Hi exim-users,
I am configuring an autoreply transport using the 'once' option. Here's
the configuration snippets:
ooo:
driver = accept
domains = foobar.com
local_parts = foo : bar : quux
require_files = /var/lib/ooo/$domain/$local_part/vacation
transport = ooo_transport
unseen
ooo_transport:
driver = autoreply
to = $sender_address
from = $local_part@$domain
subject = "Re: $h_subject"
file = /var/lib/ooo/$domain/$local_part/vacation.txt
headers = "Content-Type: text/plain; charset=UTF-8"
once = /var/lib/ooo/$domain/$local_part/vacation.db
once_repeat = 2w
mode = 660
So as you can see, I enable the OOO transport for the users with email
addresses 'foo@???', 'bar@???', and 'quux@???'. The
autoreply sends a vacation message from under the /var/lib/ooo
hierarchy. Users can administrate their subdirectory <DOMAIN>/<USER> if
they have ssh access. If my email address is 'quux@???', my
'once' DB would be stored at /var/lib/ooo/foobar.com/quux/vacation.db.
We run Ubuntu's version of Exim:
$ exim4 -bV
Exim version 4.69 #1 built 02-Feb-2008 04:50:35
Copyright (c) University of Cambridge 2006
Berkeley DB: Berkeley DB 4.6.21: (September 27, 2007)
Support for: crypteq iconv() IPv6 PAM Perl GnuTLS
move_frozen_messages Content_Scanning Old_Demime
Lookups: lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz
dnsdb dsearch ldap ldapdn ldapm mysql nis nis0 passwd pgsql sqlite
Authenticators: cram_md5 cyrus_sasl dovecot plaintext spa
Routers: accept dnslookup ipliteral iplookup manualroute queryprogram
redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Fixed never_users: 0
Size of off_t: 8
Configuration file is /etc/exim4/exim4.conf
We run Exim as user and group mail:mail.
exim_user = mail
exim_group = mail
When mailing a user with the vacation system turned on, I see this in
the logs:
2009-05-13 12:08:34 1M4CKA-0005Q9-6u <= david.banks@???
H=tiamat.lan.proporta.com [192.168.254.30] P=esmtpsa
X=TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32
A=fixed_plain:david.banks@??? S=611
id=4A0AA9A6.7060209@??? T="test"
2009-05-13 12:08:35 1M4CKA-0005Q9-6u => quux@???
<quux@???> R=maildir_test T=maildir_delivery
2009-05-13 12:08:35 1M4CKA-0005Q9-6u == quux@??? R=ooo
T=ooo_transport defer (0): Failed to open db (v3/4) file
/var/lib/ooo/foobar.com/quux/vacation.db when sending message from
ooo_transport transport: Permission denied
As you can see, the attempt to read or write to
'/var/lib/ooo/foobar.com/quux/vacation.db' failed. However, if I
simulate this action from the shell, using the same user as Exim, it
succeeds.
$ sudo su -c 'cat /var/lib/ooo/foobar.com/quux/vacation.db
>/dev/null' mail
$ sudo su -c 'echo test > /var/lib/ooo/foobar.com/quux/vacation.db' mail
$ ls -ld /var/lib/ooo/foobar.com/quux
drwxrwxr-x 2 ooo ooo 4096 2009-05-13 12:16 /var/lib/ooo/foobar.com/quux
$ grep ooo /etc/group
ooo:x:1013:www-data,mail
'mail' is a member of the group 'ooo' and the directory where
'vacation.db' should be created is group writable and owned by group
'ooo'. As such, 'mail' should be able to write to it, and indeed it can
- but when Exim tries, it fails, even though Exim runs as 'mail'. And
it does seem to be running as mail:
$ ps aux | grep exim | grep -v grep
root 14683 0.0 0.0 81492 3504 ? S 11:04 0:00
/usr/sbin/exim4 -q
mail 22338 0.0 0.0 83576 2648 ? S 12:18 0:00
/usr/sbin/exim4 -bd -q30m
mail 22356 0.0 0.0 84144 3692 ? S 12:18 0:00
/usr/sbin/exim4 -bd -q30m
root 22379 0.0 0.0 81608 2188 ? S 12:19 0:00
/usr/sbin/exim4 -q
mail 27682 0.0 0.0 81496 1496 ? Ss May12 0:01
/usr/sbin/exim4 -bd -q30m
Does Exim drop privileges or switch to a different user ID when writing
this DB file? Why is it unable to write this file? I guess this is not
an issue with Ubuntu's packaging of Exim, though it's difficult to tell
in this case.
Thanks for any help,
David
