Thanks for the reply. Although I've not compiled
the code with changes (not yet anyway) as I am
worried I would not reproduce the debian dist
binary under which I am trying to make it work.
I've been there before with the exim debian source.
Instead I set up a test with strace:
strace -ff -o eximtrace /usr/sbin/exim4 -d+all-memory-expand -bd -q30m &> exim-strace4.dat &
I found that
[pid 25583] setgid32(0) = -1 EPERM (Operation not permitted)
seems to be the problem. According to execve docs:
"EPERM The user is not the super-user (does
not have the CAP_SETGID capability), and gid
does not match the effective group ID or
saved set-group-ID of the calling process."
I am now trying to figure out exactly what it wants
me to do. To simplify my testing I've created this
small c prog:
int main(int argc, char *argv[])
{
printf ("accept\n");
exit (0);
}
and installed it as
-r-sr-xr-x 1 root mail 11946 Jul 3 17:35 weaselvfy
exim4 is installed by debian as:
-rwsr-xr-x 1 root root 744408 Apr 26 08:57 exim4
I am calling it from exim4.conf thusly:
weasel_vfy:
driver = queryprogram
domains = +weasel_domains
retry_use_local_part
command = /usr/sbin/weaselvfy ${local_part} ${domain}
command_user = mail
command_group = mail
verify_only
verify_sender = false
verify_recipient = true
debug_print = "***** WEASEL VERIFIER ${local_part} ${domain} *****"
When run it still does:
17:49:08 13205 ***** WEASEL VERIFIER livia vnl.com *****
17:49:08 13205 calling weasel_vfy router
17:49:08 13205 weasel_vfy router called for livia@???: domain = vnl.com
17:49:08 13205 uid=8 gid=8 current_directory=/
17:49:08 13205 direct command:
17:49:08 13205 argv[0] = /usr/sbin/weaselvfy
17:49:08 13205 argv[1] = ${local_part}
17:49:08 13205 argv[2] = ${domain}
17:49:08 13205 direct command after expansion:
17:49:08 13205 argv[0] = /usr/sbin/weaselvfy
17:49:08 13205 argv[1] = livia
17:49:08 13205 argv[2] = vnl.com
17:49:08 13205 weasel_vfy router: defer for livia@???
17:49:08 13205 message: weasel_vfy router: command returned non-zero code 127
17:49:08 13205 ----------- end verify ------------
17:49:08 13205 warn: condition test deferred
Here is an example the strace data, from another test run
under the same conditions:
[pid 14534] time(NULL) = 1088874055
[pid 14534] getpid() = 14534
[pid 14534] write(2, "18:00:55 14534 argv[2] = vnl.c"..., 3518:00:55 14534 argv[2] = vnl.com
) = 35
[pid 14534] pipe([3, 7]) = 0
[pid 14534] pipe([8, 9]) = 0
[pid 14534] rt_sigaction(SIGCHLD, {SIG_DFL}, {SIG_IGN}, 8) = 0
[pid 14534] fork(Process 14537 attached
) = 14537
[pid 14537] --- SIGSTOP (Stopped (signal)) @ 0 (0) ---
[pid 14537] getpid() = 14537
[pid 14537] getrlimit(RLIMIT_STACK, {rlim_cur=RLIM_INFINITY, rlim_max=RLIM_INFINITY}) = 0
[pid 14537] setpgid(0, 0) = 0
[pid 14537] close(7) = 0
[pid 14537] close(0) = 0
[pid 14537] dup2(3, 0) = 0
[pid 14537] close(3) = 0
[pid 14537] close(8) = 0
[pid 14537] close(1) = 0
[pid 14537] dup2(9, 1) = 1
[pid 14537] close(9) = 0
[pid 14537] close(2) = 0
[pid 14537] dup2(1, 2) = 2
[pid 14537] setgid32(8) = -1 EPERM (Operation not permitted)
[pid 14537] exit_group(127) = ?
Process 14537 detached
[pid 14534] --- SIGCHLD (Child exited) @ 0 (0) ---
[pid 14534] close(3) = 0
[pid 14534] close(9) = 0
[pid 14534] close(7) = 0
[pid 14534] alarm(3600) = 0
[pid 14534] waitpid(14537, [{WIFEXITED(s) && WEXITSTATUS(s) == 127}], 0) = 14537
[pid 14534] alarm(0) = 3600
[pid 14534] rt_sigaction(SIGCHLD, {SIG_IGN}, {SIG_DFL}, 8) = 0
[pid 14534] time(NULL) = 1088874055
[pid 14534] getpid() = 14534
[pid 14534] write(2, "18:00:55 14534 weasel_vfy router"..., 5818:00:55 14534 weasel_vfy router: defer for szabo@vn
l.com
) = 58
[pid 14534] time(NULL) = 1088874055
[pid 14534] getpid() = 14534
[pid 14534] write(2, "18:00:55 14534 message: weasel"..., 8018:00:55 14534 message: weasel_vfy router: command
returned non-zero code 127
) = 80
[pid 14534] time(NULL) = 1088874055
[pid 14534] getpid() = 14534
[pid 14534] write(2, "18:00:55 14534 ----------- end v"..., 5118:00:55 14534 ----------- end verify ------------
) = 51
[pid 14534] time(NULL) = 1088874055
[pid 14534] getpid() = 14534
[pid 14534] write(2, "18:00:55 14534 warn: condition t"..., 4518:00:55 14534 warn: condition test deferred
) = 45
Can anyone suggest what the problem is? Spamassasin
and other things do seem to work so I am assuming
either
* I have missed something basic
* it is specific to the programquery command
logic in routers and something is different
about the transports command field.
* The reqd capabilities are somehow not
available to exim4 when it tries to
spawn this process.
--
------------------------------------------------------
Dale Amon amon@??? +44-7802-188325
International linux systems consultancy
Hardware & software system design, security
and networking, systems programming and Admin
"Have Laptop, Will Travel"
------------------------------------------------------
