The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Jailed shell issues with email piping

Discussion in 'General Discussion' started by jndawson, Jul 21, 2016.

Tags:
  1. jndawson

    jndawson Well-Known Member

    Joined:
    Aug 27, 2014
    Messages:
    103
    Likes Received:
    4
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Hello,

    As of roughly about the time our auto cPanel updates completed (now on v.58.0.7), our piped email to our whmcs system (latest v.6.3.1) started failing.
    Code:
    [ root@cp1 ~># grep 1bQGs2-0002l7-QL /var/log/exim_mainlog
    2016-07-21 09:30:47 1bQGs2-0002l7-QL <= customer@customer.tld H=c-customer-network ([10.0.0.3]) [123.45.678.90]:16679 P=esmtpsa X=TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no A=dovecot_plain:customer@customer.tld S=4406 id=13eea871-4183-1ab0-d0d5-97264ab71198@customer.tld T="testing" for support@ourcompany.tld
    2016-07-21 09:30:47 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1bQGs2-0002l7-QL
    2016-07-21 09:30:47 1bQGs2-0002l7-QL => support <support@ourcompany.tld> R=virtual_user T=dovecot_virtual_delivery C="250 2.0.0 <support@ourcompany.tld> wcF+BLf4kFdsKQAAjl7P1g Saved"
    2016-07-21 09:30:52 1bQGs2-0002l7-QL ** |/home/us/whmcs_crons/pipe.php (support@ourcompany.tld) <support@ourcompany.tld> R=virtual_aliases_nostar T=jailed_virtual_address_pipe: Child process of jailed_virtual_address_pipe transport returned 1 from command: /usr/local/cpanel/bin/jailexec
    2016-07-21 09:30:52 cwd=/var/spool/exim 7 args: /usr/sbin/exim -t -oem -oi -f <> -E1bQGs2-0002l7-QL
    2016-07-21 09:30:52 1bQGs8-0002lM-8A <= <> R=1bQGs2-0002l7-QL U=mailnull P=local S=5907 T="Mail delivery failed: returning message to sender" for customer@customer.tld
    2016-07-21 09:30:52 1bQGs2-0002l7-QL Completed
    
    here's the forwarder in cPanel:
    Code:
    support@ourcompany.tld |/home/us/whmcs_crons/pipe.php
    
    Note the missing 'php -q'. Re-adding it does nothing; it disappears.

    We ran the script (actually the 'cron' script, since that didn't run either) at cli and it ran properly.

    Did the cPanel update change something that is now horribly broken?

    thanks,
    Jim Dawson
     
    #1 jndawson, Jul 21, 2016
    Last edited: Jul 21, 2016
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    648
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    The following information found under the email piping option explains the omission of /usr/bin/perl or /usr/bin/php portion is by design. It relies on the target at the top of the script:

    As far as the error message itself, please let us know if the following WHMCS document is helpful:

    http://docs.whmcs.com/Email_Piping#Email_Forwarder_Method

    Please post the output from the following commands if the issue persists after reviewing the steps listed in that document:

    Code:
    cat /etc/redhat-release
    arch
    uname -a
    /usr/local/cpanel/bin/envtype
    I've seen limited reports of this issue with CentOS 7.2 on Virtuozzo and OpenVZ systems, however it's not yet reproducible.

    Thank you.
     
  3. jndawson

    jndawson Well-Known Member

    Joined:
    Aug 27, 2014
    Messages:
    103
    Likes Received:
    4
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Permissions changed to 644 (which we didn't catch); changing to 755 worked.

    Keep in mind we were not trying to do something different. These are pipes that were running just fine for months with no attention needed.

    For reference, here is the info you requested:
    Code:
    [ root@cp1 ~># cat /etc/redhat-release
    CentOS release 6.8 (Final)
    [ Thu Jul 21 13:18:52 ]
    [ root@cp1 ~># arch
    x86_64
    [ Thu Jul 21 13:18:52 ]
    [ root@cp1 ~># uname -a
    Linux cp1.ourcompany.tld 2.6.32-642.1.1.el6.x86_64 #1 SMP Tue May 31 21:57:07 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
    [ Thu Jul 21 13:18:52 ]
    [ root@cp1 ~># /usr/local/cpanel/bin/envtype
    vmware
    
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    648
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    I've not seen a recent change in the executable requirement for email piping scripts. Were you able to track down when and why the file permissions changed?

    Thank you.
     
  5. jndawson

    jndawson Well-Known Member

    Joined:
    Aug 27, 2014
    Messages:
    103
    Likes Received:
    4
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Neither have I.
    Everything was working just fine, including piping email to our ticketing system on July 20. Last imported ticket was roughly about the time the nightly cPanel update, which installed 58.0.5/.6/& .7, was completed morning of the 21st.
     
  6. twhiting9275

    twhiting9275 Well-Known Member

    Joined:
    Sep 26, 2002
    Messages:
    538
    Likes Received:
    15
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Twitter:
    Piping will always require 7xx permissions when done through cPanel, because cPanel seems to want to (incorrectly) remove the PHP argument from the forwarder, so, your script has to be treated as an executable script. It's been this way for years now.
     
  7. jndawson

    jndawson Well-Known Member

    Joined:
    Aug 27, 2014
    Messages:
    103
    Likes Received:
    4
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    I don't know about 'years', but we presently have 2 whmcs installations on different cPanel servers (both at v.58.0.7) and the one running whmcs v.5.8.14 has perms 0644 & the PHP argument 'php -q' must be there or the pipe doesn't work. We double checked that while troubleshooting the newly upgraded v.6.3.1 server that had the piping issues.
     
  8. twhiting9275

    twhiting9275 Well-Known Member

    Joined:
    Sep 26, 2002
    Messages:
    538
    Likes Received:
    15
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Twitter:
    These were probably setup before the cron changes were made. I really can't recall exactly how long it's been, but it's been quite a while since that change
     
  9. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    648
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    The following document was recently changed to reflect updated information about email piping:

    Forwarders - Documentation - cPanel Documentation

    However, we do have a case open regarding the following text under the piping option in "cPanel > Forwarders":

    This suggests that if no hashbang is present in the provided program, a prompt will be displayed to add the hashbang automatically. This prompt is never provided, nor is the proper hashbang added to the program. Case CPANEL-7562 is open to ensure the prompt is displayed as suggested by the cPanel interface output, or to remove that statement and require that the user add it manually. I'll update this thread with more information on the status of the case as it becomes available.

    Thank you.
     
  10. jndawson

    jndawson Well-Known Member

    Joined:
    Aug 27, 2014
    Messages:
    103
    Likes Received:
    4
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Actually, no. I set them up in May when I installed a new copy of WHMCS on a cpanel server that previously had no WHMCS installation. They worked fine.
     
  11. twhiting9275

    twhiting9275 Well-Known Member

    Joined:
    Sep 26, 2002
    Messages:
    538
    Likes Received:
    15
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Twitter:
    huh, ok. I've seen this as behavior in cPanel for years now.
     
  12. jndawson

    jndawson Well-Known Member

    Joined:
    Aug 27, 2014
    Messages:
    103
    Likes Received:
    4
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Update to close the loop on this:

    The incoming email from our vendor had a message boundary error (Content-Type: application/application/json) which they corrected (Content-Type: application/json). Apparently the import script doesn't do error checking. Attachments from them are now being properly imported.

    Thanks for the assistance.
     
  13. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    648
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  14. swbrains

    swbrains Active Member

    Joined:
    Sep 13, 2006
    Messages:
    38
    Likes Received:
    2
    Trophy Points:
    8
    I have come across this issue recently as well. I have a Perl script on my dedicated server under a specific account that I use to process incoming mail to a specific forwarder address. The account has jailed shell (and has as long as I can remember). The script was set as the pipe target for a forwarder and had worked for quite a while. I deleted and recreated the forwarder yesterday and now email sent to that script does not get processed. The Track Delivery app in cPanel shows this error for messages sent to that forwarder:

    "Child process of jailed_virtual_address_pipe transport returned 2 from command: /usr/local/cpanel/bin/jailexec"

    After a number of tests including removing all code except for a few lines from the script, I narrowed down the problem a bit. I created a new test script that does nothing but this:
    Code:
    #!/usr/bin/perl
    
    require "myincludefile.pl";
    
    open (DEBUGLOG, ">/home/myaccount/public_html/cgi-bin/pipemailtest.log");
    print DEBUGLOG "script has run";
    close DEBUGLOG;
    
    exit;
    
    The script is located in the cgi-bin directory for this account -- the same location as the "myincludefile.pl". In this state, sending mail to the forwarded address with the pipe causes the jailexec error above.
    If I change the require statement to include the full path, such as:

    Code:
    require "/home/myaccount/public_html/cgi-bin/myincludefile.pl";

    then it works fine when I send an email to the forwarded address and the debug log file is created. All of the other scripts I use under this account do *not* need to specify the full path for a "required" include file if it's in the same path as the parent script (which this one is). This only seems to be a problem with a script executed as a pipe target in a mail forwarder. If I execute the same script directly from the browser, it will work properly even *without* the full path specified in the require field.

    The forwarder is set up like this in cPanel:

    pipetest@myaccount.com |/home/myaccount/public_html/cgi-bin/pipemailtest.pl

    The test script (and the required "myincludefile.pl" file) have 755 permissions and work fine if the full "require" path is specified, so I don't think this is a file permission issue.

    Also, switching "myaccount" to Normal shell in WHM doesn't resolve the issue when it is has the non-working require statement (no path specified).

    Any ideas would be greatly appreciated!
    Thanks!
     
    #14 swbrains, Nov 28, 2016 at 10:06 AM
    Last edited: Nov 28, 2016 at 10:33 AM
Loading...

Share This Page