Postfix problems

redpaint · **Posted:** Fri Jan 20, 2012 2:06 pm

Hello,

We've just upgraded our box from Plesk 10.3.1 to 10.4.4 and we're getting some issues, some with FastCGI which we'll look at later but more serious are problems with Postfix.

ASL seems to be blocking postfix under rule 60026. Users have no access to webmail/horde and outbound emails are not working.

The type of errors we are getting are:

Code:

plesk kernel: grsec: From 77.xx.xx.xx: denied untrusted exec of /usr/sbin/postmap by /usr/lib64/plesk-9.0/psa-pc-remote[psa-pc-remote:10371] uid/euid:89/89 gid/egid:89/31, parent /usr/lib64/plesk-9.0/psa-pc-remote[psa-pc-remote:19959] uid/euid:89/89 gid/egid:89/31

Code:

plesk kernel: grsec: From 77.xx.xx.xx: denied untrusted exec of /usr/sbin/sendmail.postfix by /bin/bash[sh:14367] uid/euid:502/502 gid/egid:503/503, parent /usr/sbin/httpd[httpd:13960] uid/euid:502/502 gid/egid:503/503

not sure why /bin/bash is calling this but

Code:

# ls -al /usr/sbin/sendmail.postfix
-rwxr-xr-x 1 root root 267232 Oct  6 08:37 /usr/sbin/sendmail.postfix

I followed instructions here: https://www.atomicorp.com/wiki/index.ph ... pplication but they only seem to apply to the first message. Users trying to send emails through the server get an error establishing an Encrypted connection (in outlook).

We're running CentOS 6.x with the latest version of ASL and updated rules.

I've looked through the board and can't really see anyone who's encountered this problem.

Can anyone point me in the right direction??

Thanks

redpaint · **Posted:** Fri Jan 20, 2012 2:09 pm

Forgot to say I changed the ownership and permissions of /usr/lib64/plesk-9.0/psa-pc-remote:

Code:

#chown root:root /usr/lib64/plesk-9.0/psa-pc-remote
#chmod og-w /usr/lib64/plesk-9.0/psa-pc-remote

This didn't help.

mikeshinn · **Posted:** Fri Jan 20, 2012 2:27 pm

Check the ownership on /usr/sbin, they are probably not root:root. For some reason Parallels has been changing that to hspc:hspc which is really dangerous. If thats the case for you, change it back to root:root and report this as a vulnerability to Parallels.

redpaint · **Posted:** Fri Jan 20, 2012 3:29 pm

Hello Mike,

Thanks for the reply, you were right /usr/sbin was hspc hspc.

Updated by

Code:

#chown root:root /usr/sbin

We also found this and followed the instructions http://forum.parallels.com/showthread.php?t=209992 followed up by

Code:

/usr/local/psa/admin/sbin/mchk --with-spam

which also seemed to be causing some problems.

Not sure if we're in the clear yet but your help is very much appreciated. We will raise a report with Parallels.

Many thanks
Andy

redpaint · **Posted:** Fri Jan 20, 2012 3:50 pm

Hello Mike,

We seem to have stumbled upon another few problems in ASL:

Code:

3353: Jan 20 19:29:32 plesk postfix/smtpd[18147]: NOQUEUE: reject: RCPT from xxx[xxx]: 450 4.1.8 <me@domain.com>: Sender address rejected: Domain not found; from=<me@domain.com> to=<client@anotherdomain.com> proto=ESMTP helo=<remote.domain.com>

(lots of these)

We can't actually send out from our internal server to our plesk server as all our emails are being rejected (as above)?

Code:

plesk check-quota filter[21292]: Failed to run `/usr/sbin/postalias -q client@yetanotherdomain.com hash:/var/spool/postfix/plesk/virtual`, rc = 1

Any ideas?

redpaint · **Posted:** Fri Jan 20, 2012 7:33 pm

Hi Mike,

The sender address rejected seems to be related to DNS recursion in our data centre.

Thanks
Andy

Postfix problems

Who is online