• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Forwarded to devs Qmail / dovecot failure with qmail-sendmail-wrapper

mborsig

New Pleskian
TITLE:
Qmail / dovecot failure with qmail-sendmail-wrapper
PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE:
Plesk Onyx Version 17.8.11 Update #19
CentOS Linux 7.5.1804 (Core)‬
Virtuozzo container
PROBLEM DESCRIPTION:
If a sieve rule to forward incoming mails to external adresses exists for a local mailadress on plesk server, any incoming mail is forwarded, but stays in queue and will be again forwarded during each queue run.

The following message occurs in /var/log/maillog:
Aug 28 02:30:53 mailserver dovecot: service=lda, [email protected], ip=[]. Error: sieve: msgid=<trinity-d6494239-8a9e-4b2f-8707-1f1a4b8e9a06-1535403770111@sender-server-01>: failed to redirect message to <[email protected]>: Failed to execute sendmail (temporary failure)
Aug 28 02:30:53 mailserver dovecot: service=lda, [email protected], ip=[]. Error: sieve: Execution of script /var/qmail/mailnames/localmail.com/user/.dovecot.sieve was aborted due to temporary failure (user logfile /var/qmail/mailnames/localmail.com/user/.dovecot.sieve.log may reveal additional details)


This message occures shortly (~20 sec) after the mail has been received and successfully forwarded and again after every new forward. The dovecot.sieve.log contains the same error again.

All permissions on /var/qmail/bin/sendmail and /usr/lib64/plesk-9.0/qmail-sendmail-wrapper are correct.

Checking the /usr/lib64/plesk-9.0/qmail-sendmail-wrapper during execution via strace shows the following:
wait4(35863, strace: Process 35863 attached
<unfinished ...>
[pid 35863] set_robust_list(0x7f8ce4fdeb60, 24) = 0
[pid 35863] open("/usr/local/psa/handlers/spool/messagexvekTI", O_RDONLY) = 3
[pid 35863] open("/etc/group", O_RDONLY|O_CLOEXEC) = 5
[pid 35863] fstat(5, {st_dev=makedev(253, 0), st_ino=18469713, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=8,
st_size=992, st_atime=2018/09/02-10:30:02.014804356, st_mtime=2018/08/31-10:27:56.924025188, st_ctime=2018/08/31-10:27:56.925025188}) = 0
[pid 35863] mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8ce4ff6000
[pid 35863] read(5, "root:x:0:\nbin:x:1:popuser\ndaemon"..., 4096) = 992
[pid 35863] close(5) = 0
[pid 35863] munmap(0x7f8ce4ff6000, 4096) = 0
[pid 35863] setgid(2520) = -1 EPERM (Operation not permitted)


This results in an error in /var/log/maillog:
wait4(9145, plesk sendmail[9145]: Failed to change gid (1): Operation not permitted
plesk sendmail[9146]: my_popen(): execve(/var/qmail/bin/sendmail) failed: Permission denied [13]
plesk sendmail[9146]: Unable to execute MTA
plesk sendmail[9145]: sendmail unsuccessfully finished with exitcode 70
STEPS TO REPRODUCE:
(1) Create a sieve rule for a local mailaddress to forward incoming mails only (for instance all mails containing a "A" in the subject")
(2) send mail to local mailaddress and watch the execution of the sieve rule
(3) check that mail arrives at forward recipient and that it's still in local mailqueue (/var/qmail/bin/qmail-qread)​
ACTUAL RESULT:
(1) Mail is forwarded but stays in local mail queue which will result in a new forwarded during each queue run
(2) sendmail wrapper can't change his GID and produces errors when a sieve rule is in place​
EXPECTED RESULT:
(1) Sieve rule is executed one time and mail is forwarded one time only
(2) no errors from sendmail wrapper​
ANY ADDITIONAL INFORMATION:
All permissions on files have been checked, they are correct. All users and groups are correctly installed.
YOUR EXPECTATIONS FROM PLESK SERVICE TEAM:
Confirm bug
 
Thank you for report.
Bug PPPM-9240 is confirmed and submitted.
 
Back
Top