postdrop: fatal: getrlimit: Operation not permitted

[Reid Thompson]

sending mail with mutt started failing yesterday with:
postdrop: fatal: getrlimit: Operation not permitted
sendmail: warning: command "/usr/sbin/postdrop -r" exited with status 1
sendmail: fatal: rthompso(303): unable to execute /usr/sbin/postdrop -r: Success

I'm running gentoo, and tend to keep my system up to date daily.
I'm not sure what update may have affected this.
Can anyone point me toward a solution, or a debug path?

$ /usr/sbin/postdrop -r
postdrop: fatal: getrlimit: Operation not permitted

$ /usr/sbin/sendmail
postdrop: fatal: getrlimit: Operation not permitted
sendmail: warning: command "/usr/sbin/postdrop -r" exited with status 1
sendmail: fatal: rthompso(303): unable to execute /usr/sbin/postdrop -r: Success


$ strace /usr/sbin/sendmail >/tmp/sendmailtrace 2>&1

pastebin of strace

http://pastebin.com/YwUgLstE

thanks,
reid

Re: postdrop: fatal: getrlimit: Operation not permitted

[Reid Thompson]

On 02/09/2011 11:39 AM, Wietse Venema wrote:
> Reid Thompson:
>> sending mail with mutt started failing yesterday with:
>> postdrop: fatal: getrlimit: Operation not permitted
> 
> Do you have AppArmor/SeLinux/other "security" software enabled?
> 
>   Wietse
not intentionally -- ;)  i've been using this system for several years with no 
problem.
I guess it's possible that an emerge update activated something w/o my knowing 
it, but i'd be surprised

Re: postdrop: fatal: getrlimit: Operation not permitted

[Reid Thompson]

On 02/09/2011 12:36 PM, Brian Evans - Postfix List wrote:
> On 2/9/2011 11:33 AM, Reid Thompson wrote:
>> sending mail with mutt started failing yesterday with:
>> postdrop: fatal: getrlimit: Operation not permitted
>> sendmail: warning: command "/usr/sbin/postdrop -r" exited with status 1
>> sendmail: fatal: rthompso(303): unable to execute /usr/sbin/postdrop -r: 
>> Success
>>
>> I'm running gentoo, and tend to keep my system up to date daily.
>> I'm not sure what update may have affected this.
>> Can anyone point me toward a solution, or a debug path?
> 
> This was one symptom caused by updating glibc to 2.13
> (http://bugs.gentoo.org/show_bug.cgi?id=354041)
> 
> There seems to be a lot of issues with glibc 2.13, particularly on
> 32-bit x86 and especially if using prelink.
> Is this your case as well?
> 
> The prelink topic is pretty hot right now in the Gentoo/ArchLinux world:
> <http://psykil.livejournal.com/340806.html>http://psykil.livejournal.com/340806.html
> <http://phajdan-jr.blogspot.com/2011/02/watch-out-for-issues-with-prelink-and.html>http://phajdan-jr.blogspot.com/2011/02/watch-out-for-issues-with-prelink-and.html
> http://bugs.gentoo.org/show_bug.cgi?id=353814
> http://forums.gentoo.org/viewtopic-t-863297-start-0-postdays-0-postorder-asc-highlight-.html

ah - that may very well be it -- i'm actually running master glibc at the moment

Re: postdrop: fatal: getrlimit: Operation not permitted

[Reid Thompson]

On 02/09/2011 12:36 PM, Brian Evans - Postfix List wrote:
> On 2/9/2011 11:33 AM, Reid Thompson wrote:
> This was one symptom caused by updating glibc to 2.13
> (http://bugs.gentoo.org/show_bug.cgi?id=354041)
> 
> There seems to be a lot of issues with glibc 2.13, particularly on
> 32-bit x86 and especially if using prelink.
> Is this your case as well?
> 
> The prelink topic is pretty hot right now in the Gentoo/ArchLinux world:
> <http://psykil.livejournal.com/340806.html>http://psykil.livejournal.com/340806.html
> <http://phajdan-jr.blogspot.com/2011/02/watch-out-for-issues-with-prelink-and.html>http://phajdan-jr.blogspot.com/2011/02/watch-out-for-issues-with-prelink-and.html
> http://bugs.gentoo.org/show_bug.cgi?id=353814
> http://forums.gentoo.org/viewtopic-t-863297-start-0-postdays-0-postorder-asc-highlight-.html

hmm - not sure.
I do not have prelink installed

$ eix prelink
* sys-devel/prelink
 Available versions:  20100106 ~20100714 ~20101123
 Homepage:http://people.redhat.com/jakub/prelink
 Description: Modifies ELFs to avoid runtime symbol resolutions 
resulting in faster load times

Re: postdrop: fatal: getrlimit: Operation not permitted

[Reid Thompson]

On 02/09/2011 12:57 PM, Reid Thompson wrote:
> On 02/09/2011 12:36 PM, Brian Evans - Postfix List wrote:
>> On 2/9/2011 11:33 AM, Reid Thompson wrote:
>>> sending mail with mutt started failing yesterday with:
>>> postdrop: fatal: getrlimit: Operation not permitted
>>> sendmail: warning: command "/usr/sbin/postdrop -r" exited with status 1
>>> sendmail: fatal: rthompso(303): unable to execute /usr/sbin/postdrop -r: 
>>> Success
>>>
>>> I'm running gentoo, and tend to keep my system up to date daily.
>>> I'm not sure what update may have affected this.
>>> Can anyone point me toward a solution, or a debug path?
>>
>> This was one symptom caused by updating glibc to 2.13
>> (http://bugs.gentoo.org/show_bug.cgi?id=354041)
>>
>> There seems to be a lot of issues with glibc 2.13, particularly on
>> 32-bit x86 and especially if using prelink.
>> Is this your case as well?
>>
>> The prelink topic is pretty hot right now in the Gentoo/ArchLinux world:
>> <http://psykil.livejournal.com/340806.html>http://psykil.livejournal.com/340806.html
>> <http://phajdan-jr.blogspot.com/2011/02/watch-out-for-issues-with-prelink-and.html>http://phajdan-jr.blogspot.com/2011/02/watch-out-for-issues-with-prelink-and.html
>> http://bugs.gentoo.org/show_bug.cgi?id=353814
>> http://forums.gentoo.org/viewtopic-t-863297-start-0-postdays-0-postorder-asc-highlight-.html
> 
> ah - that may very well be it -- i'm actually running master glibc at the 
> moment
> 
sigh -- sorry --- noise -- i'm running master dev-libs/glib  not glibc

I am running 2.13 glibc as of yesterday which does appear to coincide with my 
issue

[D] sys-libs/glibc
 Available versions:  (2.2) [P]2.2.5-r10!s 2.5-r4!s **2.5.1!s 2.6.1!s 
(~)2.7-r2!s 2.8_p20080602-r1!s 2.9_p20081201-r2!s
(~)2.9_p20081201-r3!s 2.10.1-r1!s 2.11.2-r3!s (~)2.11.3!s (~)2.12.1-r3!s 
(~)2.12.2!s
{build crosscompile_opts_headers-only debug gd glibc-compat20 
glibc-omitfp hardened multilib nls nptl nptlonly profile selinux vanilla}
 Installed versions:  2.13(2.2)!s(10:18:20 AM 02/08/2011)(nls 
-crosscompile_opts_headers-only -debug -gd -glibc-omitfp -hardened
-multilib -profile -selinux -vanilla)
 Homepage:http://www.gnu.org/software/libc/libc.html
 Description: GNU libc6 (also called glibc2) C library

Re: postdrop: fatal: getrlimit: Operation not permitted

[Reid Thompson]

On 02/09/2011 01:07 PM, Reid Thompson wrote:
> 
> I am running 2.13 glibc as of yesterday which does appear to coincide with my 
> issue

Wietse/Brian, thanks for the insight.

Luckily it appears that I have only a hand full of non-essential packages built 
against the new glibc.
That being the case, I found and followed 'use at your own risk' instructions 
for downgrading glibc on gentoo.
An initial quick test indicates that this resolves the issue.  Currently 
rebuilding the above noted hand full of packages and with
fingers crossed will reboot.

Thanks again for the help.
reid

Looking for instructions on how to configure home server as a restricted relay host

[Reid Thompson]

What I would like to do:
Configure my home postfix server (ubuntu) to:
  send email from local user accounts
  accept external (through my cable modem) smtp requests/relay mail for 
only authorized senders
 I.E. when I'm using a public internet connection, i'd like to have 
my smtp requests go through my home server


Could someone point me to a website describing how to configure this?

thanks,
reid

Re: good data backup system for a mail server?

[Reid Thompson]

may be of interest.

works with postfix
http://archiveopteryx.org/postfix

How can I accept only specific sender email addresses from the internet

[Reid Thompson]

I'd like to configure my server to accept from the internet only emails 
from my family (approx 10 email addresses). I'd like to reject all other 
email.  How would I go about doing this -- is there a recipe for this on 
the internet somewhere that someone could point me to?


I.E. when traveling, or sending personal email from outside our home, 
i'd like to have our email clients send our mail through our server.


Thanks,
reid

Re: How can I accept only specific sender email addresses from the internet

[Reid Thompson]

On 3/24/2012 8:44 PM, Allan Wind wrote:

As stated you may want to look into check_sender_access:


so if I configure

/etc/postfix/access

with

myem...@domain1.com OK
spousesem...@domain1.comOK
child1em...@domain1.com OK
child2em...@domain1.com OK
myem...@domain2.com OK

and /etc/postfix/main.cf

with

smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/access, reject


will that block all email except that from the listed addresses?

Re: How can I accept only specific sender email addresses from the internet

[Reid Thompson]

On 3/24/2012 9:09 PM, Allan Wind wrote:

On 2012-03-24 21:03:59, Reid Thompson wrote:

On 3/24/2012 8:44 PM, Allan Wind wrote:

As stated you may want to look into check_sender_access:
<http://www.postfix.org/postconf.5.html#smtpd_sender_restrictions>

so if I configure

/etc/postfix/access

with

myem...@domain1.com OK
spousesem...@domain1.comOK
child1em...@domain1.com OK
child2em...@domain1.com OK
myem...@domain2.com OK

and /etc/postfix/main.cf

with

smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/access, reject

will that block all email except that from the listed addresses?

Try it out and let us know it goes.  Here is how you can test it:

telnet $mailserver 25
ehlo $client_host_name
mail from:<$sender>
rcpt to:<$to>
data
anything goes here
.

Test with both senders that are allowed and ones that are not,
and try both local and non-local to addresses.


/Allan

tested from remote host by mutt -x -s test j...@endpoint.dyndns-ip.com

Mar 24 21:13:09 endpoint postfix/smtpd[2946]: connect from 
fw-corp.domain1.com[xxx.xxx.xxx.xxx]
Mar 24 21:13:09 endpoint postfix/smtpd[2946]: NOQUEUE: reject: RCPT from 
fw-corp.domain1.com[xxx.xxx.xxx.xxx]: 554 5.7.1 
: Relay access denied; 
from= to= 
proto=ESMTP helo=
Mar 24 21:13:09 endpoint postfix/smtpd[2946]: NOQUEUE: reject: RCPT from 
fw-corp.domain1.com[xxx.xxx.xxx.xxx]: 554 5.7.1 
: Relay access denied; 
from= to= 
proto=ESMTP helo=
Mar 24 21:13:09 endpoint postfix/smtpd[2946]: disconnect from 
fw-corp.domain1.com[xxx.xxx.xxx.xxx]

Re: How can I accept only specific sender email addresses from the internet

[Reid Thompson]

On 3/24/2012 9:20 PM, Reid Thompson wrote:

On 3/24/2012 9:09 PM, Allan Wind wrote:

On 2012-03-24 21:03:59, Reid Thompson wrote:

On 3/24/2012 8:44 PM, Allan Wind wrote:

As stated you may want to look into check_sender_access:
<http://www.postfix.org/postconf.5.html#smtpd_sender_restrictions>

so if I configure

/etc/postfix/access

with

myem...@domain1.comOK
spousesem...@domain1.comOK
child1em...@domain1.comOK
child2em...@domain1.comOK
myem...@domain2.comOK

and /etc/postfix/main.cf

with

smtpd_sender_restrictions = check_sender_access 
hash:/etc/postfix/access, reject


will that block all email except that from the listed addresses?

Try it out and let us know it goes.  Here is how you can test it:

telnet $mailserver 25
ehlo $client_host_name
mail from:<$sender>
rcpt to:<$to>
data
anything goes here
.

Test with both senders that are allowed and ones that are not,
and try both local and non-local to addresses.


/Allan

tested from remote host by mutt -x -s test j...@endpoint.dyndns-ip.com

Mar 24 21:13:09 endpoint postfix/smtpd[2946]: connect from 
fw-corp.domain1.com[xxx.xxx.xxx.xxx]
Mar 24 21:13:09 endpoint postfix/smtpd[2946]: NOQUEUE: reject: RCPT 
from fw-corp.domain1.com[xxx.xxx.xxx.xxx]: 554 5.7.1 
: Relay access denied; 
from= to= 
proto=ESMTP helo=
Mar 24 21:13:09 endpoint postfix/smtpd[2946]: NOQUEUE: reject: RCPT 
from fw-corp.domain1.com[xxx.xxx.xxx.xxx]: 554 5.7.1 
: Relay access denied; 
from= to= 
proto=ESMTP helo=
Mar 24 21:13:09 endpoint postfix/smtpd[2946]: disconnect from 
fw-corp.domain1.com[xxx.xxx.xxx.xxx]




OK added endpoint.dyndns-ip.com to mydestination and delivery to 
j...@endpoint.dyndns-ip.com works