command output: local: fatal:
execvp /home/sendfax/fax/test-fax.cmd: Permission denied )
The "execvp" message looks rather SELinux-like, as well. You might
have several levels of problems here. Also verify that the filesystem
whereon /home/sendfax/fax/test-fax.cmd is found is not mounted as
noexec.
References:
http://www.postfix.org/postconf.5.html#alias_maps
postconf.5.html#default_privs
http://www.postfix.org/aliases.5.html
http://www.postfix.org/local.8.html
[1] Had to guess: no "postconf -n", and the ownership of the actual
alias_maps file was not shown.
alias_maps is /etc/aliases. Sorry about the /etc/postfix/aliases
confusion. In any event, postfix sees the alias and pipes it to the
script, so that's not a problem.
postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
allow_mail_to_commands = alias
ls -l /etc/aliases
-rw-r--r--. 1 root root 1569 Apr 6 15:35 /etc/aliases
I know 777 is a BAD idea. Got that. Any once I get this working, I'll
scale it back. But even with 777 I get permission errors.
selinux is disabled:
grep SELINUX /etc/selinux/config | grep -v \#
SELINUX=disabled
SELINUXTYPE=targeted
What's the advantage of forward over alias?
Perhaps related, postfix runs the script as user "nobody". This means
the script can do very little, unless I give "nobody" wide-open sudo
permissions (another BAD idea). I there a way to specify the user (for
instance, sendfax) the script runs under?
Thanks for the responses,
sean
