[CRITICAL] deferral: Not_allowed_to_perform_deliveries_as_root

[chrisf]

Since recent update of KloxoMR all mail directories are being created in root ('/').

deferral: Not_allowed_to_perform_deliveries_as_root.

I have done everything, fixmail-all, mysql-reset-root-password, fixmail, cleanup, reinstalled *-toaster.  The mail was running fine, now nothing!  This is a production server, which again I foolishly updated!!!  I updated a test server, ALL MAIL created in root!

This is a CRITICAL BUG.  How to fix?

[chrisf]

Tracked to /var/qmail/users/assign - domain was missing uid set.  I added it, ran /var/qmail/bin/qmail-newu.
Queue empties, normal operations.

No more root qmail directories, no delivery error.

sh /script/fixmail-all - PROBLEM RETURNS, root qmail directories created, all mail queued.   Investigate assign file, MISSING uid for some domains. 

Further investigate and find sh /script/fix-qmail-assign HAS A BUG, and is not working properly.  I tried to trace the php code but fix-qmail-assign.php has one function call... I am not investigating KloxoMR code.

MUSTAFA, this is a CRITICAL bug that stops all mail for the domains with missing uid.  The problem appears to be with your use of the 'id' command.  Where is this code located?

This has been recreated on ALL my servers.

Please advise!

[chrisf]

Unable to run /cleanup as it runs the fix-qmail-assign.

THIS NEEDS FIXED!  Where is your call to system 'id' ?  I am getting a 'nvalid parameter use id --help' when running fix-qmail-assign.

WHERE IS THIS?

[MRatWork]

1. Reset your mysql root password with 'sh /script/reset-mysql-root-password'
2. And then run 'sh /script/fixmail-all'.

[chrisf]

THAT HAS NOTHING to do with it.  I tried that first!  I got it running by manually fixing assign file.

/script/fix-qmail-assign has a bug.  There is a problem.

Everytime I run fixmail-all the problem recreates!!!!

[MRatWork]

Inform here 'ls -l /home/lxadmin/mail/domains'.

What's happen when running '/home/vpopmail/bin/vdominfo'.

[chrisf]

[root@cc-server bin]# ./vdominfo
domain: cc-server.us
uid:    7797
gid:    7797
dir:    /home/lxadmin/mail/domains/cc-server.us
users:  2147483647

domain: convictionshosting.com
uid:    7797
gid:    7797
dir:    /home/lxadmin/mail/domains/convictionshosting.com
users:  2147483647

[root@cc-server bin]# sh /script/fixmail-all

Change qmail.init
--------------------------
Set '/home/vpopmail/bin/vchkpw' for root:root ownership
Set '/home/vpopmail/bin/vchkpw' for 4751 permissions
--------------------------
Set '/var/qmail/control/locals' with 'localhost' only
--------------------------
Using qmail-toaster - fix '/home/vpopmail/etc/vpopmail.mysql'
--------------------------
id: extra operand `admin'
Try `id --help' for more information.
id: extra operand `admin'
Try `id --help' for more information.
--------------------------


DO YOU SEE THE BOLD, that is when /script/fix-qmail-assign runs.  It is causing an error and leaving domain with no uid (7797).  THERE IS A BUG HERE.

[MRatWork]

The new 'fix-qmail-assign' based on directory owner of '/home/lxadmin/mail/domains/<domain>'. In previous code, based on vpopmail database.

You can see the latest code:

Code: [Select]

#!/bin/sh

source /script/directory
lxphp.exe ../bin/fix/fix-qmail-assign.php $*

exit

d="/home/lxadmin/mail/domains/"
q="/var/qmail"

echo "Fix Qmail User Assign"

rm -f ${q}/users/assign ${q}/control/rcpthosts ${q}/control/virtualdomains

cd ${d}
 
for i in * ; do
if [ ! -d ${i} ] ; then
continue
fi

u=$(ls -l ${i}|awk '{print $3}')
u=$(echo -n ${u})
v=$(id -u ${u})
g=$(ls -l ${i}|awk '{print $4}')
g=$(echo -n ${g})
h=$(id -g ${g})

echo "+${i}-:${i}:${v}:${h}:${d}${i}:-::" >> ${q}/users/assign
echo "${i}:${i}" >> ${q}/control/virtualdomains
echo "${i}" >> ${q}/control/rcpthosts

echo "- for '${i}' under '${u}'"
done

if [ $# -eq 0 ] ; then
echo "." >> ${q}/users/assign
fi

/var/qmail/bin/qmail-newu
able to use old code with:

Code: [Select]

#!/bin/sh

# source /script/directory
# lxphp.exe ../bin/fix/fix-qmail-assign.php $*

d="/home/lxadmin/mail/domains/"
q="/var/qmail"

echo "Fix Qmail User Assign"

rm -f ${q}/users/assign ${q}/control/rcpthosts ${q}/control/virtualdomains

cd ${d}
 
for i in * ; do
if [ ! -d ${i} ] ; then
continue
fi

u=$(ls -l ${i}|awk '{print $3}')
u=$(echo -n ${u})
v=$(id -u ${u})
g=$(ls -l ${i}|awk '{print $4}')
g=$(echo -n ${g})
h=$(id -g ${g})

echo "+${i}-:${i}:${v}:${h}:${d}${i}:-::" >> ${q}/users/assign
echo "${i}:${i}" >> ${q}/control/virtualdomains
echo "${i}" >> ${q}/control/rcpthosts

echo "- for '${i}' under '${u}'"
done

if [ $# -eq 0 ] ; then
echo "." >> ${q}/users/assign
fi

/var/qmail/bin/qmail-newu
Remember if you have domain.com with /home/admin/domain.com docroot, your /home/lxadmin/mail/domains/domain.com must be owner by 'admin'.

[MRatWork]

Inform here for 'id -u admin' and 'id -g admin'.

[Kloxo-DR]

Hi Mustafa,

I have seen this nonsense a hundred times. I have already reported this bug but you confirmed that you shall make no change here:

http://forum.mratwork.com/kloxo-mr-bugs-and-requests/(bug)-deferral-vdelivermail_deferred-sh-scriptfixmail-creates-mailboxes-in/

The problem is related to connection of vpopmail with mysql. The chain of authentication breaks somewhere and queue cannot be sorted out. Kloxo-MR service does nothing to prevent this.

In one case, following helped:

http://forum.mratwork.com/kloxo-mr-technical-helps/can't-login-to-email-accounts/msg31664/#msg31664
http://forum.mratwork.com/kloxo-mr-development/can't-login-to-kloxo-mr/msg31766/#msg31766

When the connection of vpopmail is changed and/or kloxomr + vpopmail + mysql chain is broken, then this problem occurs. Then kloxomr login may fail, vpopmail login may fail and, as a consequence, mail queue shall stop processing.

One of the consequence is that all mailboxes are created in the root directory. In these situation, fix scripts enhances the problem by creating all mailboxes under the root directory.

[MRatWork]

An issue for vpopmail is using mysql where sometimes 'root' password not match.

Alternative for this is convert database from mysql to cdb with '/home/vpopmail/bin/vconvert -m -c' but need Kloxo-MR 6.5.1 because fix-qmail-assign not need read mysql data but directly read information from /home/lxadmin/mail/domains/<domain>. With this situation, will be have a trouble if ownership /home/lxadmin/mail/domains/<domain> not match (also their permissions). That it.

[chrisf]

@Kloxo-DR, thank you, but this issue is not due to mysql.

[[root@cc-server ~]# id -u admin
7797
[root@cc-server ~]# id -g admin
7797
[root@cc-server ~]# cd /home/lxadmin/mail/domains
[root@cc-server domains]# ls -al
total 16
drwxrwxr-x 4 root  root  4096 Dec 29 06:07 .
drwxrwxr-x 3 root  root  4096 Dec 29 04:18 ..
drwx------ 3 admin admin 4096 Mar 29 20:16 cc-server.us
drwx------ 6 admin admin 4096 Mar 29 20:17 convictionshosting.com
[root@cc-server domains]#

So as you can see, permissions correct, id -u and id -g correct, however fix-qmail-assign not working, same error:

[MRatWork]

Update to 2014033004 because already fix this issue.