The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Email filter, permission denied

Discussion in 'E-mail Discussions' started by bear, Apr 21, 2015.

  1. bear

    bear Well-Known Member

    Joined:
    Sep 24, 2002
    Messages:
    113
    Likes Received:
    1
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Testing email filters causes an error:
    Code:
    LOG: MAIN PANIC DIE
      failed to expand "${lookup{$interface_address}lsearch{/etc/mail_reverse_dns}{$value}{$primary_hostname}}" (smtp_active_hostname): failed to open /etc/mail_reverse_dns for linear search: Permission denied (euid=501 egid=501)
    This server is set up to use the dedicated IP for each account as the mail sender, and the IPs are set up in both "/etc/mail_reverse_dns" and "/etc/mailips", with both files agreeing. Permissions are 640 on these, owned by root:mail. The only way to get a filter test to work is to set the permissions to 666 on "mail_reverse_dns" (support folks at the company I have this VPS suggested this), and it's the only thing currently working. It's likely the next Cpanel update (daily) will see that and edit, so no long term fix.
    Any suggestions here would be appreciated.
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    653
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    Could you post the output of /etc/exim.conf.local on your system? It's possible this is related to internal case number 148377, but I'd like to see that output before making that determination.

    Thank you.
     
  3. bear

    bear Well-Known Member

    Joined:
    Sep 24, 2002
    Messages:
    113
    Likes Received:
    1
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Thanks, Michael. Here it is:
    Code:
    @AUTH@
    
    @BEGINACL@
    
    @CONFIG@
    queue_only_override = false
    message_logs = false
    smtp_banner = "${smtp_active_hostname} ESMTP Exim ${version_number}  \#${compile_number} ${tod_full} \n   We do not authorize the use of this system to transport unsolicited, \n   and/or bulk e-mail."
    smtp_active_hostname = ${lookup{$interface_address}lsearch{/etc/mail_reverse_dns}{$value}{$primary_hostname}}
    message_id_header_domain = $smtp_active_hostname
    
    @DIRECTOREND@
    
    @DIRECTORMIDDLE@
    
    @DIRECTORSTART@
    
    @ENDACL@
    
    @POSTMAILCOUNT@
    
    @PREDOTFORWARD@
    
    @PREFILTER@
    
    @PRELOCALUSER@
    
    @PRENOALIASDISCARD@
    
    @PREROUTERS@
    
    @PREVALIASNOSTAR@
    
    @PREVALIASSTAR@
    
    @PREVIRTUALUSER@
    
    @RETRYEND@
    
    @RETRYSTART@
    
    @REWRITE@
    
    @ROUTEREND@
    
    @ROUTERMIDDLE@
    
    @ROUTERSTART@
    
    @TRANSPORTEND@
    
    @TRANSPORTMIDDLE@
    
    @TRANSPORTSTART@
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    653
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    Internal case number 148377 is open to address an issue where the cPanel UI mail filter rule test will fail due to a permissions error when /etc/mail_reverse_dns is referenced in a custom Exim configuration. There's currently no time frame on a resolution, but I've attached a a temporary patch you can use until that time. The supplied patch can be applied via the /scripts/postupcp hook using commands such as:

    Code:
    mv /root/updateuserdomains.txt /root/updateuserdomains.patch
    vi /scripts/postupcp
    Ensure the postupcp file has the following lines:

    Code:
    #!/bin/bash
    patch -N -p 0 -r - < /root/updateuserdomains.patch
    Thank you.
     

    Attached Files:

  5. bear

    bear Well-Known Member

    Joined:
    Sep 24, 2002
    Messages:
    113
    Likes Received:
    1
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Thanks, Michael.
    I see the txt file doesn't current exist on the server, so this would just be a straight edit of creating the .patch file that's being called, is that right? I see that will set perms on the file in question (mail_reverse_dns) to 644, but at 644 it was still erroring out. It was only when that was assigned 666 it worked.
    Am I missing something in that which allows that to work with less permission granted?
     
  6. bear

    bear Well-Known Member

    Joined:
    Sep 24, 2002
    Messages:
    113
    Likes Received:
    1
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Update: Added the file "/root/updateuserdomains.patch" with the contents in the attached text doc (root:root and 644), then added the lines to postupcp just before upcp ran. It completed, showed it ran postupcp, no change to the issue or file perms (still 640 on that file).
    Wondering where I'd gone wrong.
     
  7. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    653
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    The /scripts/updateuserdomains file has changed since that patch was first developed. Try using the following contents in that patch file to see if it makes a difference:

    Code:
    --- /usr/local/cpanel/scripts/updateuserdomains.orig    2014-12-20 08:32:37.799997831 -0600
    +++ /usr/local/cpanel/scripts/updateuserdomains    2014-12-20 08:34:00.476999244 -0600
    @@ -65,10 +65,11 @@
    my $force              = 0;
    my $exim_dbmbuild;
    my %permissions_list = (
    -    '/etc/remotedomains'   => 0644,    # case 169545: must be readable for autodiscovery exemption
    -    '/etc/relayhosts'      => 0644,
    -    '/etc/relayhostsusers' => 0644,
    -    '/etc/trueuserowners'  => 0644,
    -    'default'              => 0640,
    +    '/etc/mail_reverse_dns' => 0644,
    +    '/etc/remotedomains'   => 0644,    # case 169545: must be readable for autodiscovery exemption
    +    '/etc/relayhosts'       => 0644,
    +    '/etc/relayhostsusers'  => 0644,
    +    '/etc/trueuserowners'   => 0644,
    +    'default'               => 0640,
    );
    if (@ARGV) {
    You can run "/scripts/updateuserdomains" after running "/scripts/postupcp" to verify it corrects the permissions.

    Thank you.
     
  8. bear

    bear Well-Known Member

    Joined:
    Sep 24, 2002
    Messages:
    113
    Likes Received:
    1
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    No joy, I'm afraid.
    Code:
    patch: **** malformed patch at line 4: my $force  = 0;
     
  9. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    653
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    It's working well on a test server, so it could be how you are pasting the data. Are you copying it from the text file on a Windows machine? Or, are you pasting it from the CODE output through an editor such as VIM?

    Thank you.
     
  10. bear

    bear Well-Known Member

    Joined:
    Sep 24, 2002
    Messages:
    113
    Likes Received:
    1
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    On Windows, but copied from this post above (no text file for the new version) and pasted directly into nano. I'm going to stick it into a good text editor first, see if anything weird is in it and copy from there.

    [edit]
    Nothing showed, still hates it.
     
  11. bear

    bear Well-Known Member

    Joined:
    Sep 24, 2002
    Messages:
    113
    Likes Received:
    1
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Manually edited the previous text file to have the new lines, and copied from that. Different error now, so it looks like something to do with the forum and copying. Any chance you could stick that in a text file?

    This is the new error:
    Code:
    patching file /usr/local/cpanel/scripts/updateuserdomains
    Hunk #1 FAILED at 65.
    1 out of 1 hunk FAILED -- saving rejects to file -
     
  12. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    653
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  13. bear

    bear Well-Known Member

    Joined:
    Sep 24, 2002
    Messages:
    113
    Likes Received:
    1
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    CENTOS 5.11 i686 virtuozzo
    WHM 11.48.3 (build 0)
     
  14. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    653
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    This issue is addressed in cPanel version 11.50 with the removal of the /etc/mail_reverse_dns entry. As it's addressed in 11.50, you could simply manually update the /scripts/updateuserdomains file in the meantime if the patch is not working.

    EX:

    Code:
    vi /scripts/updateuserdomains
    Add this entry below "'/etc/trueuserowners' => 0644,"

    Code:
    '/etc/mail_reverse_dns' => 0644,
    Or, setup a temporary cron job that updates the permissions of /etc/mail_reverse_dns on a regular basis until you have updated to cPanel version 11.50.

    Thank you.
     
Loading...

Share This Page