Jail cannot send mail anymore after upgrade to 14.2

L

lindely

Hi,

My setup involves a simple server with two jails. The main system and both jails send mail summaries for the daily/weekly/security periodic tasks using DMA, as per handbook chapter 31. Since upgrading to FreeBSD 14.2 I noticed one of the jails no longer sends these mails. The output in /var/log/maillog is quite clear:

Dec 27 00:00:00 dita newsyslog[24586]: logfile turned over
Dec 27 03:03:47 dita dma[dma][35144]: can not create temp file in `/var/spool/dma': Permission denied
Dec 27 03:03:47 dita dma[dma][35178]: could not open flush file: Permission denied
Dec 27 03:03:47 dita dma[dma][35179]: could not open flush file: Permission denied

Sending a mail via the command line results in the same: sendmail: can not create temp file in `/var/spool/dma': Permission denied

Calling dma directly: dma: can not create temp file in `/var/spool/dma': Permission denied

However, when comparing the permissions in the failing jail against the permissions in the functioning jail and the server itself, I see no differences whatsoever. The dma.conf is the same as well. When I change the permissions on /var/spool/dma from 770 to 777, mails are being sent. It's as if the mail sending is suddenly being done by a different user.

If anyone has any thoughts on how to look into this, I would really appreciate it. Using 777 for the permissions is not the end of the world, as I am the only user and mails are only sent locally, but I would rather find out why this problem suddenly appeared and fix it.
 
As I was copying the permissions I noticed that /usr/libexec/dma was missing the setuid bit. Strange how I did not notice that before... I have no idea why that was missing. I stopped the jail, added the bit to the file in the ZFS dataset (no idea if that's the proper procedure) and restarted the jail; now mails can be sent again.

Thanks for the reply, as it made me find out the reason of why mails could not be sent :). The cause, however, still eludes me.
 
You must log in or register to reply here.
Back
Top