Procmail can't create mailbox

Mon Dec 1 20:08:50 UTC 2008

On Mon, Dec 01, 2008 at 10:11:08AM -0800, Rick Stevens wrote:
> Bob McClure Jr wrote:
>> On Sat, Nov 29, 2008 at 09:28:38AM -0500, Mark Corsi wrote:
>>> My guess is that the server is seeing the process as 'other'. This leaves
>>> two solutions. One is to start the process with sudo so it starts as root. I
>>> would hazard a guess that this would open up an unexpected security hole
>>> since this is a mail process. The other solution is to make the process
>>> owner part of the group that owns that folder and make the folder group
>>> writable. Pretty sure the second solution will maintain security while
>>> accomplishing your goal.
>>
>> Well, I already have a sufficiently secure work-around, but that works
>> around a symptom.  I want to find out why an out-of-the-box
>> configuration quit working.
>
> Were there any diagnostics in the logs that may be of use?

Only

Nov 28 18:45:46 lfvsfcp19080 postfix/local[30613]: 759B024035:
to=<bmcclure at dn.net>, orig_to=<root at dn.net>, relay=local, delay=3,
delays=0/0/0/3, dsn=5.2.0, status=bounced (can't create user output
file. Command output: procmail: Couldn't create "/var/mail/bmcclure" )

> Did you
> check /usr/bin/procmail and verified it was rwxr-xr-x (755), owned by
> root, group of mail?

-rwxr-xr-x 1 root mail 99128 Jul 12  2006 /usr/bin/procmail

> Yes, /var/mail is a symlink to /var/spool/mail and
> the link should be mode rwxrwxrwx (777).

lrwxrwxrwx 1 root root 10 Nov 21 20:43 /var/mail -> spool/mail

> /var/spool/mail itself should be owned by root, group of mail with mode
> rwxrwxr-x (775).

drwxrwxr-x 2 root mail 4096 Nov 28 04:02 /var/spool/mail

> The files below that should be owned by the user whose
> mailbox it is, group of mail with mode rw-rw---- (660).

-rw------- 1 root root 0 Nov 28 04:02 root
-rw-rw---- 1 root mail 0 Nov 21 20:52 root2
-rw-rw---- 1 rpc  mail 0 Nov 21 20:47 rpc

> I know of no extra things that may be affected by the addition of a user
> via the "adduser" scripts that wouldn't be handled IF all of the user-
> related files (home directories, hidden files, etc.) are present.

drwx------ 25 bmcclure bmcclure 12288 Dec  1 04:02 /home/bmcclure
-rw-r--r-- 1 bmcclure apache 1716 Nov 28 21:40 /home/bmcclure/.procmailrc

I am mystified.

> ----------------------------------------------------------------------
> - Rick Stevens, Systems Engineer                      ricks at nerd.com -
> - AIM/Skype: therps2        ICQ: 22643734            Yahoo: origrps2 -
> -                                                                    -
> -     Try to look unimportant.  The bad guys may be low on ammo.     -
> ----------------------------------------------------------------------

Cheers,
-- 
Bob McClure, Jr.             Bobcat Open Systems, Inc.
bob at bobcatos.com             http://www.bobcatos.com
"For I know the plans I have for you," declares the LORD, "plans to
prosper you and not to harm you, plans to give you hope and a future."
Jeremiah 29:11 (NIV)