Email filter, permission denied

bear

Well-Known Member
Sep 24, 2002
129
4
168
cPanel Access Level
Root Administrator
Testing email filters causes an error:
Code:
LOG: MAIN PANIC DIE
  failed to expand "${lookup{$interface_address}lsearch{/etc/mail_reverse_dns}{$value}{$primary_hostname}}" (smtp_active_hostname): failed to open /etc/mail_reverse_dns for linear search: Permission denied (euid=501 egid=501)
This server is set up to use the dedicated IP for each account as the mail sender, and the IPs are set up in both "/etc/mail_reverse_dns" and "/etc/mailips", with both files agreeing. Permissions are 640 on these, owned by root:mail. The only way to get a filter test to work is to set the permissions to 666 on "mail_reverse_dns" (support folks at the company I have this VPS suggested this), and it's the only thing currently working. It's likely the next Cpanel update (daily) will see that and edit, so no long term fix.
Any suggestions here would be appreciated.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,205
363
Hello,

Could you post the output of /etc/exim.conf.local on your system? It's possible this is related to internal case number 148377, but I'd like to see that output before making that determination.

Thank you.
 

bear

Well-Known Member
Sep 24, 2002
129
4
168
cPanel Access Level
Root Administrator
Thanks, Michael. Here it is:
Code:
@[email protected]

@[email protected]

@[email protected]
queue_only_override = false
message_logs = false
smtp_banner = "${smtp_active_hostname} ESMTP Exim ${version_number}  \#${compile_number} ${tod_full} \n   We do not authorize the use of this system to transport unsolicited, \n   and/or bulk e-mail."
smtp_active_hostname = ${lookup{$interface_address}lsearch{/etc/mail_reverse_dns}{$value}{$primary_hostname}}
message_id_header_domain = $smtp_active_hostname

@[email protected]

@[email protected]

@[email protected]

@[email protected]

@[email protected]

@[email protected]

@[email protected]

@[email protected]

@[email protected]

@[email protected]

@[email protected]

@[email protected]

@[email protected]

@[email protected]

@[email protected]

@[email protected]

@[email protected]

@[email protected]

@[email protected]

@[email protected]

@[email protected]

@[email protected]
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,205
363
Hello,

Internal case number 148377 is open to address an issue where the cPanel UI mail filter rule test will fail due to a permissions error when /etc/mail_reverse_dns is referenced in a custom Exim configuration. There's currently no time frame on a resolution, but I've attached a a temporary patch you can use until that time. The supplied patch can be applied via the /scripts/postupcp hook using commands such as:

Code:
mv /root/updateuserdomains.txt /root/updateuserdomains.patch
vi /scripts/postupcp
Ensure the postupcp file has the following lines:

Code:
#!/bin/bash
patch -N -p 0 -r - < /root/updateuserdomains.patch
Thank you.
 

Attachments

bear

Well-Known Member
Sep 24, 2002
129
4
168
cPanel Access Level
Root Administrator
Thanks, Michael.
I see the txt file doesn't current exist on the server, so this would just be a straight edit of creating the .patch file that's being called, is that right? I see that will set perms on the file in question (mail_reverse_dns) to 644, but at 644 it was still erroring out. It was only when that was assigned 666 it worked.
Am I missing something in that which allows that to work with less permission granted?
 

bear

Well-Known Member
Sep 24, 2002
129
4
168
cPanel Access Level
Root Administrator
Update: Added the file "/root/updateuserdomains.patch" with the contents in the attached text doc (root:root and 644), then added the lines to postupcp just before upcp ran. It completed, showed it ran postupcp, no change to the issue or file perms (still 640 on that file).
Wondering where I'd gone wrong.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,205
363
Hello,

The /scripts/updateuserdomains file has changed since that patch was first developed. Try using the following contents in that patch file to see if it makes a difference:

Code:
--- /usr/local/cpanel/scripts/updateuserdomains.orig    2014-12-20 08:32:37.799997831 -0600
+++ /usr/local/cpanel/scripts/updateuserdomains    2014-12-20 08:34:00.476999244 -0600
@@ -65,10 +65,11 @@
my $force              = 0;
my $exim_dbmbuild;
my %permissions_list = (
-    '/etc/remotedomains'   => 0644,    # case 169545: must be readable for autodiscovery exemption
-    '/etc/relayhosts'      => 0644,
-    '/etc/relayhostsusers' => 0644,
-    '/etc/trueuserowners'  => 0644,
-    'default'              => 0640,
+    '/etc/mail_reverse_dns' => 0644,
+    '/etc/remotedomains'   => 0644,    # case 169545: must be readable for autodiscovery exemption
+    '/etc/relayhosts'       => 0644,
+    '/etc/relayhostsusers'  => 0644,
+    '/etc/trueuserowners'   => 0644,
+    'default'               => 0640,
);
if (@ARGV) {
You can run "/scripts/updateuserdomains" after running "/scripts/postupcp" to verify it corrects the permissions.

Thank you.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,205
363
It's working well on a test server, so it could be how you are pasting the data. Are you copying it from the text file on a Windows machine? Or, are you pasting it from the CODE output through an editor such as VIM?

Thank you.
 

bear

Well-Known Member
Sep 24, 2002
129
4
168
cPanel Access Level
Root Administrator
On Windows, but copied from this post above (no text file for the new version) and pasted directly into nano. I'm going to stick it into a good text editor first, see if anything weird is in it and copy from there.

[edit]
Nothing showed, still hates it.
 

bear

Well-Known Member
Sep 24, 2002
129
4
168
cPanel Access Level
Root Administrator
Manually edited the previous text file to have the new lines, and copied from that. Different error now, so it looks like something to do with the forum and copying. Any chance you could stick that in a text file?

This is the new error:
Code:
patching file /usr/local/cpanel/scripts/updateuserdomains
Hunk #1 FAILED at 65.
1 out of 1 hunk FAILED -- saving rejects to file -
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,205
363
This issue is addressed in cPanel version 11.50 with the removal of the /etc/mail_reverse_dns entry. As it's addressed in 11.50, you could simply manually update the /scripts/updateuserdomains file in the meantime if the patch is not working.

EX:

Code:
vi /scripts/updateuserdomains
Add this entry below "'/etc/trueuserowners' => 0644,"

Code:
'/etc/mail_reverse_dns' => 0644,
Or, setup a temporary cron job that updates the permissions of /etc/mail_reverse_dns on a regular basis until you have updated to cPanel version 11.50.

Thank you.