Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Email Problem: failed to open /etc/vfilters/

Discussion in 'E-mail Discussions' started by antispam, Jan 9, 2013.

  1. antispam

    antispam Member

    Nov 26, 2012
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    Root Administrator
    I've searched the Forum (Google also) but found no relevant info.

    Suddenly, today, our server (CENTOS 6.3 x86_64 standard – WHM 11.34.1 (build 6))
    stopped receiving e-mail messages.

    On /var/log/exim_mainlog I found thousands of entries like:
    R=central_filter defer (-1): failed to open /etc/vfilters/ Permission denied (euid=558 egid=557)
    (for all domain names hosted on the server).

    In /etc/vfilters, files were 640 (on access permission), owned by the appropriate user and the group was "mail". It seems normal.

    However, the /etc/vfilters folder was owned by a reseller (e.g. reseller3), the group was "mail" and permissions were 640 (rw for owner, read for group, no access for others).

    The same happened with valiases, vdomainaliases.
    ls -ld /etc/v*
    drw-r----- 2 reseller3 mail 12K Jan 9 11:41 valiases
    drw-r----- 2 reseller3 mail 12K Jan 9 11:41 vdomainaliases
    drw-r----- 2 reseller3 mail 12K Jan 9 17:59 vfilters

    After changing permissions to 755, the errors have been eliminated and the mail messages are delivered normally.
    ls -ld /etc/v*
    drwxr-xr-x 2 reseller3 mail ****12K Jan ****9 11:41 valiases
    drwxr-xr-x 2 reseller3 mail ****12K Jan ****9 11:41 vdomainaliases
    drwxr-xr-x 2 reseller3 mail ****12K Jan ****9 17:59 vfilters

    I have no clue how the owner was changed and why, or why the permissions missed the execute bit for the directories.

    Any ideas?
    #1 antispam, Jan 9, 2013
    Last edited: Jan 9, 2013
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Apr 11, 2011
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    Root Administrator
    Hello :)

    Is it possible that someone with root access manually modified the permissions and ownership values? You may want to check the /root/.bash_history file to see if you notice any "chown" or "chmod" commands that could have made these changes.

    Thank you.

Share This Page