After update centos 7.4 and latest virtualmin config error at re-check The procmail command /bin/procmail is owned by group mail

12 posts / 0 new
Last post
#1 Sat, 09/16/2017 - 10:13
Jfro

After update centos 7.4 and latest virtualmin config error at re-check The procmail command /bin/procmail is owned by group mail

250 updates today centos 7.4x related and virtualmin config Running latest 6.0.19-1

rebooted then error at re-check The procmail command /bin/procmail is owned by group mail, when it should be owned by root. Email may not be properly delivered or checked for spam.

Before re-check no problems!

So solved it to set it back and rights also, but strange??

Sat, 09/16/2017 - 13:49
Joe
Joe's picture

That has nothing to do with the virtualmin-config update. It looks like there's a new procmail package in the 7.4 update.

That said, procmail-wrapper should be all that needs to be owned by root. AFAIK, procmail itself has always had root:mail ownership on CentOS systems, and that's not actually a problem because Virtualmin configures with the wrapper. There should be no need to change it.

So, the question really is: Why is your procmail wrapper missing or not being called? Is procmail-wrapper installed?

--

Check out the forum guidelines!

Sat, 09/16/2017 - 14:50
Jfro

Hmm don't know how to check 123 for that.

Before the update it was not a issue with re-checks.

The config proc-mail

LOGFILE=/var/log/procmail.log
TRAP=/etc/webmin/virtual-server/procmail-logger.pl
:0wi
VIRTUALMIN=|/etc/webmin/virtual-server/lookup-domain.pl $LOGNAME
EXITCODE=$?
:0
* ?/bin/test "$EXITCODE" = "73"
/dev/null
EXITCODE=0
:0
* ?/bin/test "$VIRTUALMIN" != ""
{
INCLUDERC=/etc/webmin/virtual-server/procmail/$VIRTUALMIN
}
ORGMAIL=$HOME/Maildir/
DEFAULT=$HOME/Maildir/
DROPPRIVS=yes
:0
$DEFAULT

And this file is there procmail-wrapper 6.98 kB root:root 6755 2007/05/10 - 08:16:54

Ok must be something wrong, maybe starting at my initial setup while wanting Letsencrypt for vps webmin and hostname itself but not a virtualserver for itself so my installation... after the succeeded LE cert deleting the virtuelserver for vpshostname hmm, and while not 100% with update this error is then causing the behavouir

:nobody Size:1373 Dest://Maildir/ Mode:None
Insecure dependency in exec while running with -T switch at /etc/webmin/virtual-server/lookup-domain.pl line 19.
procmail: Program failure (255) of "/etc/webmin/virtual-server/lookup-domain.pl"
procmail: Unable to treat as directory "//Maildir"
procmail: Error while writing to "//Maildir"
procmail: Unable to treat as directory "//Maildir"
procmail: Lock failure on "//Maildir.lock"
procmail: Error while writing to "//Maildir"
From root@server.tld   Sat Sep 16 22:01:33 2017
Subject: lfd on vp.server.tld : Suspicious process running under user user
  Folder: **Bounced**    1099
Time:1505592093 From:root@server.tld  To:root@server.tld  User:nobody Size:49550 Dest://Maildir/ Mode:None
Insecure dependency in exec while running with -T switch at /etc/webmin/virtual-server/lookup-domain.pl line 19.
procmail: Program failure (255) of "/etc/webmin/virtual-server/lookup-domain.pl"
procmail: Unable to treat as directory "//Maildir"
procmail: Error while writing to "//Maildir"
procmail: Unable to treat as directory "//Maildir"
procmail: Lock failure on "//Maildir.lock"
procmail: Error while writing to "//Maildir"
From root@server.tld   Sat Sep 16 22:01:33 2017
Subject: lfd on vp.server.tld : Suspicious process running under user apac
  Folder: **Bounced**    1100
Time:1505592093 From:root@server.tld  To:root@server.tld  User:nobody Size:49474 Dest://Maildir/ Mode:None
Insecure dependency in exec while running with -T switch at /etc/webmin/virtual-server/lookup-domain.pl line 19.
procmail: Program failure (255) of "/etc/webmin/virtual-server/lookup-domain.pl"
procmail: Unable to treat as directory "//Maildir"
procmail: Error while writing to "//Maildir"
procmail: Unable to treat as directory "//Maildir"
procmail: Lock failure on "//Maildir.lock"
procmail: Error while writing to "//Maildir"
From root@server.tld Sat Sep 16 22:01:33 2017
Subject: lfd on vp.server.tld : Suspicious process running under user apac
  Folder: **Bounced

Switched domainnames in server.tld and vps hostname in vp.server.tld

used shortly a virtualserver for the vps.maindomainname.tld to get initial Letsencrypt cert on webmin virtual min for that vps, deleted virtuelserver after this and added the subdomain to the maindomain LE cert list, then renew cert did it all there without error. ( letsencrypt yes, but that action did deleted the maildir for rootuser also hmm how stupid could one be, i thought smart, wanted no virtuelserver for the vps hostname itself, but hat wasn't working for letsencrypt while not seeing the subdomain initial, wen created a virtualmin and LE cert i got is working as subdomain on the maindomain list for the LE cert, discussions about that are more on forum)

Sorry for bad English i'm Dutch. ;)

Don't know for sure or it better to have a seperate virtualserver for the vps server hostname itself? ( i hoped it wasn't needed, i shortly neede for initial adding Letsencrypt subdomain list with maindomain while otherwise it was impossible and letsencrypt error, after initial pointing to certpath webmin and so on working for vps)

Sat, 09/16/2017 - 15:25 (Reply to #3)
Jfro

used shortly a virtualserver for the vps.maindomainname.tld to get initial Letsencrypt cert on webmin virtual min for that vps, deleted virtuelserver after this and added the subdomain to the maindomain LE cert list, then renew cert did it all there without error.

Sat, 09/16/2017 - 16:32
Joe
Joe's picture

You don't need to post multiple times, if it gets queued. The spam filter is pretty aggressive about email addresses in posts, and I have to approve them, but they do appear for me, and I approve them as I see them.

So the problem above is that there is no configuration for one of your users...looks like root. How did that even happen? Did you assign ownership of the domain to the 'root' user? That shouldn't be possible because it doesn't make any sense (and will cause breakage in a variety of interesting ways). I thought we prevented that. If that's what happened, can you tell me how you got there so we can make sure it is impossible?

That doesn't explain why Virtualmin is looking at procmail instead of procmail-wrapper, but it would explain there error you see above.

As for the Let's Encrypt question, you shouldn't delete the domain from Virtualmin if you want it to keep getting Let's Encrypt certificate updates; you have to re-issue LE certs periodically (they expire after 90 days). Virtualmin doesn't care what hostname people access it on, so you can use any of your virtual hosts to issue a certificate. Don't fight it...just use whatever domain you like. If you don't want to make a specific full virtual host for it, you can create an alias attached to one of your domains, and when you issue an LE cert, it'll support that alias name, as well. But, I usually just use one of the domains I have hosted on the server as the address I use to contact Virtualmin and that's the cert I copy to Webmin.

--

Check out the forum guidelines!

Sat, 09/16/2017 - 17:20
Jfro

Sorry FF crashed 2 times while typing/saving so thought that was reason no reply. I have to may screens open. ;)

I made for the procmail now a alias "root" in the maindomain mailbox so receiving mail there form LFD/csf now.

I did use the maindomain for LE CERT but initial the hostname ( a sub but not alias or virtual server refused to get that to, so thought OK lets be smart ( hihii fighting as you say), for initial make that domain as virtualserver, then LE cert for the maindomain with in the list there the subdomain hostname, that succeeded, then remove virtualserver for hostname, testing after that a manual renew LE cert still working while THIRD PARTY DNS so that subdomain hostname is resolving. And only needed to have the webmin, usermin LE cert for the subdomain/hostname that is working and tested also renew manually.

The difference is ofcourse you needed then a resolving third party DNS and has that maindomain as default serving.

But ok i did now also a domainalias for the hostname on the default maindomain, that maindomain as hostname is not used for other things than the serveradmin and virtualmin panel, so no webspace added only mailbox'for the alias

Sofar i see is the maildir directory for root wasn't working pointing anymore to the initial for Procmail/postfix ( Directory whith old mail still there), now it is as alias to another emailadres and working.

Hmm the maindomain had a root@maindomain created at install in combi with virtualserver where the root@vps.maindomain hmm don;t know anywmore but thought the root things where created itself. After deleting the hostname virtualserver (vps.maindomain.tld) this was problem.

UH DOCROOT is here var/www changed the virtualmin config for that path, but ofcourse the initial rootmaildir was in other place where it still is only not receiving mail while domain hostname.maindomain is not in the virtualmin domainmaps anymore i tjhink

Situation now is: a alias created for hostname.maindomain and a aliasmail created for root.

i am sure i didn't use/created user root for any domains or virtualserver ( only did the install virtualmin basic with Root and password), i created every virtualserver with own username and path nothing to do with domainname ofcourse while i don't like userpaths that has domainname in itself or easy guesing usernames. ;)

I could have made a mailallias for root that i'm not sure sorry, but makes no sense while old maildir reading user mail in virtualmin/webmin is still working with the old mails, as it was before deleting the virtualserver for the hostname.maindomain.

So only delivery and mailhandling wasnt. for root

I gues you can read my mailadres, so if you want access to vps to have a look for maybe finding what you asked please mail me

Sat, 09/16/2017 - 23:14
Joe
Joe's picture

You're talking about a bunch of unrelated things, and I can't really make sense out of what we're trying to solve.

Let's Encrypt, docroot, firewall, and even mail aliases, are completely unrelated to the config check warning about procmail.

If we can stick to one problem at a time, we can sort them out. So, let's focus on figuring out what you've changed on the system that caused the procmail error, fix that, and then move on to other issues.

First, check the postfix configuration for the mailbox_command:

# postconf mailbox_command

What's that set to?

--

Check out the forum guidelines!

Sun, 09/17/2017 - 04:28
Jfro

Yep ok.

mailbox_command = /bin/procmail

The why i mentioned other things was install 29-08 problems as others with for example postfix not working and so on, after the install i did yum remov postfix and yum install postfix and some settings to have smtp and port 25 and so more listen and working for mail.

So while wen searching the web i did find that the mailbox_command should be something else with wrapper in it, and the manual yum remove install postfix could be the main cause? There where to many problems to find on the web with websearch postfix and ports sasl and so on didn't find through the very much results a working, so started to install postfix manualy again.

If that is the cause, then do you have a tip?

I did changed group and rights for procmail then re-chcek gets , so this is not checking or procmail-wrapper is used only if procmail has group and user root with the rights.

THe status of your system is being checked to ensure that all enabled features are available, that the mail server is properly configured, and that quotas are active ..



Your system has 11.58 GB of memory, which is at or above the Virtualmin recommended minimum of 256 MB.
BIND DNS server is installed, and the system is configured to use it.

Mail server Postfix is installed and configured.

Postfix can support per-domain outgoing IP addresses, but is not currently configured to do so. This can be setup in the x module.

Apache is installed.

The following PHP versions are available : 5.6.31 (/bin/php-cgi), 7.0.10 (/opt/rh/rh-php70/root/usr/bin/php-cgi), 5.6 (mod_php)

PHP-FPM support is available on this system.

Webalizer is installed.

Apache is configured to host SSL websites.

MySQL is installed and running.

ProFTPD is installed.

Logrotate is installed.

SpamAssassin and Procmail are installed and configured for use.

ClamAV is installed and assumed to be running.

Plugin AWstats reporting is installed OK.

Plugin DAV Login is installed OK.

Plugin Protected web directories is installed OK.

Using network interface eth0 for virtual IPs.

IPv6 addresses are available, using interface eth0.

Default IPv4 address for virtual servers is x.

Default IPv6 address for virtual servers is x

Default IP address is set to 213.x.x.x, which matches the detected external address.

Both user and group quotas are enabled for home and email directories.

All commands needed to create and restore backups are installed.

The selected package management and update systems are installed OK.

Chroot jails are available on this system


.. your system is ready for use by Virtualmin.
Sun, 09/17/2017 - 19:47 (Reply to #11)
Joe
Joe's picture

The why i mentioned other things was install 29-08 problems as others with for example postfix not working and so on, after the install i did yum remov postfix and yum install postfix and some settings to have smtp and port 25 and so more listen and working for mail.

Good lord, you removed Postifx!? Of course that's the cause of the problem! Removing Postfix throws away all of the configuration changes that Virtualmin made during installation.

You may be able to fix this by running the following:

# virtualmin system-config --include Postfix
# systemctl restart postfix

But, I'm not sure if that'll catch everything that was undone by removing Postfix, but it'll at least get you closer to what it's supposed to be. That may undo some configuration changes you've done in the interim, so if you've made changes, you'll need to do them again.

--

Check out the forum guidelines!

Mon, 09/18/2017 - 03:17
Jfro

UPDATED text while seems solved see the last text written, for solutions with postfix, sasl and so on caused with older install script virtualmin6

UH ok hmm. Is this for almost every package also php and so on not to remove and install manual, is there somewhere a list wich you can do safely?

virtualmin system-config gives command not found ;) virtualmin config-system yep this is a kind of probl a have myself to. ;)

Have to test, problem was a lot of things (postfix smtp sasl and so on) not going wel with that install 29-08 and later install completly .... the system.

There where some probs with versions installscript i did understand.

Didn't find a solution for postfix , because websearch result was a complete forest i was looking for that on tree, and couldn't find it, so after days i decide to remove and reinstall postfix, after that i came through her in forum that new version install and so on but ok, this is a good learning curve to have some problems, then you know the system quicker then only if all goes smoothly. ( joking now you wanted to achieve that admins learn to know your system deeper. ;) )

After that/this failed to start postfix mail transporter agent?

Sep 18 10:08:16 vp postfix/postfix-script[11714]: stopping the Postfix mail system
Sep 18 10:08:16 vp postfix/master[1033]: terminating on signal 15
Sep 18 10:08:16 vp postfix/postfix-script[11731]: fatal: the Postfix mail system is not running
Sep 18 10:08:17 vp postfix/postfix-script[11796]: starting the Postfix mail system
Sep 18 10:08:17 vp postfix/master[11798]: daemon started -- version 2.10.1, configuration /etc/postfix
Sep 18 10:08:26 vp postfix/postfix-script[11958]: refreshing the Postfix mail system
Sep 18 10:08:26 vp postfix/master[11798]: reload -- version 2.10.1, configuration /etc/postfix
Sep 18 10:18:27 vp postfix/postfix-script[12559]: fatal: the Postfix mail system is already running
Sep 18 10:21:54 vp postfix/postfix-script[13047]: starting the Postfix mail system
Sep 18 10:21:54 vp postfix/master[13049]: fatal: open lock file /var/lib/postfix/master.lock: unable to set exclusive lock: Resource temporarily unavailable
Sep 18 10:21:55 vp postfix/master[13048]: fatal: daemon initialization failure
Sep 18 10:21:56 vp postfix/postfix-script[13051]: fatal: mail system startup failed

So better don't use systemctl i think for postfix when running virtualmin? I hope i can solve this with https://serverfault.com/questions/804993/postfix-failed-to-start-unable-...

but start postfix then in virtualmin panel itself is important, so kill the process / lock and start postfix in virtualmin panel

don't know why the lock was there

After restatred postfix i am back to initial problem reason why i did decided to reinstall postfix not accepting mail sasl error and so on :(

Sep 18 10:36:52 vp postfix/master[14003]: reload -- version 2.10.1, configuration /etc/postfix
Sep 18 10:37:10 vp postfix/smtpd[14766]: connect from v.........me-deleted-here okokokok348:b9:461::1]
Sep 18 10:37:10 vp postfix/smtpd[14766]: warning: SASL authentication failure: Internal Error -4 in server.c near line 1757
Sep 18 10:37:10 vp postfix/smtpd[14766]: warning: SASL authentication failure: Internal Error -4 in server.c near line 1757
Sep 18 10:37:10 vp postfix/smtpd[14766]: warning: SASL authentication failure: Internal Error -4 in server.c near line 1757
Sep 18 10:37:10 vp postfix/smtpd[14766]: warning: xsasl_cyrus_server_get_mechanism_list: no mechanism available
Sep 18 10:37:10 vp postfix/smtpd[14766]: fatal: no SASL authentication mechanisms
Sep 18 10:37:11 vp postfix/master[14003]: warning: process /usr/libexec/postfix/smtpd pid 14766 exit status 1
Sep 18 10:37:11 vp postfix/master[14003]: warning: /usr/libexec/postfix/smtpd: bad command startup -- throttling
Sep 18 10:38:12 vp postfix/smtpd[14833]: connect from .........me-deleted-here okokokok[.97]
Sep 18 10:38:12 vp postfix/smtpd[14833]: warning: SASL authentication failure: Internal Error -4 in server.c near line 1757
Sep 18 10:38:12 vp postfix/smtpd[14833]: warning: SASL authentication failure: Internal Error -4 in server.c near line 1757
Sep 18 10:38:12 vp postfix/smtpd[14833]: warning: SASL authentication failure: Internal Error -4 in server.c near line 1757
Sep 18 10:38:12 vp postfix/smtpd[14833]: warning: xsasl_cyrus_server_get_mechanism_list: no mechanism available
Sep 18 10:38:12 vp postfix/smtpd[14833]: fatal: no SASL authentication mechanisms
Sep 18 10:38:13 vp postfix/master[14003]: warning: process /usr/libexec/postfix/smtpd pid 14833 exit status 1
Sep 18 10:38:13 vp postfix/master[14003]: warning: /usr/libexec/postfix/smtpd: bad command startup -- throttling

OK while install.sh then

i did now also For example, one can fix the broken saslauthd configuration that prevented SMTP authentication by running: virtualmin config-system --include SASL While cause https://www.virtualmin.com/node/53074

So, report problems you find, when you find them and I'll fix them and tell you what you need to do to apply the fix(es) to your server. Usually it's a matter of updating the virtualmin-config package and running a single command. For example, one can fix the broken saslauthd configuration that prevented SMTP authentication by running:

after that something that should not be there with the virtualmin postfix dovecot install ??

Sep 18 10:48:49 vp dovecot: master: Dovecot v2.2.10 starting up for imap, pop3, lmtp (core dumps disabled)
Sep 18 10:48:49 vp dovecot: config: Warning: NOTE: You can get a new clean config file with: doveconf -n > dovecot-new.conf
Sep 18 10:48:49 vp dovecot: config: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:120: protocol { ssl_listen } has been replaced by service { inet_listener { address } }

i had before also dkim running but hmm i have to sort out much more i see

also didn't fix the sasl hmm

Sep 18 11:08:52 vp postfix/smtpd[17446]: warning: SASL authentication failure: Internal Error -4 in server.c near line 1757
Sep 18 11:08:52 vp postfix/smtpd[17446]: warning: SASL authentication failure: Internal Error -4 in server.c near line 1757
Sep 18 11:08:52 vp postfix/smtpd[17446]: warning: SASL authentication failure: Internal Error -4 in server.c near line 1757
Sep 18 11:08:52 vp postfix/smtpd[17446]: warning: xsasl_cyrus_server_get_mechanism_list: no mechanism available
Sep 18 11:08:52 vp postfix/smtpd[17446]: fatal: no SASL authentication mechanisms

I hope we can solve this and other forumuser readers have something to solve when this problems ..

I 'm stuck for now sorry.

Mail receiving is not working anymore but didn't touched dovecot. Mail sending only out of webmin readusermail working. Sasl problem is still / again there.

Sending with webmin mail and dkim validator is working. Receiving not

UPDATE: Reveining yes whil again disable listen and ssl_listen in dovecot conf lines. BUT also have to disable sasl because of error, so

Back to sofar i see the only problem that stays is sasl auth ( id did the virtualmin config system sasl already and that rewriten witj green

Procmail is now wrapper so that is solved wth his action i think don't now for sure how to test everything with it but wen receiving mail and the mailboxcommand is procmail-wrappper... it looks ok

THE SASL prob stays ( i have disabled this in .cf otherwise postfix is not working) :( with this: warning: xsasl_cyrus_server_get_mechanism_list: no mechanism available

Update also a install bug at that time ;) https://www.virtualmin.com/node/53447

Run the following:
# yum install cyrus-sasl-plain

Test again. Give me some maillog output if there are still problems. I'm testing on my own VM at the moment, and this resolved the most immediate problem. Log data will help solve any other problems.

Solves:

So after the install probs with install.sh with some bugs and wrongly removed postfix and installed this manually.

Solved problems with postfix, mail sending mail receiving, procmail-wrapper , sasls, and xsasl_cyrus. After virtualmin config-system them again did solved most, only had to remove the obsolete " listen " directive in dovecot conf then it looks like working

Thanks for help i hope someone reading here with mail problems postfix and one of the first install.sh scripts for virtualmin 6 helps this long posting from me ;)

Mon, 09/18/2017 - 16:23
Joe
Joe's picture

virtualmin system-config gives command not found ;) virtualmin config-system yep this is a kind of probl a have myself to. ;)

Did you uninstall virtualmin-config package or was this not a VM6 installation? (i.e. was the install.sh you used some version prior to 6.0.x?)

Is simply reinstalling an option? It sounds like you've got a lot of little messes there...none of this is necessary. A fresh install should Just Work. If there are issues they are going to be small, and fixable with a minor update.

--

Check out the forum guidelines!

Mon, 09/18/2017 - 19:12
Jfro

no was the file about 28-08 or 29-08 the install virtualmin. freshinstalled OS. U i understand you turned around the system-config with config-system in your text above!! ( so that was why i had the error. you did write virtualmin system-config --include  it should be virtualmin config-system --include i think ;) You write her yourself https://www.virtualmin.com/comment/783295#comment-783295

It sounds like you've got a lot of little messes there...none of this is necessary. A fresh install should Just Work. If there are issues they are going to be small, and fixable with a minor update Yep but then you have to know how virtualmin and support / these updates for minor problems after some of these bugs in install new version reacts, and solve them and so on. I know now, this was because lack of experience with Virtualmin and your support myself sorry that i was after a while not finding solution going to solve it my own way.

Topic locked