Configuration issues with milter socket and non chrooted smtp

classic Classic list List threaded Threaded
12 messages Options
Reply | Threaded
Open this post in threaded view
|

Configuration issues with milter socket and non chrooted smtp

Simon Loewenthal

Hi there,

 

 If I turn off chroot for smpt then postfix cannot access the milter using the fully qualified path name and if I turn on chroot, then postfix can access the socket using the chrooted value.  Server is Debian 6 running with Postfix 2.9.3-2.1~bpo60+1.

Values running smpd in default chroot environment, and smtp chroots to /var/spool/postfix.

  smtpd_milters = unix:/spamass/spamass.sock

Values running smtp in non-chroot environment,

  smtpd_milters = unix:/var/spool/postfix/spamass/spamass.sock

Error message is this:

  Nov 12 13:37:08 lt postfix/smtpd[30776]: warning: connect to Milter service unix:/var/spool/postfix/spamass/spamass.sock: No such file or directory

Files and directories were present and rw for postfix user,

  # ls -ld  /var/spool/postfix/spamass/spamass.sock
  srw-rw---- 1 postfix postfix 0 Nov 11 15:08 /var/spool/postfix/spamass/spamass.sock

  # ls -ld  /var/spool/postfix/spamass/
  drwxr-xr-x 2 spamass-milter root 1024 Nov 11 15:08 /var/spool/postfix/spamass/

The milter works perfectly well and responded correctly, and the milter is spamass-milter.

I'd be very grateful for some tips.

Thanks, Si

Reply | Threaded
Open this post in threaded view
|

Re: Configuration issues with milter socket and non chrooted smtp

Wietse Venema
Simon Loewenthal:
> Hi there,
>
>  If I turn off chroot for smpt then postfix cannot access the milter
> using the fully qualified path name and if I turn on chroot, then

As the name suggests, chroot CHanges the ROOT directory. Don't turn
it on if you can't handle it.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Configuration issues with milter socket and non chrooted smtp

Simon Loewenthal

You misread my email.  I don't want chroot on. I want it off, but sockets to the milter won't work with it on. On is default with Debian.

 

 

On 2013-11-12 14:26, [hidden email] wrote:

Simon Loewenthal:
Hi there, If I turn off chroot for smpt then postfix cannot access the milter using the fully qualified path name and if I turn on chroot, then
As the name suggests, chroot CHanges the ROOT directory. Don't turn
it on if you can't handle it.

	Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Configuration issues with milter socket and non chrooted smtp

Wietse Venema
Simon Loewenthal:
> You misread my email. I don't want chroot on. I want it off, but sockets
> to the milter won't work with it on. On is default with Debian.

To turn off chroot, edit master.cf, then "postfix reload".
Look in the maillog file for error or warning messages.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Configuration issues with milter socket and non chrooted smtp

A. Schulze
In reply to this post by Simon Loewenthal
Am 12.11.2013 13:50 schrieb Simon Loewenthal:
> Values running smpd in default chroot environment, and smtp chroots to
> /var/spool/postfix.

use inet sockets. that avoid any socketpath/chroot problems.

works perfect in most cases until the inet overhead hurts. And it hurts
only at *very high* message volume ...

running postfix at isp level with 6 milters (via inet) is no problem.

Andreas
Reply | Threaded
Open this post in threaded view
|

Re: Configuration issues with milter socket and non chrooted smtp

Simon Loewenthal
On 12/11/2013 18:46, Andreas Schulze wrote:
Am 12.11.2013 13:50 schrieb Simon Loewenthal:
Values running smpd in default chroot environment, and smtp chroots to
/var/spool/postfix. 
use inet sockets. that avoid any socketpath/chroot problems.

works perfect in most cases until the inet overhead hurts. And it hurts
only at *very high* message volume ...

running postfix at isp level with 6 milters (via inet) is no problem.

Andreas
Hi Andreas,

    Thanks for your email. I don't understand why everyone thinks there is a problem with chroot.  I'm _not_using chroot!!!  My subject line states "...and non chrooted ...". 

Back to milters, I would be happy to be using  inet sockets but spamass-milter from that I can see only allows file sockets.


Many thanks for you reply,
Si
Reply | Threaded
Open this post in threaded view
|

Re: Configuration issues with milter socket and non chrooted smtp

A. Schulze
In reply to this post by Simon Loewenthal
Am 12.11.2013 13:50 schrieb Simon Loewenthal:
>  smtpd_milters = unix:/spamass/spamass.sock
try a relative pathname:
   smtpd_milters = unix:spamass/spamass.sock

chroot or not chroot, it's always relative to the current directory
( postconf ${queue_directory} in most cases )

Andreas
Reply | Threaded
Open this post in threaded view
|

Re: Configuration issues with milter socket and non chrooted smtp

Simon Loewenthal
On 12/11/2013 20:50, Andreas Schulze wrote:
> Am 12.11.2013 13:50 schrieb Simon Loewenthal:
>>  smtpd_milters = unix:/spamass/spamass.sock
> try a relative pathname:
>    smtpd_milters = unix:spamass/spamass.sock
>
> chroot or not chroot, it's always relative to the current directory
> ( postconf ${queue_directory} in most cases )
>
> Andreas
Andreas, thank-you so much!  Problem solved by changing this,

smtpd_milters = unix:/spamass/spamass.sock
to this
smtpd_milters = unix:spamass/spamass.sock

And now this works :D

I shall add this to the other thread for historical preservation.


Reply | Threaded
Open this post in threaded view
|

Re: Configuration issues with milter socket and non chrooted smtp

Wietse Venema
Simon Loewenthal:
> Andreas, thank-you so much!  Problem solved by changing this,
>
> smtpd_milters = unix:/spamass/spamass.sock
> to this
> smtpd_milters = unix:spamass/spamass.sock

Why were you complaining about smtpd[30776]: warning: connect to
Milter service unix:/var/spool/postfix/spamass/spamass.sock: No
such file or directory.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Configuration issues with milter socket and non chrooted smtp

Simon Loewenthal
On 12/11/2013 21:06, Wietse Venema wrote:

> Simon Loewenthal:
>> Andreas, thank-you so much!  Problem solved by changing this,
>>
>> smtpd_milters = unix:/spamass/spamass.sock
>> to this
>> smtpd_milters = unix:spamass/spamass.sock
> Why were you complaining about smtpd[30776]: warning: connect to
> Milter service unix:/var/spool/postfix/spamass/spamass.sock: No
> such file or directory.
>
> Wietse
Because I tried running with the milter several times trying to figure
out where I had gone wrong.  After I got the error messages I removed
the milter from smtpd_milters and reloaded postfix.
Reply | Threaded
Open this post in threaded view
|

Re: Configuration issues with milter socket and non chrooted smtp

Wietse Venema
Simon Loewenthal:

> On 12/11/2013 21:06, Wietse Venema wrote:
> > Simon Loewenthal:
> >> Andreas, thank-you so much!  Problem solved by changing this,
> >>
> >> smtpd_milters = unix:/spamass/spamass.sock
> >> to this
> >> smtpd_milters = unix:spamass/spamass.sock
> > Why were you complaining about smtpd[30776]: warning: connect to
> > Milter service unix:/var/spool/postfix/spamass/spamass.sock: No
> > such file or directory.
> >
> Because I tried running with the milter several times trying to figure
> out where I had gone wrong.  After I got the error messages I removed
> the milter from smtpd_milters and reloaded postfix.

In your case the configuration was /spamass/spamass.sock but you
were reporting an error message for a configuration with
/var/spool/postfix/spamass/spamass.sock.

Please report consistent error and configuration information.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Configuration issues with milter socket and non chrooted smtp

Simon Loewenthal
On 12/11/2013 21:16, Wietse Venema wrote:

> Simon Loewenthal:
>> On 12/11/2013 21:06, Wietse Venema wrote:
>>> Simon Loewenthal:
>>>> Andreas, thank-you so much!  Problem solved by changing this,
>>>>
>>>> smtpd_milters = unix:/spamass/spamass.sock
>>>> to this
>>>> smtpd_milters = unix:spamass/spamass.sock
>>> Why were you complaining about smtpd[30776]: warning: connect to
>>> Milter service unix:/var/spool/postfix/spamass/spamass.sock: No
>>> such file or directory.
>>>
>> Because I tried running with the milter several times trying to figure
>> out where I had gone wrong.  After I got the error messages I removed
>> the milter from smtpd_milters and reloaded postfix.
> In your case the configuration was /spamass/spamass.sock but you
> were reporting an error message for a configuration with
> /var/spool/postfix/spamass/spamass.sock.
>
> Please report consistent error and configuration information.
>
> Wietse
 I reported one working example from when I ran in chroot mode, and one
broken example when I ran without chroot. My apologies if this had been
misleading.