TITLE:
Qmail / dovecot failure with qmail-sendmail-wrapper
PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE:Plesk Onyx Version 17.8.11 Update #19
CentOS Linux 7.5.1804 (Core)
Virtuozzo container
PROBLEM DESCRIPTION:CentOS Linux 7.5.1804 (Core)
Virtuozzo container
If a sieve rule to forward incoming mails to external adresses exists for a local mailadress on plesk server, any incoming mail is forwarded, but stays in queue and will be again forwarded during each queue run.
The following message occurs in /var/log/maillog:
Aug 28 02:30:53 mailserver dovecot: service=lda, [email protected], ip=[]. Error: sieve: msgid=<trinity-d6494239-8a9e-4b2f-8707-1f1a4b8e9a06-1535403770111@sender-server-01>: failed to redirect message to <[email protected]>: Failed to execute sendmail (temporary failure)
Aug 28 02:30:53 mailserver dovecot: service=lda, [email protected], ip=[]. Error: sieve: Execution of script /var/qmail/mailnames/localmail.com/user/.dovecot.sieve was aborted due to temporary failure (user logfile /var/qmail/mailnames/localmail.com/user/.dovecot.sieve.log may reveal additional details)
This message occures shortly (~20 sec) after the mail has been received and successfully forwarded and again after every new forward. The dovecot.sieve.log contains the same error again.
All permissions on /var/qmail/bin/sendmail and /usr/lib64/plesk-9.0/qmail-sendmail-wrapper are correct.
Checking the /usr/lib64/plesk-9.0/qmail-sendmail-wrapper during execution via strace shows the following:
wait4(35863, strace: Process 35863 attached
<unfinished ...>
[pid 35863] set_robust_list(0x7f8ce4fdeb60, 24) = 0
[pid 35863] open("/usr/local/psa/handlers/spool/messagexvekTI", O_RDONLY) = 3
[pid 35863] open("/etc/group", O_RDONLY|O_CLOEXEC) = 5
[pid 35863] fstat(5, {st_dev=makedev(253, 0), st_ino=18469713, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=8,
st_size=992, st_atime=2018/09/02-10:30:02.014804356, st_mtime=2018/08/31-10:27:56.924025188, st_ctime=2018/08/31-10:27:56.925025188}) = 0
[pid 35863] mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8ce4ff6000
[pid 35863] read(5, "root:x:0:\nbin:x:1opuser\ndaemon"..., 4096) = 992
[pid 35863] close(5) = 0
[pid 35863] munmap(0x7f8ce4ff6000, 4096) = 0
[pid 35863] setgid(2520) = -1 EPERM (Operation not permitted)
This results in an error in /var/log/maillog:
wait4(9145, plesk sendmail[9145]: Failed to change gid (1): Operation not permitted
plesk sendmail[9146]: my_popen(): execve(/var/qmail/bin/sendmail) failed: Permission denied [13]
plesk sendmail[9146]: Unable to execute MTA
plesk sendmail[9145]: sendmail unsuccessfully finished with exitcode 70
STEPS TO REPRODUCE:The following message occurs in /var/log/maillog:
Aug 28 02:30:53 mailserver dovecot: service=lda, [email protected], ip=[]. Error: sieve: msgid=<trinity-d6494239-8a9e-4b2f-8707-1f1a4b8e9a06-1535403770111@sender-server-01>: failed to redirect message to <[email protected]>: Failed to execute sendmail (temporary failure)
Aug 28 02:30:53 mailserver dovecot: service=lda, [email protected], ip=[]. Error: sieve: Execution of script /var/qmail/mailnames/localmail.com/user/.dovecot.sieve was aborted due to temporary failure (user logfile /var/qmail/mailnames/localmail.com/user/.dovecot.sieve.log may reveal additional details)
This message occures shortly (~20 sec) after the mail has been received and successfully forwarded and again after every new forward. The dovecot.sieve.log contains the same error again.
All permissions on /var/qmail/bin/sendmail and /usr/lib64/plesk-9.0/qmail-sendmail-wrapper are correct.
Checking the /usr/lib64/plesk-9.0/qmail-sendmail-wrapper during execution via strace shows the following:
wait4(35863, strace: Process 35863 attached
<unfinished ...>
[pid 35863] set_robust_list(0x7f8ce4fdeb60, 24) = 0
[pid 35863] open("/usr/local/psa/handlers/spool/messagexvekTI", O_RDONLY) = 3
[pid 35863] open("/etc/group", O_RDONLY|O_CLOEXEC) = 5
[pid 35863] fstat(5, {st_dev=makedev(253, 0), st_ino=18469713, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=8,
st_size=992, st_atime=2018/09/02-10:30:02.014804356, st_mtime=2018/08/31-10:27:56.924025188, st_ctime=2018/08/31-10:27:56.925025188}) = 0
[pid 35863] mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8ce4ff6000
[pid 35863] read(5, "root:x:0:\nbin:x:1opuser\ndaemon"..., 4096) = 992
[pid 35863] close(5) = 0
[pid 35863] munmap(0x7f8ce4ff6000, 4096) = 0
[pid 35863] setgid(2520) = -1 EPERM (Operation not permitted)
This results in an error in /var/log/maillog:
wait4(9145, plesk sendmail[9145]: Failed to change gid (1): Operation not permitted
plesk sendmail[9146]: my_popen(): execve(/var/qmail/bin/sendmail) failed: Permission denied [13]
plesk sendmail[9146]: Unable to execute MTA
plesk sendmail[9145]: sendmail unsuccessfully finished with exitcode 70
(1) Create a sieve rule for a local mailaddress to forward incoming mails only (for instance all mails containing a "A" in the subject")
(2) send mail to local mailaddress and watch the execution of the sieve rule
(3) check that mail arrives at forward recipient and that it's still in local mailqueue (/var/qmail/bin/qmail-qread)
ACTUAL RESULT:(2) send mail to local mailaddress and watch the execution of the sieve rule
(3) check that mail arrives at forward recipient and that it's still in local mailqueue (/var/qmail/bin/qmail-qread)
(1) Mail is forwarded but stays in local mail queue which will result in a new forwarded during each queue run
(2) sendmail wrapper can't change his GID and produces errors when a sieve rule is in place
EXPECTED RESULT:(2) sendmail wrapper can't change his GID and produces errors when a sieve rule is in place
(1) Sieve rule is executed one time and mail is forwarded one time only
(2) no errors from sendmail wrapper
ANY ADDITIONAL INFORMATION:(2) no errors from sendmail wrapper
All permissions on files have been checked, they are correct. All users and groups are correctly installed.
YOUR EXPECTATIONS FROM PLESK SERVICE TEAM:Confirm bug