Ubuntu
milter-greylist package

/var/run/milter-greylist perms issue

Bug #226267 reported by Charles Curley
8
Affects Status Importance Assigned to Milestone
milter-greylist (Ubuntu)
Confirmed
High
Unassigned
Nominated for Hardy by Gerry C.

Bug Description

Binary package hint: milter-greylist

I just upgraded from Gutsy to Hardy via the alternate CD. In the process, a previously running sendmail installation broke. The problem is the perissions on /var/run/milter-greylist.

root@dragon:~# service sendmail start
 * Starting Mail Transport Agent (MTA) sendmail 451 4.0.0 /etc/mail/sendmail.cf: line 1764: Xgreylist: local socket name /var/run/milter-greylist/milter-greylist.sock unsafe: Group writable directory
                                                                         [ OK ]

(Why Sendmail reports OK I don't know, but that's another issue.)

The workaround is simple:

root@dragon:~# cd /var/run/milter-greylist/
root@dragon:/var/run/milter-greylist# ll
total 0
drwxrwxr-x 2 root greylist 60 2008-05-02 17:43 .
drwxr-xr-x 22 root root 1000 2008-05-03 03:33 ..
srwxr-xr-x 1 greylist greylist 0 2008-05-02 17:43 milter-greylist.sock
root@dragon:/var/run/milter-greylist# chmod g-w .
root@dragon:/var/run/milter-greylist# ll
total 0
drwxr-xr-x 2 root greylist 60 2008-05-02 17:43 .
drwxr-xr-x 22 root root 1000 2008-05-03 03:33 ..
srwxr-xr-x 1 greylist greylist 0 2008-05-02 17:43 milter-greylist.sock
root@dragon:/var/run/milter-greylist# service sendmail start

Thanks!

ps:
root@dragon:~# pre milter
libmilter1-8.14.2-2build1--i386
milter-greylist-3.0-3ubuntu1--i386
root@dragon:~#

Revision history for this message
Mike (mike-hay) wrote :

I too have encountered this issue and did not find the chmod command mentioned above to be of much help. A better way in my view is to fix the init.d script. The directory containing the socket file should be owned by the user running milter-greylist only writeable by that user.

Around line 61 of /etc/init.d/milter-greylist I changed it to read:

if [ ! -d /var/run/$PNAME ]; then
        mkdir /var/run/$PNAME
        chown greylist /var/run/$PNAME
fi

This is in line with the recommendations contained in the README which ships with the milter-greylist sources:

"The default directory is /var/milter-greylist and it should be chmod 0755 and owner smmsp, if you are running the milter as smmsp."

Revision history for this message
Luca Falavigna (dktrkranz) wrote :

Fixed in 3.0-3ubuntu1.

Changed in milter-greylist:
status: New → Fix Released
Revision history for this message
Fabien Tassin (fta) wrote :

Apparently, it's still in jaunty (I keep hitting that on all my ubuntu boxes) so I re-open:

ii milter-greylist 4.1.8-2ubuntu1

root@cube:/etc/mail # /etc/init.d/sendmail start
 * Starting Mail Transport Agent (MTA) sendmail
451 4.0.0 /etc/mail/sendmail.cf: line 1770: Xgreylist: local socket name /var/run/milter-greylist/milter-greylist.sock unsafe: Group writable directory

this is bad as the box boots and end-up with sendmail dead and it's easy to miss.

In /etc/init.d/milter-greylist I see:

if [ ! -d /var/run/$PNAME ]; then
       mkdir /var/run/$PNAME
       chgrp greylist /var/run/$PNAME
       chmod g+w /var/run/$PNAME
fi

so this is obviously wrong, and it comes from a local patch: debian/patches/rc-debian.tempfs

Changed in milter-greylist:
importance: Undecided → High
status: Fix Released → Confirmed
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.