Title: Issues with qmail scanner
Post by: morbid on March 29, 2004, 02:33:33 PM
Post by: morbid on March 29, 2004, 02:33:33 PM
Greetings.. First off let me thank you for such a wonderful script.. However i'm running into a slight issue.. First off i'm running FreeBSD-CURRENT and have been trying to do this inside a FreeBSD Jail. All is going well except for 1 part.. when i run the filter install portion this is what happens..
So like the message says i try to run that in a non-privilaged account...
Now i've searched your site and could not find any information pertaining to this.. so for curiosity i edited the qmail-scanner-queue.pl file and just made the interperator perl which allowed me to run it.. so i went along w/ the rest of the install with no problems.. until i telneted in and tried to send myself a email i got this:
and suggestions, pointers to already resolved issues this this would be great.. i'm wondering if a freebsd jail wont allow perlsuid or what.. thanks again..
| Quote: |
Finished. Please read README(.html) and then go over the script (/var/qmail/bin/qmail-scanner-queue.pl) to check paths/etc. "/var/qmail/bin/qmail-scanner-queue.pl -r" should return some well-known virus definitions to show that the internal perlscanner component is working. That's it! ****** FINAL TEST ****** Please log into an unpriviledged account and run /var/qmail/bin/qmail-scanner-queue.pl -g If you see the error "Can't do setuid", or "Permission denied", then refer to the FAQ. (e.g. "setuidgid qmaild /var/qmail/bin/qmail-scanner-queue.pl -g") That's it! To report success: % (echo 'First M. Last'; cat SYSDEF)|mail jhaar-s4vstats@crom.trimble.co.nz Replace First M. Last with your name. To enable qmail-scanner, add this to your /var/service/smtp/run file: QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl" export QMAILQUEUE |
So like the message says i try to run that in a non-privilaged account...
($:~)=> setuidgid qmaild /var/qmail/bin/qmail-scanner-queue.pl -gsetuidgid: fatal: unable to setgid: permission denied
Now i've searched your site and could not find any information pertaining to this.. so for curiosity i edited the qmail-scanner-queue.pl file and just made the interperator perl which allowed me to run it.. so i went along w/ the rest of the install with no problems.. until i telneted in and tried to send myself a email i got this:
Mar 29 16:03:57 mail X-Qmail-Scanner-1.21: [mail.domain.com10805942364707892] cannot link /var/spool/qmailscan/working/tmp/mail.domain.com10805942364707892 into /var/spool/qmailscan/working/new/mail.domain.com10805942364707892 - Operation not permitted Mar 29 16:07:11 mail X-Qmail-Scanner-1.21: [mail.domain.com10805944304707982] cannot link /var/spool/qmailscan/working/tmp/DOMAIN.COM10805944304707982 into /var/spool/qmailscan/working/new/DOMAIN.COM10805944304707982 - Operation not permitted
and suggestions, pointers to already resolved issues this this would be great.. i'm wondering if a freebsd jail wont allow perlsuid or what.. thanks again..
Title: Issues with qmail scanner
Post by: morbid on March 29, 2004, 03:57:30 PM
Post by: morbid on March 29, 2004, 03:57:30 PM
ok i've gotten suidperl to work.. and reinstalled qmailscanner.. still receiving the error in the maillog though 
Title: Issues with qmail scanner
Post by: morbid on March 29, 2004, 06:24:26 PM
Post by: morbid on March 29, 2004, 06:24:26 PM
ok please disregard this post..
i had 2 sysctl's set on the master which would not allow linking..
security.bsd.hardlink_check_uid=1
security.bsd.hardlink_check_gid=1
those should be set as 0
it's working great now.. i would like to thank you for such a wonderful script..
i had 2 sysctl's set on the master which would not allow linking..
security.bsd.hardlink_check_uid=1
security.bsd.hardlink_check_gid=1
those should be set as 0
it's working great now.. i would like to thank you for such a wonderful script..