1

Topic: vscan permission denied

==== Required information ====
- iRedMail version: 0.8.3
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Linux/BSD distribution name and version: FreeBSD 9.1
- Related log if you're reporting an issue:

root@mail:/usr/local/www # mailq
-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
D993496FCD3     1098 Thu Mar 14 05:01:02  vscan@mail.ramenzoni.com.br
(temporary failure. Command output: Can't open log file /var/log/sieve.log: Permission denied)
                                         vscan@mail.ramenzoni.com.br

-- 1 Kbytes in 1 Request.
root@mail:/usr/local/www # ls -l /var/log/sieve.log
-rw-------  1 vmail  vmail  303 Mar 14 11:42 /var/log/sieve.log

How to proceed in this case?

====

2

Re: vscan permission denied

anyone ?

3

Re: vscan permission denied

/var/log/sieve.log must be world-writable. So, please set to 0666 instead.

4

Re: vscan permission denied

Zhang, look:

root@mail:~ # ls -l /var/log/sieve.log
-rw-rw-rw-  1 vmail  vmail  6924 Mar 18 10:46 /var/log/sieve.log
root@mail:~ # mailq
-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
AC25F96FCE1     1098 Mon Mar 18 05:01:03  vscan@mail.ramenzoni.com.br
                                                           (temporary failure)
                                         vscan@mail.ramenzoni.com.br

3706996FCCD     3154 Mon Mar 18 05:22:26  MAILER-DAEMON
                                                           (temporary failure)
                                         vscan@mail.ramenzoni.com.br

-- 4 Kbytes in 2 Requests.

5

Re: vscan permission denied

Please check related log in /var/log/sieve.log and /var/log/dovecot.log.

6

Re: vscan permission denied

root@mail:/home/policyd # tail /var/log/sieve.log
Mar 18 11:00:00 mail newsyslog[35057]: logfile turned over
Mar 18 11:02:19 lda(cleiton@alcatrazes.com.br): Info: msgid=<20130318140216.GA399@acucobol.ramenzoni.com.br>: saved mail to INBOX
Mar 18 11:02:22 lda(mario@alcatrazes.com.br): Info: msgid=<20130318140216.GA399@acucobol.ramenzoni.com.br>: saved mail to INBOX
Mar 18 11:03:24 lda(cleiton@alcatrazes.com.br): Info: msgid=<20130318140320.GA1828@acucobol.ramenzoni.com.br>: saved mail to INBOX
Mar 18 11:03:24 lda(mario@alcatrazes.com.br): Info: msgid=<20130318140320.GA1828@acucobol.ramenzoni.com.br>: saved mail to INBOX
Mar 18 11:05:30 lda(cleiton@alcatrazes.com.br): Info: msgid=<40cb7dac61ef13c5aba270bb4da5355b@www.marcaepatente.com.br>: saved mail to INBOX

root@mail:/home/policyd # tail /var/log/dovecot.log
Mar 18 11:00:00 mail newsyslog[35057]: logfile turned over
Mar 18 11:00:13 pop3-login: Info: Login: user=<mario@alcatrazes.com.br>, method=PLAIN, rip=XXX.XXX.XXX, lip=192.168.112.233, mpid=35111, TLS, session=<+bVsaDPYYAC9b6tX>
Mar 18 11:00:13 pop3(mario@alcatrazes.com.br): Info: Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
Mar 18 11:00:14 pop3-login: Info: Login: user=<mario@alcatrazes.com.br>, method=PLAIN, rip=XXX.XXX.XXX, lip=192.168.112.233, mpid=35121, TLS, session=<m+R4aDPY4gC9b6tX>
Mar 18 11:00:14 pop3(mario@alcatrazes.com.br): Info: Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
Mar 18 11:02:19 dict: Info: mysql(192.168.112.233): Connected to database iredadmin
Mar 18 11:03:23 dict: Info: mysql(192.168.112.233): Connected to database iredadmin
Mar 18 11:05:30 dict: Info: mysql(192.168.112.233): Connected to database iredadmin

7

Re: vscan permission denied

Hmm, any related log in Postfix log file?

8

Re: vscan permission denied

Mar 18 10:46:21 mail postfix/qmgr[99954]: AC25F96FCE1: from=<vscan@mail.ramenzoni.com.br>, size=1098, nrcpt=1 (queue active)
Mar 18 10:46:21 mail postfix/local[32247]: AC25F96FCE1: to=<vscan@mail.ramenzoni.com.br>, relay=local, delay=20718, delays=20718/0.02/0/0.1, dsn=4.3.0, status=deferred (temporary failure)
Mar 18 10:46:21 mail postfix/local[32248]: 3706996FCCD: to=<vscan@mail.ramenzoni.com.br>, relay=local, delay=19436, delays=19436/0.01/0/0.1, dsn=4.3.0, status=deferred (temporary failure)
Mar 18 10:48:22 mail postfix/qmgr[99954]: AC25F96FCE1: from=<vscan@mail.ramenzoni.com.br>, size=1098, nrcpt=1 (queue active)
Mar 18 10:48:23 mail postfix/local[32646]: 3706996FCCD: to=<vscan@mail.ramenzoni.com.br>, relay=local, delay=19557, delays=19557/0.01/0/0.39, dsn=4.3.0, status=deferred (temporary failure)
Mar 18 10:48:23 mail postfix/local[32645]: AC25F96FCE1: to=<vscan@mail.ramenzoni.com.br>, relay=local, delay=20840, delays=20839/0.01/0/0.41, dsn=4.3.0, status=deferred (temporary failure)

9

Re: vscan permission denied

perlporter wrote:

Mar 18 10:46:21 mail postfix/qmgr[99954]: AC25F96FCE1: from=<vscan@mail.ramenzoni.com.br>, size=1098, nrcpt=1 (queue active)
Mar 18 10:46:21 mail postfix/local[32247]: AC25F96FCE1: to=<vscan@mail.ramenzoni.com.br>, relay=local, delay=20718, delays=20718/0.02/0/0.1, dsn=4.3.0, status=deferred (temporary failure)
Mar 18 10:46:21 mail postfix/local[32248]: 3706996FCCD: to=<vscan@mail.ramenzoni.com.br>, relay=local, delay=19436, delays=19436/0.01/0/0.1, dsn=4.3.0, status=deferred (temporary failure)
Mar 18 10:48:22 mail postfix/qmgr[99954]: AC25F96FCE1: from=<vscan@mail.ramenzoni.com.br>, size=1098, nrcpt=1 (queue active)
Mar 18 10:48:23 mail postfix/local[32646]: 3706996FCCD: to=<vscan@mail.ramenzoni.com.br>, relay=local, delay=19557, delays=19557/0.01/0/0.39, dsn=4.3.0, status=deferred (temporary failure)
Mar 18 10:48:23 mail postfix/local[32645]: AC25F96FCE1: to=<vscan@mail.ramenzoni.com.br>, relay=local, delay=20840, delays=20839/0.01/0/0.41, dsn=4.3.0, status=deferred (temporary failure)


I'm seeing the exact same thing..

I've even edited /etc/aliases with

vscan: root
root: me@mydomain.com

and still no good.

Was a solution for this found?

10

Re: vscan permission denied

AshcorTech wrote:

I've even edited /etc/aliases with

Did you run "postmap" command to update alias db?

# postmap hash:/etc/postfix/aliases

11

Re: vscan permission denied

ZhangHuangbin wrote:
AshcorTech wrote:

I've even edited /etc/aliases with

Did you run "postmap" command to update alias db?

# postmap hash:/etc/postfix/aliases

nope... I updated /etc/aliases, not /etc/postfix/aliases

I suppose since /etc/aliases is a more complete list I could run

#postmap hash:/etc/aliases

no?

12 (edited by AshcorTech 2013-09-20 20:19:29)

Re: vscan permission denied

guess not.. tried it with both files...

then from root login sent an email to vscan usin

# mail vscan

, log shows this:

2013-09-20T08:15:20.476639-04:00 linux01 postfix/pickup[15985]: 7448E340099: uid=0 from=<root>
2013-09-20T08:15:20.487761-04:00 linux01 postfix/cleanup[16074]: 7448E340099: message-id=<20130920121520.7448E340099@linux01.mydomain.com>
2013-09-20T08:15:20.535023-04:00 linux01 postfix/qmgr[17471]: 7448E340099: from=<root@linux01.mydomain.com>, size=503, nrcpt=1 (queue active)
2013-09-20T08:15:21.229115-04:00 linux01 postfix/smtpd[16090]: connect from unknown[127.0.0.1]
2013-09-20T08:15:21.235796-04:00 linux01 postfix/smtpd[16090]: 39857340092: client=unknown[127.0.0.1]
2013-09-20T08:15:21.236440-04:00 linux01 postfix/cleanup[16074]: 39857340092: message-id=<20130920121520.7448E340099@linux01.mydomain.com>
2013-09-20T08:15:21.292629-04:00 linux01 postfix/smtpd[16090]: disconnect from unknown[127.0.0.1]
2013-09-20T08:15:21.293170-04:00 linux01 postfix/qmgr[17471]: 39857340092: from=<root@linux01.mydomain.com>, size=1023, nrcpt=1 (queue active)
2013-09-20T08:15:21.298768-04:00 linux01 amavis[26862]: (26862-15) Passed CLEAN {RelayedInternal}, MYUSERS <root@linux01.mydomain.com> -> <vscan@linux01.mydomain.com>, Message-ID: <20130920121520.7448E340099@linux01.mydomain.com>, mail_id: olijKv0iuEiW, Hits: 1.178, size: 503, queued_as: 39857340092, 758 ms
2013-09-20T08:15:21.363522-04:00 linux01 postfix/smtp[16087]: 7448E340099: to=<vscan@linux01.mydomain.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.92, delays=0.1/0/0/0.82, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 39857340092)
2013-09-20T08:15:21.363901-04:00 linux01 postfix/qmgr[17471]: 7448E340099: removed
2013-09-20T08:15:21.419587-04:00 linux01 postfix/local[16093]: 39857340092: to=<vscan@linux01.mydomain.com>, relay=local, delay=0.19, delays=0.06/0.01/0/0.12, dsn=4.3.0, status=deferred (temporary failure)

13

Re: vscan permission denied

AshcorTech wrote:

2013-09-20T08:15:21.419587-04:00 linux01 postfix/local[16093]: 39857340092: to=<vscan@linux01.mydomain.com>, relay=local, delay=0.19, delays=0.06/0.01/0/0.12, dsn=4.3.0, status=deferred (temporary failure)

Did you create alias entry for user 'vscan' in /etc/postfix/aliases?
Any related log in /var/log/sieve.log?

14

Re: vscan permission denied

ZhangHuangbin wrote:
AshcorTech wrote:

2013-09-20T08:15:21.419587-04:00 linux01 postfix/local[16093]: 39857340092: to=<vscan@linux01.mydomain.com>, relay=local, delay=0.19, delays=0.06/0.01/0/0.12, dsn=4.3.0, status=deferred (temporary failure)

Did you create alias entry for user 'vscan' in /etc/postfix/aliases?
Any related log in /var/log/sieve.log?


from sieve.log:

Sep 23 13:24:26 lda(vscan): Fatal: setgid(303(vmail) from mail_gid setting) failed with euid=65(vscan), gid=479(vscan), egid=479(vscan): Operation not permitted (This binary should probably be called with process group set to 303(vmail) instead of 479(vscan))

it appears I did not have an alias created for vscan in /etc/postfix/aliases.  this has been adjusted and postmap hash:/etc/postfix/aliases run.

15

Re: vscan permission denied

*) What's the value of '$daemon_user' and '$daemon_group' in Amavisd config file?
*) Please show me command output: "id vscan".

16

Re: vscan permission denied

ZhangHuangbin wrote:

*) What's the value of '$daemon_user' and '$daemon_group' in Amavisd config file?
*) Please show me command output: "id vscan".

#id vscan

uid=65(vscan) gid=479(vscan) groups=479(vscan)

$daemon_user  = 'vscan';     # (no default;  customary: vscan or amavis), -u
$daemon_group = 'vscan';     # (no default;  customary: vscan or amavis), -g

17

Re: vscan permission denied

I need some more info for troubleshooting:

*) Please show me command output "dovecot -n".
*) Show me "dovecot" entry in file /usr/local/etc/postfix/master.cf. The line after it (begins with a space) is required too.
*) Show me file /usr/local/etc/postfix/aliases. If you have /etc/postfix/aliases, and/or /etc/aliases, please paste them too.

NOTE: please check file/content you're going to paste, remove or replace sensitive info before posting forum reply.

18

Re: vscan permission denied

ZhangHuangbin wrote:

I need some more info for troubleshooting:

*) Please show me command output "dovecot -n".

# 2.1.13: /etc/dovecot/dovecot.conf
# OS: Linux 3.7.10-1.16-desktop x86_64 openSUSE 12.3 (x86_64)
auth_master_user_separator = *
auth_mechanisms = PLAIN LOGIN
dict {
  acl = mysql:/etc/dovecot/dovecot-share-folder.conf
  quotadict = mysql:/etc/dovecot/dovecot-used-quota.conf
}
first_valid_uid = 303
last_valid_uid = 303
listen = *
log_path = /var/log/dovecot.log
mail_debug = yes
mail_gid = 303
mail_location = maildir:/%h/Maildir/:INDEX=/%h/Maildir/
mail_plugins = quota
mail_uid = 303
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave
namespace {
  inbox = yes
  location =
  prefix =
  separator = /
  type = private
}
namespace {
  list = children
  location = maildir:/%%h/Maildir/:INDEX=/%%Lh/Maildir/Shared/%%u
  prefix = Shared/%%u/
  separator = /
  subscriptions = yes
  type = shared
}
passdb {
  args = /etc/dovecot/dovecot-mysql.conf
  driver = sql
}
passdb {
  args = /etc/dovecot/dovecot-master-users-password
  driver = passwd-file
  master = yes
}
plugin {
  acl = vfile
  acl_shared_dict = proxy::acl
  auth_socket_path = /var/run/dovecot/auth-master
  autocreate = INBOX
  autocreate2 = Sent
  autocreate3 = Trash
  autocreate4 = Drafts
  autocreate5 = Junk
  autosubscribe = INBOX
  autosubscribe2 = Sent
  autosubscribe3 = Trash
  autosubscribe4 = Drafts
  autosubscribe5 = Junk
  quota = dict:user::proxy::quotadict
  quota_rule = *:storage=1G
  quota_warning = storage=85%% quota-warning 85 %u
  quota_warning2 = storage=90%% quota-warning 90 %u
  quota_warning3 = storage=95%% quota-warning 95 %u
  sieve = /%h/sieve/dovecot.sieve
  sieve_global_dir = /data/vmail/sieve
  sieve_global_path = /data/vmail/sieve/dovecot.sieve
}
protocols = pop3 imap sieve
service auth {
  unix_listener /var/spool/postfix/dovecot-auth {
    group = postfix
    mode = 0666
    user = postfix
  }
  unix_listener auth-master {
    group = vmail
    mode = 0666
    user = vmail
  }
  unix_listener auth-userdb {
    group = vmail
    mode = 0660
    user = vmail
  }
}
service dict {
  unix_listener dict {
    group = vmail
    mode = 0660
    user = vmail
  }
}
service imap-login {
  process_limit = 500
  service_count = 1
}
service pop3-login {
  service_count = 1
}
service quota-warning {
  executable = script /usr/local/bin/dovecot-quota-warning.sh
  unix_listener quota-warning {
    group = vmail
    mode = 0660
    user = vmail
  }
}
ssl = required
ssl_cert = </etc/ssl/certs/iRedMail_CA.pem
ssl_key = </etc/ssl/private/iRedMail.key
userdb {
  args = /etc/dovecot/dovecot-mysql.conf
  driver = sql
}
protocol lda {
  auth_socket_path = /var/run/dovecot/auth-master
  lda_mailbox_autocreate = yes
  log_path = /var/log/sieve.log
  mail_plugins = quota sieve autocreate
  postmaster_address = root
}
protocol imap {
  imap_client_workarounds = tb-extra-mailbox-sep
  mail_plugins = quota imap_quota autocreate
}
protocol pop3 {
  mail_plugins = quota
  pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
  pop3_uidl_format = %08Xu%08Xv
}

*) Show me "dovecot" entry in file /usr/local/etc/postfix/master.cf. The line after it (begins with a space) is required too.

there is no /usr/local/etc/postfix/master.cf.... i assume you mean /etc/postfix/master.cf...

# Use dovecot deliver program as LDA.
dovecot unix    -       n       n       -       -      pipe
    flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${domain} -m ${extension}

*) Show me file /usr/local/etc/postfix/aliases. If you have /etc/postfix/aliases, and/or /etc/aliases, please paste them too.

NOTE: please check file/content you're going to paste, remove or replace sensitive info before posting forum reply.

again, I have no "/usr/local/etc..." path

/etc/postfix/aliases

# Basic system aliases -- these MUST be present
MAILER-DAEMON:  postmaster
postmaster:     root

# General redirections for pseudo accounts
bin:            root
daemon:         root
named:          root
#nobody:                root
uucp:           root
www:            root
ftp-bugs:       root
postfix:        root

# Put your local aliases here.

# Well-known aliases
manager:        root
dumper:         root
operator:       root
abuse:          postmaster

# trap decode to catch security attacks
decode:         root

wwwrun: root
nobody: root
vmail: root
root: me@mydomain.com
cluebringer: root
clamav: root

/etc/aliases

root:   me@mydomain.com

# Basic system aliases that MUST be present.
postmaster:     root
mailer-daemon:  postmaster
# amavis
virusalert:     root
# General redirections for pseudo accounts in /etc/passwd.
administrator:  root
daemon: root
lp:     root
news:   root
uucp:   root
games:  root
man:    root
at:     root
postgres:       root
mdom:   root
amanda: root
ftp:    root
wwwrun: root
squid:  root
msql:   root
gnats:  root
nobody: root
vscan: root
# "bin" used to be in /etc/passwd
bin:    root
# Further well-known aliases for dns/news/ftp/mail/fax/web/gnats.
newsadm:        news
newsadmin:      news
usenet: news
ftpadm: ftp
ftpadmin:       ftp
ftp-adm:        ftp
ftp-admin:      ftp
hostmaster:     root
mail:   postmaster
postman:        postmaster
post_office:    postmaster
# "abuse" is often used to fight against spam email
abuse:  postmaster
spam:   postmaster
faxadm: root
faxmaster:      root
webmaster:      root
gnats-admin:    root
mailman:        root
mailman-owner:  mailman
nagiosadmin:    root

19

Re: vscan permission denied

AshcorTech wrote:

there is no /usr/local/etc/postfix/master.cf.... i assume you mean /etc/postfix/master.cf...

My mistake, i checked the first post, and it's 'FreeBSD 9.1', so i ask '/usr/local/xxx'.
That's why we ask you always post your own questions in a new forum topic, and show us basic info about your iRedMail: to help solve issue quickly.

Postfix is configured (by iRedMail) to use /etc/postfix/aliases, not /etc/aliases, and there's no 'vscan' user in /etc/postfix/aliases. Please add it and try again.

1) Add 'vscan' in /etc/postfix/aliases:

vscan: root

2) Execute postalias:

# postalias /etc/postfix/aliases

20

Re: vscan permission denied

actually there is vscan: root in /etc/postfix/aliases, it's the very last entry.. when i copied it I cut it off.. so it is there...

21

Re: vscan permission denied

Confused.

Your server hostname is 'linux01.mydomain.com', if you have 'vscan' in /etc/postfix/aliases, and mail sent to 'root' is forwarded to "me@mydomain.com" in /etc/postfix/aliases, all emails sent to 'vscan@linux01.mydomain.com' should be forwarded to "me@mydomain.com".

Did you try to generate new email sent to 'vscan"? Was it delivered to 'me@mydomain.com'? You can try it with below command:

# mail -s "test" vscan < /etc/hosts

It will send an email to 'vscan' user, with subject "test", mail body is file content of /etc/hosts.

22 (edited by AshcorTech 2013-09-26 22:52:55)

Re: vscan permission denied

Sorry for the confusion.

it was

# postalias /etc/postfix/aliases


that was needed to be run... the entry was in the aliases file.

now email to vscan is being routed properly...

next problem is the first email is an error from crontab about vscan...

Cron <vscan@linux01> find /var/spool/amavis/virusmails/ -ctime +15 | xargs rm -rf {}

find: `/var/spool/amavis/virusmails/': No such file or directory

/var/spool/amavis containas only:

.razor/
.spamassassin/
db/
dkim/
tmp/
var/

23

Re: vscan permission denied

You're running openSUSE-12.3, but /var/spool/amavis/virusmails exists on my testing server:

# ls -al /var/spool/amavis/
total 40
drwxr-xr-x  9 vscan vscan 4096 Sep 26 23:04 .
drwxr-xr-x 11 root  root  4096 Sep 14 08:34 ..
drwxr-x---  2 vscan vscan 4096 Sep 26 23:04 .razor
drwx------  2 vscan vscan 4096 Sep 14 08:36 .spamassassin
-rw-r-----  1 vscan vscan    5 Sep 26 23:04 amavisd.pid
srwxr-x---  1 vscan vscan    0 Sep 26 23:04 amavisd.sock
drwxr-xr-x  2 vscan vscan 4096 Sep 26 23:04 db
drwxr-xr-x  2 vscan vscan 4096 Sep 14 08:35 dkim
drwxr-xr-x  2 vscan vscan 4096 Feb 26  2013 tmp
drwxr-xr-x  2 vscan vscan 4096 Feb 26  2013 var
drwxr-xr-x  2 vscan vscan 4096 Feb 26  2013 virusmails

# cat /etc/SuSE-release
openSUSE 12.3 (x86_64)
VERSION = 12.3
CODENAME = Dartmouth

If you have iRedAdmin-Pro and configure Amavisd to quarantine spam/virus to SQL server, this cron job is not needed anymore. Because virus mail won't be stored on file system anymore.

24

Re: vscan permission denied

I don't have pro (yet) but I did do the mysql install version of iRedMail.

25

Re: vscan permission denied

iRedAdmin-Pro doesn't matter in this case. The problem is you don't have directory /var/spool/amavisd/virusmails. Please either create it manually, or disable this cron job.