Configuration file issue #7
Comments
|
Hello @locutius first issue: Sorry I have not tested the RPMs myself. What does It might be that your systemd does not handle the SupplementaryGroups
they are needed so that srs-milter can read the configuration file (since it can be accessed by the group nogroup/nobody)
The ConfigurationDirectory settings are commented out in the service: srs-milter/packaging/srs-milter.service Lines 13 to 14 in 52f7d0f second issue: increase the log level to 4 srs-milter/packaging/srs-milter.yml Lines 19 to 21 in 52f7d0f |
|
Hello @d--j Thank you very much for the suggestions. While I was waiting for your reply, I made the decision to migrate from sendmail to postfix in order to use the postsrsd package. But, if you feel solving the couple issues I found would be beneficial to other users of srs-milter, I am happy to keep debugging with you. I provide the details you requested below. For Issue #1, here are the settings you requested, followed by the configuration file details: [root@server1 postfix]# systemctl cat srs-milter
# /usr/lib/systemd/system/srs-milter.service
[Unit]
Description=Mail filter handling SRS address rewriting
After=network.target
[Service]
DynamicUser=true
User=srsmilter
Group=srsmilter
SupplementaryGroups=nobody
ExecStart=/usr/bin/srs-milter -systemd
Restart=always
RestartSec=10
ConfigurationDirectory=srs-milter
ConfigurationDirectoryMode=750
#ProtectProc=invisible
PrivateDevices=true
ProtectHostname=true
ProtectClock=true
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectKernelLogs=true
ProtectControlGroups=true
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
LockPersonality=true
RestrictRealtime=true
SystemCallFilter=@system-service
SystemCallErrorNumber=EPERM
SystemCallArchitectures=native
[Install]
WantedBy=multi-user.target[root@server1 postfix]# ls -l /etc/srs-milter/srs-milter.yml
-rw-r--r-x. 1 root nobody 1481 Jun 10 11:03 /etc/srs-milter/srs-milter.ymlFor Issue #2, I had already set the logLevel to 4. The messages log was quite large so I have provided the last 1000 lines matching "srs-milter" (domains redacted). The result is attached here: Let me know if this information helps and/or if there is any other information you require. Again, I'm moving to postfix with postsrsd but I'm happy to help if you think it is worthwhile. |
|
here is one gmail destination mail: This mails return path does not get rewritten because |
|
Thank you for your reply. Unfortunately, I am having difficulty following your reasoning because it doesn't seem to match our setup. Perhaps it will help if I provide some more details ... You are correct that domain1.domain is the srsDomain and that it doesn't need rewriting. Our setup is as follows. domain1.domain receives e-mails that are both delivered to the domain1.domain mailbox AND forwarded to [email protected]. The return paths for the domain1.domain e-mails are being rewritten by srs-milter but the ones forwarded to gmail.com are not. This seems backwards to me. I have a perfect example to share because I received your last comment as an e-mail from github. I received the e-mail both at domain1.domain AND at gmail.com. Here are the two return paths in the headers I received On domain1.domain I received:
On gmail.com I received:
Although Gmail accepts the forwarded e-mails from github, e-mails from other domains (which presumably have more stringent requirements) are rejected by Gmail. My hope is that SRS will solve this problem. I really do appreciate your efforts on this but, if any any point, you think it's too much work let me know. If I'm the only one to have brought this to your attention, perhaps it's not an issue for the majority of your users. Still, if you want to solve this mystery, I'm happy to work through it. |
Thank you for creating this SRS milter. I installed it using the amd64 rpm on Rocky Linux 9.4 with sendmail 8.16 but I have been facing two issues.
The first issue is minor and related to finding the configuration file. I kept getting the error:
Jun 9 10:45:02 server1 srs-milter[1520879]: lvl=crit msg="error reading config file" err="Config File "srs-milter" Not Found in "[/etc/srs-milter /]"
But the file, provided by the rpm, did exist at /etc/srs-milter/srs-milter.yml
Initially I thought the issue was related to selinux permissions (because there were many selinux messages) so I set selinux to permissive mode and yet the configuration file issue persists.
Permissions were 750 so I decided to try 755 as an experiment. This worked, although I now get the warning:
Jun 9 10:58:51 server1 systemd[1523231]: ConfigurationDirectory 'srs-milter' already exists but the mode is different. (File system: 755 ConfigurationDirectoryMode: 750)
The second issue is more serious and relates to which messages have their return paths rewritten. I am using the default srs-milter.yml file except that I changed logLevel to 4 (srsDomain and srsKeys are the only other options set). Locally delivered e-mails are having their returns paths rewritten but forwarded messages are not. Of course, it's the forwarded messages that need to be rewritten. As a result forwarded messages to GMail are still bouncing back.
Please advise. Am happy to perform additional debugging steps with guidance. I would love to get this milter working.
The text was updated successfully, but these errors were encountered: