I am trying to use an auto reply program for one of the users.
It works fine when I have user email address defined in .forward file but it gives following error when I put it in script:
Jun 28 12:25:38 localhost sendmail[5210]: s5SJPFkN005208: to="|/home/alpha/autoreply.pl", ctladdr=alpha#localhost (501/501), delay=00:00:10, xdelay=00:00:00, mailer=prog, pri=60446, dsn=5.0.0, stat=Service unavailable
Jun 28 12:25:38 localhost sendmail[5210]: s5SJPFkN005208: s5SJPckN005210: DSN: Service unavailable
Do I have have make any changes in sendmail configs (i.e. symbolic link etc)?
Thanks.
1.Have you checked problems mentioned in sendmail FAQ?
Sendmail-FAQ-3.11: Why can't my users forward their mail to a program?
2. On most linuxes sendmail uses procmail as local mailer program.
You may try to execute your script from ~/.procmailrc of the user.
The issue was /etc/smrsh did not have symbolic link for perl which can be defined as
ln -s /usr/bin/perl /etc/smrsh/perl
Related
I have a CGI script to load publications from BibBase:
#!/usr/bin/perl
use LWP::UserAgent;
my $url = 'https://bibbase.org/show?bib=http://www.example.com/pubs.bib';
my $ua = LWP::UserAgent->new;
my $can_accept = HTTP::Message::decodable;
my $response = $ua->get($url, 'Accept-Encoding' => $can_accept);
print "Content-type: text/html\n\n";
print $response->decoded_content;
(This is copied from BibBase with the exception that the URL is hard-coded.)
I have three webservers running RHEL7 and Apache 2.4 that are configured the same way by Puppet. On all three I can run the script on the command line and get the expected results:
[root#server1 cgi-bin]# ./bibbase_proxy2.cgi | head
Content-type: text/html
<img src="//bibbase.org/img/ajax-loader.gif" id="spinner" style="display: none;" alt="Loading.." />
<div id="bibbase">
<script type="text/javascript">
var bibbase = {
params: {"bib":"http://www.example.com/pubs.bib","host":"bibbase.org"},
When I try to run the script with CGI, I get three different results:
Server1
Unrecognised protocol tcp at /usr/share/perl5/LWP/Protocol/http.pm line 31.
Server2
Can't connect to bibbase.org:443 System error at /usr/share/perl5/LWP/Protocol/http.pm line 51.
Server3
No http output and the error log says AH01215: Out of memory!.
I can't find anything different between the three servers and I can't figure out why the script works fine on the command line and doesn't work when run as a CGI.
I have selinux in permissive mode and it is logging the outgoing request, so I know the script gets that far:
type=AVC msg=audit(1532465859.921:331235): avc: denied { name_connect } for pid=161178 comm="perl" dest=80 scontext=system_u:system_r:httpd_sys_script_t:s0 tcontext=system_u:object_r:http_port_t:s0 tclass=tcp_socket
For testing, I have set selinux to disabled and restarted the server.
SE-Linux denied the TCP connection.
avc: denied { name_connect }
The default access controls for networking by SELinux are based on the labels assigned to TCP and UDP ports and sockets. For instance, the TCP port 80 is labeled with http_port_t (and class tcp_socket). Access towards this port is then governed through SELinux access controls, such as name_connect and name_bind.
When an application is connecting to a port, the name_connect permission is checked. However, when an application binds to the port, the name_bind permission is checked.
Permissive mode or not, Perl is acting like it was denied a TCP connection. Unrecognised protocol tcp means getprotobyname("tcp") failed inside IO::Socket::IP. That's very, very unusual. One of the ways that can happen is via exactly that SELinux denial.
I'm no SELinux expert, but according to RedHat and Gentoo some SELinux aware applications will ignore the global permissive setting and go it alone. RHEL 7 Apache appears to be one of them. It appears to have its own domain which must be set permissive.
On all three I can run the script on the command line and get the expected results:
There's two reasons for that, and they both have to do with users.
When you run the program you're running as your own user with your own configuration, permissions, and environment variables. In fact, you ran it as root which usually bypasses restrictions. When it runs on the server it runs as a different user, probably the web server user with severe restrictions.
In order to do a realistic test, you need to run it as the same user the web server will. You can use sudo -u for this. For example, if the user is apache...
sudo -u apache ./bibbase_proxy2.cgi
BTW Do not test software as root! Not only is it not going to give you sensible results, but if there's a bug in the software there are no safeguards preventing it from wrecking your system.
The second problem is #!/usr/bin/env perl. That means to run whatever perl is in your PATH. PATH will be different for different users. Running ./bibbase_proxy2.cgi may run with one Perl on the command line and a different one via the web server.
In a server environment, use a hard coded path to Perl like #!/usr/bin/perl.
We tested by rewriting the same script in Python and PHP. Both of them showed error which pointed us in the right direction.
Python urllib2 produced the error
<class 'urllib2.URLError'>: <urlopen error [Errno 16] Device or resource busy>
args = (error(16, 'Device or resource busy'),)
errno = None
filename = None
message = ''
reason = error(16, 'Device or resource busy')
strerror = None
PHP (run as CGI) wouldn't even start:
[Wed Jul 25 15:24:52.988582 2018] [cgi:error] [pid 10369] [client 172.28.6.200:44387] AH01215: PHP Warning: PHP Startup: Unable to load dynamic library '/usr/lib64/php/modules/curl.so' - libssh2.so.1: failed to map segment from shared object: Cannot allocate memory in Unknown on line 0
[Wed Jul 25 15:24:52.988980 2018] [cgi:error] [pid 10369] [client 172.28.6.200:44387] AH01215: PHP Warning: PHP Startup: Unable to load dynamic library '/usr/lib64/php/modules/dba.so' - libtokyocabinet.so.9: failed to map segment from shared object: Cannot allocate memory in Unknown on line 0
---- Similar lines for all extensions. ----
It appears that RLimitMEM blocks access to shared memory and that is required for opening sockets. I can't find any documentation, but removing that line makes it work.
I have a Centos server with exim installed. I am trying to send en email from the command line like this:
exim -v account#gmail.com
From: email#mydomain.com
To: account#gmail.com
Subject: test email
this is a test
^D
I have also tried:
echo 'test message' | mail -s Test1 account#gmail.com
as well as sending from a PHP script.
The result is the email times out. The logs indicate exim is timing out:
H=alt2.gmail-smtp-in.l.google.com [173.194.219.26] Connection timed out
I believe iptables are correct. I have scanned the server from an external IP and ports 25, 265 and 587 are open. (Not sure 587 needs to be since this will be a send-only situation most likely.)
I have also telnet'd to port 25 successfully. (Most of the successful resolutions I have found involved port 25 being blocked. I don't think that is the case here. I have also called my provider and checked. They claim port 25 connections are not blocked.)
I would appreciate some ideas.
Thank you.
On Fedora 21, I had a simple script for sending emails
mail -a /tmp/attachment.txt -s "..." someone#somewhere.com
On Fedora 23, this no longer works.
No configuration file found at /home/mike/.esmtprc or /etc/esmtprc
I created the file and assigned correct permissions to it.
hostname = localhost.localdomain:25
(That's what Fedora 21 would send emails from: mike#localhost.localdomain.)
Well, now I'm getting
SMTP server problem Connection refused
Question: how do I get the mail command to work on Fedora 23?
Okay, seems like Fedora 21 must have had an email server running by default, but Fedora 23 does not.
In my
~/.esmtprc
I had to add
hostname = [SMTP SERVER THAT WORKS]:25
mda "/usr/bin/procmail -d %T"
And that worked. Thanks everyone anyway!
While working locally on the dev server, GAE doesn't send any emails out. Unless running it with the following command:
dev_appserver.py --enable_sendmail myapp
This would rely on a local sendmail to be setup.
I am using Ubuntu now for some time and I never came across something so difficult to setup.
I came across this solution and 5 other tutorials. The mail.log shows that the email was accepted and sent out, but google times out.
Jun 28 12:13:38 tp sm-mta[15964]: r5SAnXFV014925: to=<kave#gmail.com>, ctladdr=<kave#localhost.localdomain> (1000/1000), delay=00:24:05, xdelay=00:00:00, mailer=esmtp, pri=210342, relay=alt4.gmail-smtp-in.l.google.com., dsn=4.0.0, stat=Deferred: Connection timed out with alt4.gmail-smtp-in.l.google.com
I would be happy to give up and rely on the log files. But the command line ouput doesn't show the email body:
INFO 2013-06-28 11:17:40,146 mail_stub.py:140] MailService.Send
From: admin#mydomain.com
To: kave#gmail.com
Subject: Invitation to join xxx
Body:
Content-type: text/plain
Data length: 347
It is so frustrating. Any ideas please?
Update:
I have tried to run it with the VM arguments:
But I get this error message:
I ran into this same issue a couple weeks ago. I ended up adding the following VM arguments to eclipse when running the DevAppServer:
-Dmail.log_mail_level=WARNING -Dmail.log_mail_body=true
Whenever I run a simple send email function using Email::Send::Gmail I get this error:
[Mon Jan 28 11:37:57 2013] [error] [client 31.171.245.] Error sending email: Email::Send::Gmail: error connecting to server smtp.gmail.com at /usr/local/share/perl5/Email/Send.pm line 252, referer: http://**.cgi
However, exact same code is working when run from command line. And smtp.gmail.com is available when telneting from command line. It this because of the persistence or am I missing something?
Alrgiht, I got it. Seems selinux on CentOS was blocking outside connections from httpd, thus the script was not connecting.
You need to enter this
setsebool -P httpd_can_network_connect=1
In order to connect.
Try (in your cgi script) doing this:
use Net::SMTP::SSL;
Net::SMTP::SSL->new( 'smtp.gmail.com', Port => 465, Debug => 1 );
and see if the debugging information tells you anything helpful.
Is it possible that your cgi script is using a different perl, with different modules installed?