sendmail cannot read CDB tables

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|

sendmail cannot read CDB tables

Ulrich Zehl-4
When I try to use a CDB table for authorized_submit_users with Postfix
3.1.6, the sendmail command exits with error "unsupported dictionary
type: cdb".

To reproduce:

----
# postconf mail_version
mail_version = 3.1.6

# postconf -n
authorized_submit_users = cdb:/etc/postfix/authorized_users

# cat /etc/postfix/authorized_users
testuser OK

# postmap cdb:/etc/postfix/authorized_users
# ls -l /etc/postfix/authorized_users*
-rw-r--r-- 1 root root   12 Oct 23 14:34 /etc/postfix/authorized_users
-rw-r--r-- 1 root root 2082 Oct 23 14:54 /etc/postfix/authorized_users.cdb
 
# postconf -m | grep cdb
cdb

# sendmail
sendmail: fatal: unsupported dictionary type: cdb
----

Other parts of Postfix seem to be fine with CDB, e.g. postmap in query
mode:

----
# postmap -q testuser cdb:/etc/postfix/authorized_users
OK
----

Note that I am using Debian 9 (stretch), so the problem may be with the
Debian packages and not Postfix in general. I do believe that I have all
the necessary packages installed:

# dpkg -l "postfix*" | grep ^ii
ii  postfix        3.1.6-0+deb9u1 amd64        High-performance mail transport agent
ii  postfix-cdb    3.1.6-0+deb9u1 amd64        CDB map support for Postfix
ii  postfix-sqlite 3.1.6-0+deb9u1 amd64        SQLite map support for Postfix

What am I doing wrong?

I have worked around this by using an inline table instead (the table is
only a few entries long anyways), so this question is mere curiousity.

Ulrich
Reply | Threaded
Open this post in threaded view
|

Re: sendmail cannot read CDB tables

Scott Kitterman-4


On October 23, 2017 9:15:17 AM EDT, Ulrich Zehl <[hidden email]> wrote:

>When I try to use a CDB table for authorized_submit_users with Postfix
>3.1.6, the sendmail command exits with error "unsupported dictionary
>type: cdb".
>
>To reproduce:
>
>----
># postconf mail_version
>mail_version = 3.1.6
>
># postconf -n
>authorized_submit_users = cdb:/etc/postfix/authorized_users
>
># cat /etc/postfix/authorized_users
>testuser OK
>
># postmap cdb:/etc/postfix/authorized_users
># ls -l /etc/postfix/authorized_users*
>-rw-r--r-- 1 root root   12 Oct 23 14:34 /etc/postfix/authorized_users
>-rw-r--r-- 1 root root 2082 Oct 23 14:54
>/etc/postfix/authorized_users.cdb
>
># postconf -m | grep cdb
>cdb
>
># sendmail
>sendmail: fatal: unsupported dictionary type: cdb
>----
>
>Other parts of Postfix seem to be fine with CDB, e.g. postmap in query
>mode:
>
>----
># postmap -q testuser cdb:/etc/postfix/authorized_users
>OK
>----
>
>Note that I am using Debian 9 (stretch), so the problem may be with the
>Debian packages and not Postfix in general. I do believe that I have
>all
>the necessary packages installed:
>
># dpkg -l "postfix*" | grep ^ii
>ii  postfix        3.1.6-0+deb9u1 amd64        High-performance mail
>transport agent
>ii  postfix-cdb    3.1.6-0+deb9u1 amd64        CDB map support for
>Postfix
>ii  postfix-sqlite 3.1.6-0+deb9u1 amd64        SQLite map support for
>Postfix
>
>What am I doing wrong?
>
>I have worked around this by using an inline table instead (the table
>is
>only a few entries long anyways), so this question is mere curiousity.
>
>Ulrich

I believe taking Postfix out of the chroot that is the Debian default will likely resolve it.  I think that is documented in README.Debian.

Scott K
Reply | Threaded
Open this post in threaded view
|

Re: sendmail cannot read CDB tables

Ulrich Zehl-4
On Mon, Oct 23, 2017 at 01:37:19PM +0000, Scott Kitterman wrote:
>
> On October 23, 2017 9:15:17 AM EDT, Ulrich Zehl <[hidden email]> wrote:
> >When I try to use a CDB table for authorized_submit_users with Postfix
> >3.1.6, the sendmail command exits with error "unsupported dictionary
> >type: cdb".
> [...]
>
> I believe taking Postfix out of the chroot that is the Debian default will likely
> resolve it.  I think that is documented in README.Debian.

As far as I know, sendmail(1) is not a master(8) service, and thus not
affected by the chroot settings in master.cf.

Nevertheless, I disabled chroot for all services in master.cf, restarted
Postfix, and tried again. It did not change the result.

# postconf -F | grep chroot
smtp/inet/chroot = n
pickup/unix/chroot = n
cleanup/unix/chroot = n
qmgr/unix/chroot = n
tlsmgr/unix/chroot = n
rewrite/unix/chroot = n
bounce/unix/chroot = n
defer/unix/chroot = n
trace/unix/chroot = n
verify/unix/chroot = n
flush/unix/chroot = n
proxymap/unix/chroot = n
proxywrite/unix/chroot = n
smtp/unix/chroot = n
relay/unix/chroot = n
showq/unix/chroot = n
error/unix/chroot = n
retry/unix/chroot = n
discard/unix/chroot = n
local/unix/chroot = n
virtual/unix/chroot = n
lmtp/unix/chroot = n
anvil/unix/chroot = n
scache/unix/chroot = n
maildrop/unix/chroot = n
uucp/unix/chroot = n
ifmail/unix/chroot = n
bsmtp/unix/chroot = n
scalemail-backend/unix/chroot = n
mailman/unix/chroot = n

Ulrich
Reply | Threaded
Open this post in threaded view
|

Re: sendmail cannot read CDB tables

A. Schulze


Am 23.10.2017 um 17:16 schrieb Ulrich Zehl:

> On Mon, Oct 23, 2017 at 01:37:19PM +0000, Scott Kitterman wrote:
>>
>> On October 23, 2017 9:15:17 AM EDT, Ulrich Zehl <[hidden email]> wrote:
>>> When I try to use a CDB table for authorized_submit_users with Postfix
>>> 3.1.6, the sendmail command exits with error "unsupported dictionary
>>> type: cdb".
>> [...]
>>
>> I believe taking Postfix out of the chroot that is the Debian default will likely
>> resolve it.  I think that is documented in README.Debian.
>
> As far as I know, sendmail(1) is not a master(8) service, and thus not
> affected by the chroot settings in master.cf.
>
> Nevertheless, I disabled chroot for all services in master.cf, restarted
> Postfix, and tried again. It did not change the result.

maybe an older or wrong sendmail binary...

I would check
"ls -la /usr/bin/sendmail* /usr/sbin/sendmail* /usr/lib/sendmail* /etc/alternatives/sendmail*"
to find sendmail binaries.

My system (not using debian postfix) has only one at /usr/sbin/sendmail.

I expect "ldd /usr/sbin/sendmail" don't mention libcdb.
In contrast ldd /usr/sbin/postconf does.

"postconf -h mail_version" give your postfix version. As you said earlier, it should be "3.1.6"

This versionstring is present in every postfix binary. so check it:

# strings /usr/sbin/postconf | grep "$( postconf -h mail_version )"
3.1.6

$ strings /usr/sbin/sendmail | grep 3.1.6
# expected to be empty, aka not 3.1.6

Andreas
Reply | Threaded
Open this post in threaded view
|

Re: sendmail cannot read CDB tables

Wietse Venema
In reply to this post by Ulrich Zehl-4
Ulrich Zehl:
> When I try to use a CDB table for authorized_submit_users with Postfix
> 3.1.6, the sendmail command exits with error "unsupported dictionary
> type: cdb".

What is the COMPLETE error message including the PROGRAM NAME?

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: sendmail cannot read CDB tables

Ulrich Zehl-4
On Mon, Oct 23, 2017 at 02:44:47PM -0400, Wietse Venema wrote:
> Ulrich Zehl:
> > When I try to use a CDB table for authorized_submit_users with Postfix
> > 3.1.6, the sendmail command exits with error "unsupported dictionary
> > type: cdb".
>
> What is the COMPLETE error message including the PROGRAM NAME?

I ran the following commands:

root@zwirn:~# /usr/sbin/postfix start
postfix: Postfix is running with backwards-compatible default settings
postfix: See http://www.postfix.org/COMPATIBILITY_README.html for details
postfix: To disable backwards compatibility use "postconf compatibility_level=2" and "postfix reload"
postfix/postfix-script: starting the Postfix mail system
root@zwirn:~# /usr/sbin/sendmail
sendmail: fatal: unsupported dictionary type: cdb
root@zwirn:~# /usr/sbin/postfix stop
postfix: Postfix is running with backwards-compatible default settings
postfix: See http://www.postfix.org/COMPATIBILITY_README.html for details
postfix: To disable backwards compatibility use "postconf compatibility_level=2" and "postfix reload"
postfix/postfix-script: stopping the Postfix mail system

This logged the following:

Oct 23 22:44:17 zwirn postfix[18355]: Postfix is running with backwards-compatible default settings
Oct 23 22:44:17 zwirn postfix[18355]: See http://www.postfix.org/COMPATIBILITY_README.html for details
Oct 23 22:44:17 zwirn postfix[18355]: To disable backwards compatibility use "postconf compatibility_level=2" and "postfix reload"
Oct 23 22:44:18 zwirn postfix/postfix-script[18455]: starting the Postfix mail system
Oct 23 22:44:18 zwirn postfix/master[18457]: daemon started -- version 3.1.6, configuration /etc/postfix
Oct 23 22:44:25 zwirn postfix/sendmail[18460]: fatal: unsupported dictionary type: cdb
Oct 23 22:44:27 zwirn postfix[18461]: Postfix is running with backwards-compatible default settings
Oct 23 22:44:27 zwirn postfix[18461]: See http://www.postfix.org/COMPATIBILITY_README.html for details
Oct 23 22:44:27 zwirn postfix[18461]: To disable backwards compatibility use "postconf compatibility_level=2" and "postfix reload"
Oct 23 22:44:27 zwirn postfix/postfix-script[18467]: stopping the Postfix mail system
Oct 23 22:44:27 zwirn postfix/master[18457]: terminating on signal 15

Ulrich
Reply | Threaded
Open this post in threaded view
|

Re: sendmail cannot read CDB tables

Wietse Venema
Ulrich Zehl:
> Oct 23 22:44:18 zwirn postfix/master[18457]: daemon started -- version 3.1.6, configuration /etc/postfix
> Oct 23 22:44:25 zwirn postfix/sendmail[18460]: fatal: unsupported dictionary type: cdb

Do:

find / -name sendmail -ls

Which one of these sendmail programs were you executing?

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: sendmail cannot read CDB tables

Ulrich Zehl-4
On Mon, Oct 23, 2017 at 07:55:47PM -0400, Wietse Venema wrote:
> Ulrich Zehl:
> > Oct 23 22:44:18 zwirn postfix/master[18457]: daemon started -- version 3.1.6, configuration /etc/postfix
> > Oct 23 22:44:25 zwirn postfix/sendmail[18460]: fatal: unsupported dictionary type: cdb
>
> Do:
>
> find / -name sendmail -ls
>
> Which one of these sendmail programs were you executing?

root@zwirn:~# find / -name sendmail -ls
    19874      0 lrwxrwxrwx   1 root     root           16 Sep 27 06:56 /usr/lib/sendmail -> ../sbin/sendmail
    19767     28 -rwxr-xr-x   1 root     root        26776 Sep 27 06:56 /usr/sbin/sendmail

On Mon, Oct 23, 2017 at 10:54:28PM +0200, Ulrich Zehl wrote:
> root@zwirn:~# /usr/sbin/sendmail
> sendmail: fatal: unsupported dictionary type: cdb
Reply | Threaded
Open this post in threaded view
|

Re: sendmail cannot read CDB tables

Viktor Dukhovni


> On Oct 24, 2017, at 2:41 AM, Ulrich Zehl <[hidden email]> wrote:
>
> root@zwirn:~# find / -name sendmail -ls
>    19874      0 lrwxrwxrwx   1 root     root           16 Sep 27 06:56 /usr/lib/sendmail -> ../sbin/sendmail
>    19767     28 -rwxr-xr-x   1 root     root        26776 Sep 27 06:56 /usr/sbin/sendmail

When dynamic map support was added to Postfix 3.0, the call to
mail_dict_init() which loads the dynamic map table was added to
postdrop(1), but not sendmail(1).  However sendmail(1) also checks
the submit ACL to make a friendlier error message:

https://github.com/vdukhovni/postfix/blame/19b6598b23b8c2558e7df1117d58c2329743bb4f/postfix/src/sendmail/sendmail.c#L646

Therefore, it would seem that we also need a call to mail_dict_init()
in sendmail(1), just like the one added to postdrop(1) circa 2.12-20140530:

https://github.com/vdukhovni/postfix/blame/master/postfix/src/postdrop/postdrop.c#L322

https://github.com/vdukhovni/postfix/commit/b2a51a4b94ca3789b6f3c18cc52ecb655b2aefc2#diff-19f9c3891ec565fc1b353a064407477fR19730

+20140505
+
+ Bugfix: the postdrop authorized_submit_users feature requires
+ that lookup table support is initialized so that it can use
+ libglobal or dynamicmaps maps.  File: postdrop/postdrop.c.

--
        Viktor.

Reply | Threaded
Open this post in threaded view
|

PATCH: sendmail cannot read CDB tables

Wietse Venema
Viktor Dukhovni:

>
>
> > On Oct 24, 2017, at 2:41 AM, Ulrich Zehl <[hidden email]> wrote:
> >
> > root@zwirn:~# find / -name sendmail -ls
> >    19874      0 lrwxrwxrwx   1 root     root           16 Sep 27 06:56 /usr/lib/sendmail -> ../sbin/sendmail
> >    19767     28 -rwxr-xr-x   1 root     root        26776 Sep 27 06:56 /usr/sbin/sendmail
>
> When dynamic map support was added to Postfix 3.0, the call to
> mail_dict_init() which loads the dynamic map table was added to
> postdrop(1), but not sendmail(1).  However sendmail(1) also checks
> the submit ACL to make a friendlier error message:

Viktor, thanks for finding that omission.

        Wietse

diff -cr /var/tmp/postfix-3.3-20171009/src/sendmail/sendmail.c ./src/sendmail/sendmail.c
*** /var/tmp/postfix-3.3-20171009/src/sendmail/sendmail.c 2017-02-05 19:05:04.000000000 -0500
--- ./src/sendmail/sendmail.c 2017-10-24 10:35:52.000000000 -0400
***************
*** 495,500 ****
--- 495,501 ----
  #include <deliver_request.h>
  #include <mime_state.h>
  #include <header_opts.h>
+ #include <mail_dict.h>
  #include <user_acl.h>
  #include <dsn_mask.h>
  #include <mail_parm_split.h>
***************
*** 1114,1119 ****
--- 1115,1122 ----
      msg_syslog_init(mail_task("sendmail"), LOG_PID, LOG_FACILITY);
      get_mail_conf_str_table(str_table);
 
+     mail_dict_init();
+
      if (chdir(var_queue_dir))
  msg_fatal_status(EX_UNAVAILABLE, "chdir %s: %m", var_queue_dir);