The FreeBSD Diary

The FreeBSD Diary (TM)

Providing practical examples since 1998

If you buy from Amazon USA, please support us by using this link.
[ HOME | TOPICS | INDEX | WEB RESOURCES | BOOKS | CONTRIBUTE | SEARCH | FEEDBACK | FAQ | FORUMS ]
FreeBSD Support
 New Topic  |  Go to Top  |  Go to Topic  |  Search  |  Log In   Newer Topic  |  Older Topic 
 Sendmail and piping to a program from aliases (Not Majordomo)
Author: Matt Turany 
Date:   16-02-03 04:22

Any sendmail guru's out there please?

I've recently installed a 'helpdesk' application on my web server which is in itself great. One of the benefits is it's ability to take e-mail and redirect it into a database so that users can log calls via email. According to the installation documents this should entail nothing more than setting up some permissions on the .cgi files, changing some path statements on the .conf files and then changing the alaises file to something like this;

support: "|/usr/local/www/data/helpdesk/redir.cgi"

Run newaliases and you should be home.

However, after everything has been done, double checked and triple checked e-mail is bouncing back with;

/usr/local/www/data/helpdesk/support.cgi: permission denied
554 5.3.0 unknown mailer error 126

After hours of trolling through the net and newsgroups I have yet to find a solution. The best thing I can figure out is that perhaps sendmail is not letting the pipe go through. I've found many references to Majordomo which appears to do a simliar pipe, and there has been mentions of "smrsh", specialised M4 configurations and all sorts of devilish tricks.

I for one am now totally confused. Can anyone out there shed light please?

All of the 'application' works flawlessly - except- for the email redirection. So this leads me to think that permissions within the apache server and directories are correct.

I have also contacted the author but as luck would have it, it is the weekend and of course the time differences are making it painful.

TIA

Reply To This Message
 
 Re: Sendmail and piping to a program from aliases (Not Majordomo)
Author: Matt Turany 
Date:   16-02-03 04:24

Oops - typo on the line;

>/usr/local/www/data/helpdesk/support.cgi: permission denied
>554 5.3.0 unknown mailer error 126


It should read;

/usr/local/www/data/helpdesk/redir.cgi: permission denied
554 5.3.0 unknown mailer error 126


Sorry.

Reply To This Message
 
 Re: Sendmail and piping to a program from aliases (Not Majordomo)
Author: Dan Larsson 
Date:   16-02-03 17:01

Make sure sendmail has permission to traverse to and execute
the script.

/D

Reply To This Message
 
 Re: Sendmail and piping to a program from aliases (Not Majordomo)
Author: Matt Turany 
Date:   17-02-03 07:31

Okay,

Uh - How do I do that?

Sorry but I've trolled through so much information on sendmail it's hard to know where to start.

I've seen references to shells (i.e. add /SENDMAIL/ANY/SHELL/ to etc/shells) which hasn't worked. And I've seen references to modifications to the sendmail.cf file all of which has left me a little more than confused.

Can you perhaps shed some light - alternatively you can tell me to p*** off and find it myself :-)

Reply To This Message
 
 Re: Sendmail and piping to a program from aliases (Not Majordomo)
Author: Dan Larsson 
Date:   17-02-03 09:12

Well it's actually more easy than you would believe.
Sendmail runs with a specific uid when executing scripts. It
does this using the daemon uid (uid = 1).

To test that the daemon user has permission to execute the script
do the following as root

su -m daemon -c /full/path/to/script

If it fails you have to change the file permissions on either
or both the path to the script and the script itself.

What I guess is that the script is owned by uid/gid = 0/0
with the execute bit only set for owner and group.

For *TESTING* purposes: chmod 755 /full/path/to/script
Remember to reassign the proper permissions as per the
documentation afterwards.

If that doesn't work either post the *log* entries related to
the failure to this forum.

/D

Reply To This Message
 
 Re: Sendmail and piping to a program from aliases (Not Majordomo)
Author: Matt Turany 
Date:   17-02-03 15:12

Dan - your a legend..!!!

Okay the problems not solved yet, but at least I know that we're on the right track now. I wasn't sure which was the culprit before - sendmail or the script.

Now after several more hours and mass quantities of caffeine and your assistance we are narrowing it down. Here's what I got now;

Sendmail is now configured to use smrsh - which appears to be working fine (I tested using a simple pipe to file script). This I did because it appeared that I could'nt get any script to work.

I tested the script as you suggested "su -m daemon, etc" and yes it responds with a permission denied as you suspected. However I have changed the permissions as suggested and it is still getting a "permission denied" from the command line.

To add some more testing to this problem. I found some documentation that explains smrsh a bit better and using that managed to test the script by linking (ln -s) it to the smrsh directory (/usr/libexec/sm.bin). This resulted in the same error as before. I then removed the link and copied the file to the sm.bin directory. The maillog and returned error then showed that the script was being executed, but since the script made several calls to a .conf file and another perl module located in a subdirectory in the original location the script was falling over.

I then copied these files to the sm.bin directory and of course each time the script got further and further before falling over. The problem is now that the script calls other perl modules (i.e. Mail:Sender, Mail:Parse, etc) and I don't think I should be copying all of that to the sm.bin directory.

Now I've cleaned everything up and put it all back to where it was at first. I think perhaps the original locations along with permissions and ownerships should be looked at and are more than likely the cause of all this grief.

The primary script that needs to be run (and the .conf file referenced along with another perl script) are located off my apache directory (i.e. /usr/local/www/data/hdesk/include).

All files have www:www ownership, all scripts (*.cgi) are 755. After your feedback I suspect that the ownership is the main problem so the questions are now;

- Do I move the script and associated files to another location so that I can change the owner/group? (problem is that the conf.cgi file is also referenced by the application and other scripts in that directory so it's needed)

or

- Can I change sendmails behaviour so that it can still execute the script and locate all the necessary modules? (i.e. remove smrsh and go back to the /bin/sh default in the sendmail.cf file)

Whew that was a long one.

Reply To This Message
 
 Re: Sendmail and piping to a program from aliases (Not Majordomo)
Author: Matt Turany 
Date:   18-02-03 06:38

Fixed - Yeehaw

Dan thanks for the help - it gave me some ideas which have worked out.

Just for historical purposes - sendmail on FreeBSD (at least on my 4.7 Stable server) executes MProg as user "mailnull". I had to move my script to a 'safe' directory and change owner to mailnull so that it would work. There were some path issues in the script but I managed to sort that out as well.

Thanks again.

Reply To This Message
 Forum List  |  Threaded View   Newer Topic  |  Older Topic 


 Forum List  |  Need a Login? Register Here 
 User Login
 User Name:
 Password:
 Remember my login:
   
 Forgot Your Password?
Enter your email address or user name below and a new password will be sent to the email address associated with your profile.
How to get the most out of the forum

phorum.org