[Exim] Exim returns 127

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Dale Amon
Dátum:  
Címzett: chris
CC: exim-users
Tárgy: [Exim] Exim returns 127
Thanks for the reply. Although I've not compiled
the code with changes (not yet anyway) as I am
worried I would not reproduce the debian dist
binary under which I am trying to make it work.
I've been there before with the exim debian source.

Instead I set up a test with strace:

strace -ff -o eximtrace /usr/sbin/exim4 -d+all-memory-expand -bd -q30m &> exim-strace4.dat &

I found that

    [pid 25583] setgid32(0) = -1 EPERM (Operation not permitted)


seems to be the problem. According to execve docs:

    "EPERM  The user is not the super-user (does
     not have the CAP_SETGID capability), and gid
     does not  match the effective group ID or
     saved set-group-ID of the calling process."


I am now trying to figure out exactly what it wants
me to do. To simplify my testing I've created this
small c prog:

int main(int argc, char *argv[])
{
printf ("accept\n");
exit (0);
}

and installed it as

-r-sr-xr-x    1 root     mail        11946 Jul  3 17:35 weaselvfy


exim4 is installed by debian as:

-rwsr-xr-x    1 root     root       744408 Apr 26 08:57 exim4


I am calling it from exim4.conf thusly:

weasel_vfy:
  driver                = queryprogram
  domains               = +weasel_domains
  retry_use_local_part
  command               = /usr/sbin/weaselvfy ${local_part} ${domain}
  command_user          = mail
  command_group         = mail
  verify_only
  verify_sender         = false
  verify_recipient      = true
  debug_print           = "***** WEASEL VERIFIER ${local_part} ${domain} *****"


When run it still does:

17:49:08 13205 ***** WEASEL VERIFIER livia vnl.com *****
17:49:08 13205 calling weasel_vfy router
17:49:08 13205 weasel_vfy router called for livia@???: domain = vnl.com
17:49:08 13205 uid=8 gid=8 current_directory=/
17:49:08 13205 direct command:
17:49:08 13205 argv[0] = /usr/sbin/weaselvfy
17:49:08 13205 argv[1] = ${local_part}
17:49:08 13205 argv[2] = ${domain}
17:49:08 13205 direct command after expansion:
17:49:08 13205 argv[0] = /usr/sbin/weaselvfy
17:49:08 13205 argv[1] = livia
17:49:08 13205 argv[2] = vnl.com
17:49:08 13205 weasel_vfy router: defer for livia@???
17:49:08 13205 message: weasel_vfy router: command returned non-zero code 127
17:49:08 13205 ----------- end verify ------------
17:49:08 13205 warn: condition test deferred

Here is an example the strace data, from another test run
under the same conditions:

[pid 14534] time(NULL)                  = 1088874055
[pid 14534] getpid()                    = 14534
[pid 14534] write(2, "18:00:55 14534   argv[2] = vnl.c"..., 3518:00:55 14534   argv[2] = vnl.com
) = 35
[pid 14534] pipe([3, 7])                = 0
[pid 14534] pipe([8, 9])                = 0
[pid 14534] rt_sigaction(SIGCHLD, {SIG_DFL}, {SIG_IGN}, 8) = 0
[pid 14534] fork(Process 14537 attached
)                      = 14537
[pid 14537] --- SIGSTOP (Stopped (signal)) @ 0 (0) ---
[pid 14537] getpid()                    = 14537
[pid 14537] getrlimit(RLIMIT_STACK, {rlim_cur=RLIM_INFINITY, rlim_max=RLIM_INFINITY}) = 0
[pid 14537] setpgid(0, 0)               = 0
[pid 14537] close(7)                    = 0
[pid 14537] close(0)                    = 0
[pid 14537] dup2(3, 0)                  = 0
[pid 14537] close(3)                    = 0
[pid 14537] close(8)                    = 0
[pid 14537] close(1)                    = 0
[pid 14537] dup2(9, 1)                  = 1
[pid 14537] close(9)                    = 0
[pid 14537] close(2)                    = 0
[pid 14537] dup2(1, 2)                  = 2
[pid 14537] setgid32(8)                 = -1 EPERM (Operation not permitted)
[pid 14537] exit_group(127)             = ?
Process 14537 detached


[pid 14534] --- SIGCHLD (Child exited) @ 0 (0) ---
[pid 14534] close(3)                    = 0
[pid 14534] close(9)                    = 0
[pid 14534] close(7)                    = 0
[pid 14534] alarm(3600)                 = 0
[pid 14534] waitpid(14537, [{WIFEXITED(s) && WEXITSTATUS(s) == 127}], 0) = 14537
[pid 14534] alarm(0)                    = 3600
[pid 14534] rt_sigaction(SIGCHLD, {SIG_IGN}, {SIG_DFL}, 8) = 0
[pid 14534] time(NULL)                  = 1088874055
[pid 14534] getpid()                    = 14534
[pid 14534] write(2, "18:00:55 14534 weasel_vfy router"..., 5818:00:55 14534 weasel_vfy router: defer for szabo@vn
l.com
) = 58
[pid 14534] time(NULL)                  = 1088874055
[pid 14534] getpid()                    = 14534
[pid 14534] write(2, "18:00:55 14534   message: weasel"..., 8018:00:55 14534   message: weasel_vfy router: command
 returned non-zero code 127
) = 80
[pid 14534] time(NULL)                  = 1088874055
[pid 14534] getpid()                    = 14534
[pid 14534] write(2, "18:00:55 14534 ----------- end v"..., 5118:00:55 14534 ----------- end verify ------------
) = 51
[pid 14534] time(NULL)                  = 1088874055
[pid 14534] getpid()                    = 14534
[pid 14534] write(2, "18:00:55 14534 warn: condition t"..., 4518:00:55 14534 warn: condition test deferred
) = 45



Can anyone suggest what the problem is? Spamassasin
and other things do seem to work so I am assuming
either

    * I have missed something basic
    * it is specific to the programquery command
      logic in routers and something is different
      about the transports command field.
    * The reqd capabilities are somehow not
      available to exim4 when it tries to
      spawn this process.


--
------------------------------------------------------
   Dale Amon     amon@???    +44-7802-188325
       International linux systems consultancy
     Hardware & software system design, security
    and networking, systems programming and Admin
          "Have Laptop, Will Travel"
------------------------------------------------------