Problems SPAM filter and procmail permissions

28 posts / 0 new
Last post
#1 Tue, 12/16/2008 - 01:36
thedavis

Problems SPAM filter and procmail permissions

Virtualmin shows this message: Failed to save enabled features : The procmail command procmail has 0 permissions, when it should be setuid and setgid to root. Email may not be properly delivered or checked for spam.

When I active the spam filter in Features and Plugins

Thanks :=)

Tue, 12/16/2008 - 04:21
andreychek

Yeah, that came up recently in the Bug Tracker as well:

http://www.virtualmin.com/index.php?option=com_flyspray&Itemid=82&am...

That's just a check to make sure the permissions on procmail are correct -- if they aren't, things can go awry!

You can fix that by typing:

chmod 6755 /usr/bin/procmail-wrapper

Tue, 02/24/2009 - 00:04 (Reply to #2)
schnurzelpurz1

Have the sam error but there is no file /usr/bin/procmail-wrapper (only /usr/bin/procmail)

Tue, 02/24/2009 - 03:24 (Reply to #3)
thedavis

<b>andreychek wrote:</b>
<div class='quote'>Yeah, that came up recently in the Bug Tracker as well:

http://www.virtualmin.com/index.php?option=com_flyspray&amp;Itemid=82&am...

That's just a check to make sure the permissions on procmail are correct -- if they aren't, things can go awry!

You can fix that by typing:

chmod 6755 /usr/bin/procmail-wrapper</div>

Try to chmod procmail and try again...

Tue, 02/24/2009 - 04:05 (Reply to #4)
andreychek

Not having procmail-wrapper may be a sign that you didn't install with the neato install.sh script which does all sorts of work for you!

We highly recommend using that for installs :-)

However, you may be missing the procmail-wrapper package, which is available in the Virtualmin repo.
-Eric

Tue, 02/24/2009 - 04:24 (Reply to #5)
schnurzelpurz1

I have first installed virtualmin GPL (of course with the script mentioned). Afterwards i upgraded to Pro version by typing serial/key in the virtualmin upgrade form...

Tue, 02/24/2009 - 04:29 (Reply to #6)
andreychek

Yeah, you did it right then.

I'd just make sure you have procmail-wrapper installed -- with &quot;yum install procmail-wrapper&quot; on RHEL/CentOS, or &quot;apt-get install procmail-wrapper&quot; on Debian/Ubuntu.
-Eric

Tue, 02/24/2009 - 05:10 (Reply to #7)
schnurzelpurz1

I installed the package with dpkg and changed perms to 6755. Still get the same error in virtaulmin.

Tue, 02/24/2009 - 05:12 (Reply to #8)
andreychek

Okay, so what do the following commands show:

ls -l /usr/bin/procmail

ls -l /usr/bin/procmail-wrapper

Tue, 02/24/2009 - 05:20 (Reply to #9)
schnurzelpurz1

Here's the output of the commands:

debian:/# ls -l /usr/bin/procmail
-rwsr-sr-x 1 root mail 85472 2006-04-30 13:07 /usr/bin/procmail
debian:/# ls -l /usr/bin/procmail-wrapper
-rwsr-sr-x 1 root root 4536 2006-12-13 22:00 /usr/bin/procmail-wrapper
debian:/#

Thanks for the help!

Tue, 02/24/2009 - 05:26 (Reply to #10)
andreychek

Okay, that looks good. Just to be sure, can you paste in the specific error that you're getting? Thanks!
-Eric

Tue, 02/24/2009 - 10:36 (Reply to #11)
schnurzelpurz1

Hi Eric

In Virtualmin going to Sytstems Settings &gt; Features and Plugins &gt; checking the option &quot;Spam filtering&quot; &gt; the following message is displayed:

<b>Failed to save enabled features : The procmail command procmail has 0 permissions, when it should be setuid and setgid to root. Email may not be properly delivered or checked for spam.</b>

Tue, 02/24/2009 - 10:57 (Reply to #12)
andreychek

Hrm... what happens if you do this:

chgrp root /usr/bin/procmail

It should work as the group &quot;mail&quot;, but I'm not sure what else it'd be complaining about :-)
-Eric

Tue, 02/24/2009 - 11:46 (Reply to #13)
schnurzelpurz1

Hi Eric

Changing the group to root didn't success. Even when I chmod procmail to 7777 the error still persists. Whatever procmail-wrapper is doing with procmail, it should be allowed, or not?

Maybe I'm doing a fresh reinstall... I'm loosing some configuration work, but the server is not yet in production phase.

Thanks anyway for your kind support and have a good night!

Tue, 02/24/2009 - 12:23 (Reply to #14)
andreychek

Well, that's something that should certainly work.

If it doesn't, I'd suggest filing a bug! Jamie can help us figure out what's wrong there.

You can file a bug report using the Bugs and Issues link below.
-Eric

Tue, 02/24/2009 - 19:51 (Reply to #15)
Joe
Joe's picture

Try re-checking your system configuration. This is probably a cached piece of information.

The fact that it was not installed during the run of install.sh is troublesome, though. I'm almost certain you have other problems on the system--there's no reason procmail-wrapper wouldn't exist that doesn't make me think the install script failed (there should have been some errors during the run or in the virtualmin-install.log file).

--

Check out the forum guidelines!

Tue, 02/24/2009 - 20:33 (Reply to #16)
Joe
Joe's picture

Oh, wait...This probably means you installed a long time ago, before Spam/AV was merged down into GPL.

You'll want to change the mail delivery command in Postfix to procmail-wrapper. This will make this specific error go away, though others might show up.

--

Check out the forum guidelines!

Tue, 02/24/2009 - 23:43 (Reply to #17)
schnurzelpurz1

Hi Joe

To your suggestions (in reverse order):
- Installation webmin, usermin, virtualmin, virtualmin Pro was done this monday (on debian lenny 64bit, maybe that's an issue too).
- Delivery command (mailbox_command) in Postfix-conf manually changed. But this does not allow to enable the SpamAssassin plugin.
- System Konfiguration (virtualmin &gt; System Settings &gt; Re-check Config) doesn't report any errors.
- Yes, the fact that it was not installed may imply other hidden errors so a clean reinstall would probably be the best. Haven't found &quot;virtualmin-install.log&quot; (only &quot;webmin.log&quot;). Where should it reside?

Wed, 02/25/2009 - 09:11 (Reply to #18)
Joe
Joe's picture

<div class='quote'>- Installation webmin, usermin, virtualmin, virtualmin Pro was done this monday (on debian lenny 64bit, maybe that's an issue too).</div>

And:

<div class='quote'>- Yes, the fact that it was not installed may imply other hidden errors so a clean reinstall would probably be the best. Haven't found &quot;virtualmin-install.log&quot; (only &quot;webmin.log&quot;). Where should it reside?</div>

Along with the other symptoms, makes it sound even more like install.sh was not how this system was installed. Did you install Webmin and Usermin yourself? Like, by downloading packages from Webmin.com, and such? If so, then you didn't use install.sh--install.sh runs on a fresh OS installation, and sets up apt-get repositories and installs all of our packages (including Webmin and Usermin) and a handful of additional packages from our repos, as well as a couple dozen packages from the OS standard repos.

virtualmin-install.log writes to /root.

--

Check out the forum guidelines!

Wed, 02/25/2009 - 11:33 (Reply to #19)
schnurzelpurz1

Hi Joe

Now I've done a complete reinstall:
- removing virtualmin using the install script with option --uninstall.
- tried to install with install script (both GPL and Pro) but it failed to install packages (see error-log, script warns that installation will fail on systems not listed, which is the case)
- then I followed the steps for manual installation: Downloaded &quot;webmin_1.450_all.deb&quot;, &quot;usermin_1.380_all.deb&quot;, &quot;webmin-virtual-server_3.66.gpl_all.deb&quot; and &quot;webmin-virtual-server-theme_6.7_all.deb&quot; and installed them using dpkg - went all well, system is now running as before.
- checked again permissions of procmail -&gt; 6755 (ok)

But I still get the error that setuid/setgid do not work. Do you know how I can test these functions e.g. with a small test script? If it works we can assume that the error is in the procmail-wrapper or the plugin-check...

Wed, 02/25/2009 - 11:36 (Reply to #20)
schnurzelpurz1

Attachement didn't work. But I can send error-log by mail or post it directly if necessary.

Wed, 02/25/2009 - 17:54 (Reply to #21)
andreychek

That's okay, I wouldn't expect the installation log to show anything that'd help in this case, since it can't complete properly on Lenny.

Now, why you're still getting the error about procmail is a bit of a mystery to me.

I'll talk to Jamie to see if he has an idea as to what might be triggering the error you're seeing.
-Eric

Wed, 02/25/2009 - 22:03 (Reply to #22)
Joe
Joe's picture

One thing you should check is if Postfix is configured with the correct path to procmail. Try running the following command, and posting the output here :

[code:1]grep mailbox_command /etc/postfix/main.cf[/code:1]

It should be something like :

[code:1]mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME[/code:1]

--

Check out the forum guidelines!

Wed, 02/25/2009 - 22:04 (Reply to #23)
schnurzelpurz1

Hi Eric

I see the only way to resolve the problem by having a look at save_newfeature.cgi which performs the validation (feature_check?) of all features. But I'm too less experienced in pearl programming to reverse-ingeneer it on my own...

Wed, 02/25/2009 - 22:40 (Reply to #24)
schnurzelpurz1

Hi Jamie

Yes, that was it! Thank you very much!

Wed, 12/17/2008 - 05:07
thedavis

I did the chmod and the problem was fixed.

Thanks a lot ;)

Sun, 03/01/2009 - 04:37
goolem

Hi

I have the same Problem but i view at Jamies post follow line.
<div class='quote'>mailbox_command = /usr/bin/procmail -a &quot;$EXTENSION&quot;</div>

on my system i got following
<div class='quote'>mailbox_command = procmail -a &quot;$EXTENSION&quot;</div>

so i add the path manual. and now it works.

Wed, 09/30/2009 - 08:02
geevpc

BTW - Love the software!

My /etc/postfix/main.cf reads like this

mailbox_command = /usr/bin/procmail -a "$EXTENSION"

I too were getting the

Failed to save enabled features : The procmail command procmail has 0 permissions, when it should be setuid and setgid to root. Email may not be properly delivered or checked for spam.

error.

To fix my version of this issue i did the following
Change procmail to root from mail group;
--Run from terminal--

root@pluto:~# chgrp root /usr/bin/procmail
root@pluto:~# ls -l /usr/bin/procmail
-rwxr-xr-x 1 root root 72316 2007-03-28 04:35 /usr/bin/procmail

Next step change to setuid as requested run the following command

root@pluto:~# chmod ug+s /usr/bin/procmail
root@pluto:~# ls -l /usr/bin/procmail
-rwSr-sr-x 1 root root 72316 2007-03-28 04:35 /usr/bin/procmail

note the inclusion of the S's { -rwSr-sr-x }
Now re-run the re-check config and you should not get this error again.

Hope this helps someone and I thought I would share my experince on this issue so next time I go to re-install virtualmin and get this error again, I will know were to come and find the solution for it...

Thanks again for such great software!