Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. exim>
  3. users
Still having problems with incoming mail being frozen....
cdaehn at pobox
Jun 20, 2002, 12:59 PM
Post #1 of 8 (1083 views)
Permalink
Every incoming message gets a log entry something like this:

+++ 17L7uE-0001jk-00 not completed +++
2002-06-20 14:47:46 17L7uE-0001jk-00 <= newsletterbot@texascooking.com
H=vader.labnet.com (vader) [205.238.148.11] P=smtp S=1176
2002-06-20 14:47:46 17L7uE-0001jk-00 Unable to get root to set uid 60003
and gid 12 for local delivery to patricia: uid=8 euid=8
2002-06-20 14:47:46 17L7uE-0001jk-00 failed to read delivery status for
patricia@texascooking.com from delivery subprocess
2002-06-20 14:47:46 17L7uE-0001jk-00 appendfile transport process
returned non-zero status 0x0100: exit code 1
2002-06-20 14:47:46 17L7uE-0001jk-00 == patricia@texascooking.com
T=virtual_local_delivery defer (-1)
2002-06-20 14:47:46 17L7uE-0001jk-00 Frozen
2002-06-20 14:49:29 17L7uE-0001jk-00 Message is frozen


For some reason, exim (or another program) keeps changing itself to
102711 on it's access flags. I originally had a crontab entry set up to
run a script
that checked (every 5 minutes) to ensure it was 106755 ... But it seems
silly to have to run such a script all the time.

in order for exim to change it's UID for every incoming message, do I
need to add *ALL* my users as trusted users or something?

Right now it reads as follows:

trusted_users = mail:root:majordomo

Funny thing is, these access flags don't affect the problem... it still
appears.
Re: Still having problems with incoming mail being frozen.... [ In reply to ]
dsh8290 at rit
Jun 20, 2002, 4:49 PM
Post #2 of 8 (1075 views)
Permalink
--
On Thu, Jun 20, 2002 at 02:59:18PM -0500, Cory Daehn wrote:
| Every incoming message gets a log entry something like this:

| 2002-06-20 14:47:46 17L7uE-0001jk-00 Unable to get root to set uid 60003
| and gid 12 for local delivery to patricia: uid=8 euid=8

| For some reason, exim (or another program) keeps changing itself to
| 102711 on it's access flags.

Another program. exim doesn't play with chmod.

| I originally had a crontab entry set up to run a script that checked
| (every 5 minutes) to ensure it was 106755 ... But it seems silly to
| have to run such a script all the time.

After correcting the permissions on exim, run
chattr +i exim
and then see which other program breaks. It's that other program that
keeps breaking exim on you.

| in order for exim to change it's UID for every incoming message, do I
| need to add *ALL* my users as trusted users or something?

No. trusted_users has _nothing_ to do with setuid(). setuid() is a
function in the C library and it is up to the kernel whether or not it
will fail.

-D

--

The remote desktop feature of Windows XP is really nice (and *novel*!).
As a Microsoft consultant can *remotely* disable the personal firewall
and control the system. We'll ignore the fact that this tampering with
the firewall is not logged, and more importantly, that the firewall
isn't restored when the clowns from Redmond are done with their job.
-- bugtraq

http://dman.ddts.net/~dman/

--
[ Content of type application/pgp-signature deleted ]
--
Re: Still having problems with incoming mail being frozen.... [ In reply to ]
mb at dcs
Jun 21, 2002, 1:50 AM
Post #3 of 8 (1071 views)
Permalink
On Jun 20 Cory Daehn wrote:

>For some reason, exim (or another program) keeps changing itself to
>102711 on it's access flags. I originally had a crontab entry set up to
>run a script
>that checked (every 5 minutes) to ensure it was 106755 ... But it seems
>silly to have to run such a script all the time.

Are you running a Linux distribution but with your own hand-built exim?
Some distributions helpfully remove suid bits from files that aren't
"registered", eg with Debian I think it's "suidregister", as part of a
cron job.

HTH,

Matt
RE: Still having problems with incoming mail being frozen.... [ In reply to ]
cdaehn at pobox
Jun 21, 2002, 3:11 AM
Post #4 of 8 (1075 views)
Permalink
> -----Original Message-----
> From: mb@dcs.qmul.ac.uk [mailto:mb@dcs.qmul.ac.uk]
> Sent: Friday, June 21, 2002 3:51 AM
> To: Cory Daehn
> Subject: Re: [Exim] Still having problems with incoming mail being
frozen....
>
> Are you running a Linux distribution but with your own
> hand-built exim?
> Some distributions helpfully remove suid bits from files that aren't
> "registered", eg with Debian I think it's "suidregister", as
> part of a cron job.

Actually, it's a compiled srpm (Mandrake was originally a clone of
Redhat 5 but they've removed more & more of it as time has gone by)

I discovered the problem about 2 hours after I fired off that message.
(a 'grep "/usr/sbin/exim" *' in "/var/log" works wonders.) Mandrake
(8.0 and higher) comes with a nasty little script as part of it's
security protocols called msec ... msec by default runs EVERY HOUR (of
all the stupid things) and notices that /usr/sbin/exim has SUID & SGID
bits set from the last time and promplty gelds it.

I've removed the msec package... it's more of an annoyance than a
helpful program after it's been run the first time. especially on a
system that doesn't have casual users other than mail users, and they're
only allowed to check their mail.

It also comes with another annoying program as part of its security
package called Bastille (go figure, french folk calling their security
package Bastille) It's actually half intelligent... recommended the
same stuff I would (turning off telnet in favor of ssh same for ftp in
favor of scp) and completely disabling Apache (a bad thing on my system
since we have a web mail program.)

Just thought I'd send an update.
RE: Still having problems with incoming mail being frozen.... [ In reply to ]
cdaehn at pobox
Jun 24, 2002, 2:35 PM
Post #5 of 8 (1072 views)
Permalink
msec is a mandrake thing. go to your /var/log directory and type grep
"/usr/sbin/exim" *|less and see where it's checking the flags. Most
likely that's what's causing the problem.

of course, that assumes exim is in /usr/sbin ;-)

The only other solution I could find was creating this script and
inserting it into a crontab to run hourly:

#/bin/bash
#
# Checks the rights on exim and replaces them if SGID or SUID are
removed and runs
# a forced queue run if the rights were changed to remove the frozen
messages.
#
if [ ! -u /usr/sbin/exim ] ; then
/bin/chmod -f 6755 /usr/sbin/exim
exim -qff
elif [ ! -g /usr/sbin/exim ]; then
/bin/chmod -f 6755 /usr/sbin/exim
exim -qff
fi

exit 0
# --eof--

My only question is, how often should we run tidydb and should we add
the -f flag to it or not? If not, when do we add the -f flag?


> -----Original Message-----
> From: exim-users-admin@exim.org
> [mailto:exim-users-admin@exim.org] On Behalf Of Rice, MA Mark (6750)
> Sent: Monday, June 24, 2002 4:19 PM
> To: exim-users@exim.org
> Subject: RE: [Exim] Still having problems with incoming mail
> being frozen....
>
> Thank you for posting your find.
> I'm getting similar "Unable to get root to set uid..."
> messages, but I'm running a Caldera Systems Linux 2.2.
Re: Still having problems with incoming mail being frozen.... [ In reply to ]
marc_news at vasoftware
Jun 25, 2002, 9:46 PM
Post #6 of 8 (1073 views)
Permalink
On Fri, Jun 21, 2002 at 09:50:46AM +0100, mb@dcs.qmul.ac.uk wrote:
> Are you running a Linux distribution but with your own hand-built exim?
> Some distributions helpfully remove suid bits from files that aren't
> "registered", eg with Debian I think it's "suidregister", as part of a
> cron job.

Just for info, suidregister on debian lets you change suid permissions on
packaged files so that you can change a permission, and when you upgrade the
package, the permission is maintained.

suidregister will not change permissions of random files that aren't part of
debian packages

Marc
--
Microsoft is to operating systems & security ....
.... what McDonalds is to gourmet cooking

Home page: http://marc.merlins.org/ | Finger marc_f@merlins.org for PGP key
Re: Still having problems with incoming mail being frozen.... [ In reply to ]
ice at extreme
Jun 26, 2002, 1:26 PM
Post #7 of 8 (1071 views)
Permalink
On Tue, 25 Jun 2002, Marc MERLIN wrote:

> Just for info, suidregister on debian lets you change suid permissions on
> packaged files so that you can change a permission, and when you upgrade the
> package, the permission is maintained.
>
> suidregister will not change permissions of random files that aren't part of
> debian packages

suidregister changes what you tell it to change (and maintain). too
bad it's obsoleted by dpkg-statoverrides or what the hell. i'm still
using it anyway ;)


--
[-]
Re: Still having problems with incoming mail being frozen.... [ In reply to ]
ice at extreme
Jun 26, 2002, 1:29 PM
Post #8 of 8 (1071 views)
Permalink
On Wed, 26 Jun 2002, Tamas TEVESZ wrote:

> suidregister changes what you tell it to change (and maintain). too

i mean of course that the file in question does not _have_ to be part
of any package or somesuch.

--
[-]

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal