I've setup a small mail server with Postfix, Dovecot, and MySQL (MariaDB) on Debian. I've also configured TLS with Let's Encrypt. rDNS, DMARC, DKIM, SPF and Fail2Ban are also setup and confirmed to work.
My DMARC record looks like this:
v=DMARC1;p=reject;sp=reject;adkim=r;aspf=r;rua=mailto:report@[example].com;fo=1
The issue is that the rua=mailto:[email protected]
, which should sporadically send reports to an e-mail address on the same mail server, does not work.
/var/log/mail.log
reports:
Jan 18 14:47:05 [hostname] postfix/sendmail[20682]: fatal: open /etc/postfix/main.cf: Permission denied
Jan 18 14:47:05 [hostname] postfix/pipe[20681]: 553A01F977: to=<report@[example].net>, relay=spamassassin, delay=9533, delays=9533/0.01/0/0.3, dsn=4.3.0, status=deferred (temporary failure. Command output: sendmail: fatal: open /etc/postfix/main.cf: Permission denied )
The permissions on /etc/postfix/main.cf
are:
-rwxr-x--- 1 root root 3968 Jan 18 08:36 /etc/postfix/main.cf
What kind of permissions does sendmail
need to be able to successfully work?
Or is this issue maybe related something else?
I can post configuration files, if needed, but wanted to keep this concise.
Update - 2022-01-26
Unfortunately, the same permission problem still persists, even after changing the permissions of /etc/postfix/main.cf
to 754
.
Here's an extended excerpt from /var/log/mail.log
from this morning, in case that helps to debug this further:
Jan 26 06:17:48 [hostname] postfix/qmgr[18018]: BBF611E00B: from=<[email protected]>, size=3516, nrcpt=1 (queue active)
Jan 26 06:17:48 [hostname] postfix/sendmail[23302]: fatal: open /etc/postfix/main.cf: Permission denied
Jan 26 06:17:48 [hostname] postfix/pipe[23301]: BBF611E00B: to=<report@[example].net>, relay=spamassassin, delay=148779, delays=148779/0.01/0/0.33, dsn=4.3.0, status=deferred (temporary failure. Command output: sendmail: fatal: open /etc/postfix/main.cf: Permission denied )
Jan 26 06:27:48 [hostname] postfix/qmgr[18018]: 581341F9AA: from=<[email protected]>, size=3516, nrcpt=1 (queue active)
Jan 26 06:27:48 [hostname] postfix/sendmail[23436]: fatal: open /etc/postfix/main.cf: Permission denied
Jan 26 06:27:48 [hostname] postfix/pipe[23435]: 581341F9AA: to=<report@[example].net>, relay=spamassassin, delay=148788, delays=148788/0.01/0/0.14, dsn=4.3.0, status=deferred (temporary failure. Command output: sendmail: fatal: open /etc/postfix/main.cf: Permission denied )
Jan 26 06:38:20 [hostname] postfix/pickup[23498]: 891351FEEF: uid=0 from=<root>
Jan 26 06:38:20 [hostname] postfix/cleanup[23537]: 891351FEEF: message-id=<20230126053820.891351FEEF@[hostname].[example].net>
Jan 26 06:38:20 [hostname] postfix/qmgr[18018]: 891351FEEF: from=<root@[example].net>, size=150485, nrcpt=1 (queue active)
Jan 26 06:38:20 [hostname] dovecot: lmtp(23545): Connect from local
Jan 26 06:38:20 [hostname] postfix/lmtp[23544]: 891351FEEF: to=<root@[example].net>, orig_to=<root>, relay=[hostname].[example].net[private/dovecot-lmtp], delay=0.09, delays=0.05/0.01/0.01/0.02, dsn=5.1.1, status=bounced (host [hostname].[example].net[private/dovecot-lmtp] said: 550 5.1.1 <root@[example].net> User doesn't exist: root@[example].net (in reply to RCPT TO command))
Jan 26 06:38:20 [hostname] dovecot: lmtp(23545): Disconnect from local: Client has quit the connection (state=READY)
Jan 26 06:38:20 [hostname] postfix/cleanup[23537]: 9C4C31FEF2: message-id=<20230126053820.9C4C31FEF2@[hostname].[example].net>
Jan 26 06:38:20 [hostname] postfix/qmgr[18018]: 9C4C31FEF2: from=<>, size=3330, nrcpt=1 (queue active)
Jan 26 06:38:20 [hostname] dovecot: lmtp(23545): Connect from local
Jan 26 06:38:20 [hostname] postfix/bounce[23549]: 891351FEEF: sender non-delivery notification: 9C4C31FEF2
Jan 26 06:38:20 [hostname] postfix/qmgr[18018]: 891351FEEF: removed
Jan 26 06:38:20 [hostname] postfix/lmtp[23544]: 9C4C31FEF2: to=<root@[example].net>, relay=[hostname].[example].net[private/dovecot-lmtp], delay=0.01, delays=0/0/0/0.01, dsn=5.1.1, status=bounced (host [hostname].[example].net[private/dovecot-lmtp] said: 550 5.1.1 <root@[example].net> User doesn't exist: root@[example].net (in reply to RCPT TO command))
Jan 26 06:38:20 [hostname] dovecot: lmtp(23545): Disconnect from local: Client has quit the connection (state=READY)
Jan 26 06:38:20 [hostname] postfix/qmgr[18018]: 9C4C31FEF2: removed
It should be noted that the user that runs sendmail
seems to be root
.
Running ps aux | grep sendmail
, as suggested below, returns:
root 24694 0.0 0.0 6044 888 pts/0 S+ 10:40 0:00 grep sendmail
Here are some permissions from /var/spool/postfix:
drwx------ 2 postfix root 4096 Jan 26 09:27 active
drwx------ 2 postfix root 4096 Jan 26 06:38 bounce
drwx------ 2 postfix root 4096 Jan 11 13:59 corrupt
drwx------ 7 postfix root 4096 Jan 24 12:58 defer
drwx------ 7 postfix root 4096 Jan 24 12:58 deferred
drwxr-xr-x 2 root root 4096 Jan 16 11:09 dev
drwxr-xr-x 3 root root 4096 Jan 18 08:37 etc
drwx------ 2 postfix root 4096 Jan 11 13:59 flush
drwx------ 2 postfix root 4096 Jan 11 13:59 hold
drwx------ 2 postfix root 4096 Jan 26 06:38 incoming
drwxr-xr-x 3 root root 4096 Jan 11 13:59 lib
drwx-wx--T 2 postfix postdrop 4096 Jan 26 06:38 maildrop
drwxr-xr-x 2 opendkim postfix 4096 Jan 16 11:37 opendkim
drwxr-xr-x 2 root root 4096 Jan 16 08:57 pid
drwx------ 2 postfix root 4096 Jan 18 08:37 private
drwx--s--- 2 postfix postdrop 4096 Jan 18 08:37 public
drwx------ 2 postfix root 4096 Jan 11 13:59 saved
drwx------ 2 postfix root 4096 Jan 11 13:59 trace
drwxr-xr-x 3 root root 4096 Jan 11 13:59 usr
Here's the addendum with the permission information from /etc/postifx:
drwxr-xr-x 23 root wheel 736B Dec 2 09:43 ./
drwxr-xr-x 80 root wheel 2.5K Jan 17 13:17 ../
-rw-r--r-- 1 root wheel 12K Dec 2 09:43 LICENSE
-rw-r--r-- 1 root wheel 1.6K Dec 2 09:43 TLS_LICENSE
-rw-r--r-- 1 root wheel 21K Dec 2 09:43 access
-rw-r--r-- 1 root wheel 9.8K Dec 2 09:43 aliases
-rw-r--r-- 1 root wheel 3.5K Dec 2 09:43 bounce.cf.default
-rw-r--r-- 1 root wheel 12K Dec 2 09:43 canonical
-rw-r--r-- 1 root wheel 44B Dec 2 09:43 custom_header_checks
-rw-r--r-- 1 root wheel 10K Dec 2 09:43 generic
-rw-r--r-- 1 root wheel 23K Dec 2 09:43 header_checks
-rw-r--r-- 1 root wheel 27K Dec 2 09:43 main.cf
-rw-r--r-- 1 root wheel 27K Dec 2 09:43 main.cf.default
-rw-r--r-- 1 root wheel 26K Dec 2 09:43 main.cf.proto
-rw-r--r-- 1 root wheel 6.0K Dec 2 09:43 makedefs.out
-rw-r--r-- 1 root wheel 7.3K Dec 2 09:43 master.cf
-rw-r--r-- 1 root wheel 7.3K Dec 2 09:43 master.cf.default
-rw-r--r-- 1 root wheel 6.1K Dec 2 09:43 master.cf.proto
-rw-r--r-- 1 root wheel 20K Dec 2 09:43 postfix-files
drwxr-xr-x 2 root wheel 64B Dec 2 09:43 postfix-files.d/
-rw-r--r-- 1 root wheel 6.8K Dec 2 09:43 relocated
-rw-r--r-- 1 root wheel 12K Dec 2 09:43 transport
-rw-r--r-- 1 root wheel 13K Dec 2 09:43 virtual
namei -l /etc/postfix/main.cf
into your question.main.cf
has around 4kb and is last changed Jan 18th. On the second listing it is suddenly 7k and changed Dec 2nd. That's quite a difference. Are these listings actually from the same server?