[exim] SSL_write: (from <unknown>) syscall: Permission denie…

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Александр Н. Лунев
Dátum:  
Címzett: exim-users
Tárgy: [exim] SSL_write: (from <unknown>) syscall: Permission denied
Hello everyone.

After upgrading FreeBSD 9.1 to 10.3 with appropriate upgrading of
packages a mysterious error started to show. (exim-4.87 was builded and
installed from ports, because prebuilt package doesn't include LDAP,
which is used in our system). Every night FreeBSD send output from
periodic scripts to root@, and all root@ mail (by aliases file) are
going to my @gmail.com account.

And sometimes (not always) in the morning i see in my @gmail.com account
mail from mailer-daemon@???, today example: "Warning: message
1bPLy3-000C8V-O5 delayed 24 hours".

On server i see this:

# mailq
26h  6.5M 1bPLy3-000C8V-O5 <root@???>
            root@???



And then, if i try to force exim to deliver message, it shows this:

# exim -v -M 1bPLy3-000C8V-O5

...skip...

Connecting to gmail-smtp-in.l.google.com [108.177.14.26]:25 ... connected
    SMTP<< 220 mx.google.com ESMTP 77si558883lfu.292 - gsmtp
    SMTP>> EHLO startsnto.ru
    SMTP<< 250-mx.google.com at your service, [81.200.243.105]
           250-SIZE 157286400
           250-8BITMIME
           250-STARTTLS
           250-ENHANCEDSTATUSCODES
           250-PIPELINING
           250-CHUNKING
           250 SMTPUTF8
    SMTP>> STARTTLS
    SMTP<< 220 2.0.0 Ready to start TLS
    SMTP>> EHLO startsnto.ru
    SMTP<< 250-mx.google.com at your service, [81.200.243.105]
           250-SIZE 157286400
           250-8BITMIME
           250-ENHANCEDSTATUSCODES
           250-PIPELINING
           250-CHUNKING
           250 SMTPUTF8
    SMTP>> MAIL FROM:<root@???> SIZE=6894623
    SMTP>> RCPT TO:<myaccountongmail@???>
    SMTP>> DATA
    SMTP<< 250 2.1.0 OK 77si558883lfu.292 - gsmtp
    SMTP<< 250 2.1.5 OK 77si558883lfu.292 - gsmtp
    SMTP<< 354  Go ahead 77si558883lfu.292 - gsmtp
    SMTP>> writing message and terminating "."
LOG: MAIN
    SSL_write: (from <unknown>) syscall: Permission denied
LOG: MAIN
    H=gmail-smtp-in.l.google.com [108.177.14.26]: 
gmail-smtp-in.l.google.com [108.177.14.26]: Permission denied


...skip...

But if I try to send mail from root@ to @gmail.com from command line
(and also from lan@ via thunderbird), it will be sent right away:

2016-07-20 08:34:40 1bPk9Y-000NP6-6u <= root@??? U=root P=local
S=695
2016-07-20 08:34:41 1bPk9Y-000NP6-6u => myaccountongmail@???
R=dnslookup T=remote_smtp H=gmail-smtp-in.l.google.com [64.233.163.26]
X=TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=yes C="250 2.0.0 OK
1468992881 m4si562022lfd.328 - gsmtp"
2016-07-20 08:34:41 1bPk9Y-000NP6-6u Completed

But if i try to send night mail from queue, it is always SSL_write: error.

I've already tried to rebuild exim, to remove old spool dir, to use
gnutls instead of openssl with no avail - night mail from queue is not
sended, SSL_write error, but i can send mail via exim right now.

exim is:

# exim -d
Exim version 4.87 (FreeBSD 10.3) uid=0 gid=0 pid=90040 D=fbb95cfd
Probably Berkeley DB version 1.8x (native mode)
Support for: crypteq iconv() IPv6 use_setclassresources PAM Perl 
Expand_dlfunc OpenSSL Content_Scanning Old_Demime DKIM DNSSEC PRDR 
Experimental_SPF
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm 
dbmjz dbmnz dnsdb dsearch ldap ldapdn ldapm passwd
Authenticators: cram_md5 cyrus_sasl dovecot plaintext spa
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Fixed never_users: 0
Size of off_t: 8
Compiler: CLang [3.4.1 (tags/RELEASE_34/dot1-final 208032)]
Library version: OpenSSL: Compile: OpenSSL 1.0.2h  3 May 2016
                            Runtime: OpenSSL 1.0.2h  3 May 2016
                                   : built on: reproducible build, date 
unspecified
Library version: Cyrus SASL: Compile: 2.1.26
                               Runtime: 2.1.26 [Cyrus SASL]
Library version: PCRE: Compile: 8.39
                         Runtime: 8.39 2016-06-14
Total 15 lookups
WHITELIST_D_MACROS unset
TRUSTED_CONFIG_LIST unset
changed uid/gid: forcing real = effective
    uid=0 gid=0 pid=90040
    auxiliary group list: 0
seeking password data for user "mailnull": using cached result
getpwnam() succeeded uid=26 gid=26
seeking password data for user "root": cache not available
getpwnam() succeeded uid=0 gid=0
changed uid/gid: calling tls_validate_require_cipher
    uid=26 gid=6 pid=90041
    auxiliary group list: 6
tls_validate_require_cipher child 90041 ended: status=0x0
openssl option, adding from 1100000: 1000000 (no_sslv2 +no_sslv3)
openssl option, adding from 1100000: 2000000 (no_sslv3)
LOG: MAIN
    Warning: purging the environment.
   Suggested action: use keep_environment.
configuration file is /usr/local/etc/exim/configure
log selectors = 00000ffc 10332001
cwd=/root 2 args: exim -d
trusted user
admin user
changed uid/gid: privilege not needed
    uid=26 gid=6 pid=90040
    auxiliary group list: 6
seeking password data for user "mailnull": cache not available
getpwnam() succeeded uid=26 gid=26
DSN: dnslookup propagating DSN
DSN: system_aliases propagating DSN
DSN: adsi_check propagating DSN
DSN: local_adsi_user propagating DSN
DSN: localuser propagating DSN
seeking password data for user "cyrus": cache not available
getpwnam() succeeded uid=60 gid=60
originator: uid=0 gid=0 login=root name="startsnto.ru root"
sender address = root@???
Exim is a Mail Transfer Agent. It is normally called by Mail User Agents,
not directly from a shell command line. Options and/or arguments control
what it does when called. For a list of options, see the Exim documentation.



--
best regards