listen EACCES problem?

[ruandao]

why this happen?

cpu:nodejs r$ haraka -i test
cpu:nodejs r$ sudo haraka -c test/
loglevel: LOGPROTOCOL
Starting up Haraka version 2.6.1
[INFO] [-] [core] Loading plugins
[INFO] [-] [core] Loading plugin: access
[DEBUG] [-] [core] no timeout in access.timeout
[DEBUG] [-] [core] no timeout in plugin_timeout
[DEBUG] [-] [core] plugin access timeout is: 30s
[INFO] [-] [core] loaded 7185 Public Suffixes
[INFO] [-] [core] loaded TLD files: 1=882 2=5813 3=2287
[INFO] [-] [access] skipping helo.checks.regexps
[DEBUG] [-] [core] registered hook connect to access.rdns_access
[DEBUG] [-] [core] registered hook mail to access.mail_from_access
[DEBUG] [-] [core] registered hook rcpt to access.rcpt_to_access
[DEBUG] [-] [core] registered hook connect to access.any
[DEBUG] [-] [core] registered hook helo to access.any
[DEBUG] [-] [core] registered hook ehlo to access.any
[DEBUG] [-] [core] registered hook mail to access.any
[DEBUG] [-] [core] registered hook rcpt to access.any
[DEBUG] [-] [core] registered hook data_post to access.data_any
[INFO] [-] [core] Loading plugin: dnsbl
[DEBUG] [-] [core] no timeout in dnsbl.timeout
[DEBUG] [-] [core] no timeout in plugin_timeout
[DEBUG] [-] [core] plugin dnsbl timeout is: 30s
[DEBUG] [-] [core] no timeout in dns_list_base.timeout
[DEBUG] [-] [core] no timeout in plugin_timeout
[DEBUG] [-] [core] plugin dns_list_base timeout is: 30s
[DEBUG] [-] [core] Returning boolean true for main.reject=true
[DEBUG] [-] [dnsbl] looking up: 1.0.0.127.zen.spamhaus.org.
[DEBUG] [-] [dnsbl] will re-test list zones every 30 minutes
[DEBUG] [-] [core] registered hook connect to dnsbl.connect_first
[INFO] [-] [core] Loading plugin: helo.checks
[DEBUG] [-] [core] no timeout in helo.checks.timeout
[DEBUG] [-] [core] no timeout in plugin_timeout
[DEBUG] [-] [core] plugin helo.checks timeout is: 30s
[DEBUG] [-] [core] Returning boolean true for check.match_re=true
[DEBUG] [-] [core] Returning boolean true for check.bare_ip=true
[DEBUG] [-] [core] Returning boolean true for check.dynamic=true
[DEBUG] [-] [core] Returning boolean true for check.big_company=true
[DEBUG] [-] [core] Returning boolean true for check.valid_hostname=true
[DEBUG] [-] [core] Returning boolean true for check.forward_dns=true
[DEBUG] [-] [core] Returning boolean true for check.rdns_match=true
[DEBUG] [-] [core] Returning boolean true for check.mismatch=true
[DEBUG] [-] [core] Returning boolean true for reject.mismatch=true
[DEBUG] [-] [core] Returning boolean false for reject.rdns_match=false
[DEBUG] [-] [core] Returning boolean false for reject.dynamic=false
[DEBUG] [-] [core] Returning boolean false for reject.bare_ip=false
[DEBUG] [-] [core] Returning boolean false for reject.literal_mismatch=false
[DEBUG] [-] [core] Returning boolean false for reject.valid_hostname=false
[DEBUG] [-] [core] Returning boolean false for reject.forward_dns=false
[DEBUG] [-] [core] Returning boolean true for reject.big_company=true
[DEBUG] [-] [core] Returning boolean true for skip.private_ip=true
[DEBUG] [-] [core] Returning boolean true for skip.relaying=true
[DEBUG] [-] [core] registered hook helo to helo.checks.proto_mismatch_smtp
[DEBUG] [-] [core] registered hook ehlo to helo.checks.proto_mismatch_esmtp
[DEBUG] [-] [core] registered hook helo to helo.checks.init
[DEBUG] [-] [core] registered hook ehlo to helo.checks.init
[DEBUG] [-] [core] registered hook helo to helo.checks.match_re
[DEBUG] [-] [core] registered hook ehlo to helo.checks.match_re
[DEBUG] [-] [core] registered hook helo to helo.checks.bare_ip
[DEBUG] [-] [core] registered hook ehlo to helo.checks.bare_ip
[DEBUG] [-] [core] registered hook helo to helo.checks.dynamic
[DEBUG] [-] [core] registered hook ehlo to helo.checks.dynamic
[DEBUG] [-] [core] registered hook helo to helo.checks.big_company
[DEBUG] [-] [core] registered hook ehlo to helo.checks.big_company
[DEBUG] [-] [core] registered hook helo to helo.checks.literal_mismatch
[DEBUG] [-] [core] registered hook ehlo to helo.checks.literal_mismatch
[DEBUG] [-] [core] registered hook helo to helo.checks.valid_hostname
[DEBUG] [-] [core] registered hook ehlo to helo.checks.valid_hostname
[DEBUG] [-] [core] registered hook helo to helo.checks.rdns_match
[DEBUG] [-] [core] registered hook ehlo to helo.checks.rdns_match
[DEBUG] [-] [core] registered hook helo to helo.checks.forward_dns
[DEBUG] [-] [core] registered hook ehlo to helo.checks.forward_dns
[INFO] [-] [core] Loading plugin: mail_from.is_resolvable
[DEBUG] [-] [core] no timeout in mail_from.is_resolvable.timeout
[DEBUG] [-] [core] no timeout in plugin_timeout
[DEBUG] [-] [core] plugin mail_from.is_resolvable timeout is: 30s
[DEBUG] [-] [core] Returning boolean false for main.allow_mx_ip=0
[DEBUG] [-] [core] Returning boolean true for main.reject_no_mx=1
[DEBUG] [-] [core] registered hook mail to mail_from.is_resolvable.hook_mail
[INFO] [-] [core] Loading plugin: rcpt_to.in_host_list
[DEBUG] [-] [core] no timeout in rcpt_to.in_host_list.timeout
[DEBUG] [-] [core] no timeout in plugin_timeout
[DEBUG] [-] [core] plugin rcpt_to.in_host_list timeout is: 30s
[DEBUG] [-] [core] no timeout in rcpt_to.host_list_base.timeout
[DEBUG] [-] [core] no timeout in plugin_timeout
[DEBUG] [-] [core] plugin rcpt_to.host_list_base timeout is: 30s
[DEBUG] [-] [core] registered hook rcpt to rcpt_to.in_host_list.hook_rcpt
[DEBUG] [-] [core] registered hook mail to rcpt_to.in_host_list.hook_mail
[INFO] [-] [core] Loading plugin: data.headers
[DEBUG] [-] [core] no timeout in data.headers.timeout
[DEBUG] [-] [core] no timeout in plugin_timeout
[DEBUG] [-] [core] plugin data.headers timeout is: 30s
[DEBUG] [-] [core] Returning boolean true for check.duplicate_singular=true
[DEBUG] [-] [core] Returning boolean true for check.missing_required=true
[DEBUG] [-] [core] Returning boolean true for check.invalid_return_path=true
[DEBUG] [-] [core] Returning boolean true for check.invalid_date=true
[DEBUG] [-] [core] Returning boolean true for check.user_agent=true
[DEBUG] [-] [core] Returning boolean true for check.direct_to_mx=true
[DEBUG] [-] [core] Returning boolean true for check.from_match=true
[DEBUG] [-] [core] Returning boolean true for check.mailing_list=true
[DEBUG] [-] [core] Returning boolean true for check.delivered_to=true
[DEBUG] [-] [core] Returning boolean false for reject.duplicate_singular=false
[DEBUG] [-] [core] Returning boolean false for reject.missing_required=false
[DEBUG] [-] [core] Returning boolean false for reject.invalid_return_path=false
[DEBUG] [-] [core] Returning boolean false for reject.invalid_date=false
[DEBUG] [-] [core] Returning boolean true for reject.delivered_to=true
[DEBUG] [-] [core] registered hook data_post to data.headers.duplicate_singular
[DEBUG] [-] [core] registered hook data_post to data.headers.missing_required
[DEBUG] [-] [core] registered hook data_post to data.headers.invalid_date
[DEBUG] [-] [core] registered hook data_post to data.headers.invalid_return_path
[DEBUG] [-] [core] registered hook data_post to data.headers.user_agent
[DEBUG] [-] [core] registered hook data_post to data.headers.direct_to_mx
[DEBUG] [-] [core] registered hook data_post to data.headers.from_match
[DEBUG] [-] [core] registered hook data_post to data.headers.delivered_to
[DEBUG] [-] [core] registered hook data_post to data.headers.mailing_list
[INFO] [-] [core] Loading plugin: queue/smtp_forward
[DEBUG] [-] [core] no timeout in queue/smtp_forward.timeout
[DEBUG] [-] [core] no timeout in plugin_timeout
[DEBUG] [-] [core] plugin queue/smtp_forward timeout is: 30s
[DEBUG] [-] [core] registered hook queue to queue/smtp_forward.hook_queue
[DEBUG] [-] [core] registered hook queue_outbound to queue/smtp_forward.hook_queue_outbound
[INFO] [-] [core] Loading plugin: max_unrecognized_commands
[DEBUG] [-] [core] no timeout in max_unrecognized_commands.timeout
[DEBUG] [-] [core] no timeout in plugin_timeout
[DEBUG] [-] [core] plugin max_unrecognized_commands timeout is: 30s
[DEBUG] [-] [core] registered hook connect to max_unrecognized_commands.hook_connect
[DEBUG] [-] [core] registered hook unrecognized_command to max_unrecognized_commands.hook_unrecognized_command
[ERROR] [-] [core] Failed to setup listeners: listen EACCES
[NOTICE] [-] [core] Shutting down

but, there was nothing occupy the 25 port

cpu:nodejs r$ sudo lsof -i:25
Password:
cpu:nodejs r$ 

[smfreegard]

Ports < 1024 are 'privileged' on UNIX, so only the 'root' user can bind to them. You're trying to bind to the port as a regular user hence the EACCESS.

Typically Haraka would be started as root (by root) and would the drop privileges after it has opened the port to whatever user you set in config/smtp.ini

There are other workarounds if you don't have root access (it requires someone with root access to set this up for you though). See http://stackoverflow.com/questions/413807/is-there-a-way-for-non-root-processes-to-bind-to-privileged-ports-1024-on-l for details.

[ruandao]

But I was run it use sudo and not found any other program occupy the 25 port

[smfreegard]

What OS is this and what do you have in config/smtp.ini??

[ruandao]

I use OS X 10.10.5 (14F27) and never change config/smtp.ini now

// config/smtp.ini

; address to listen on (default: all IPv6 and IPv4 addresses, port 25)
; use "[::0]:25" to listen on IPv6 and IPv4 (not all OSes)
;listen=[::0]:25

; Note you can listen on multiple IPs/ports using commas:
;listen=127.0.0.1:2529,127.0.0.2:2529,127.0.0.3:2530

; public IP address (default: none)
; If your machine is behind a NAT, some plugins (SPF, GeoIP) gain features
; if they know the servers public IP. If 'stun' is installed, Haraka will
; try to figure it out. If that doesn't work, set it here.
;public_ip=N.N.N.N

; Time in seconds to let sockets be idle with no activity
;inactivity_timeout=300

; Drop privileges to this user/group
;user=smtp
;group=smtp

; Don't stop Haraka if plugins fail to compile
;ignore_bad_plugins=0

; Run using cluster to fork multiple backend processes
;nodes=cpus

; Daemonize
;daemonize=true
;daemon_log_file=/var/log/haraka.log
;daemon_pid_file=/var/run/haraka.pid

; Spooling
; Save memory by spooling large messages to disk
;spool_dir=/var/spool/haraka
; Specify -1 to never spool to disk
; Specify 0 to always spool to disk
; Otherwise specify a size in bytes, once reached the
; message will be spooled to disk to save memory.
;spool_after=

[smfreegard]

No idea then - that would work on any other UNIX. This must be a quirk of OS X.

If you set listen=0.0.0.0:2525 in config/smtp.ini - will it start?

[ruandao]

not, it still can't start, get the same error

[ruandao]

my smtp.ini (I uncomment and change it as the following line):

listen=[::0]:25

and change it to:

listen=0.0.0.0:25

was get the same result

[ruandao]

but if I change it to port large than 1024, it run success. I think it should also be the privileged problem.

Thanks.

[smfreegard]

Weird that it doesn't run under sudo though. I can find a few other nodejs projects reporting similar issues and using the firewall to redirect the ports instead.

Please let me know if you find a solution.

[baudehlo]

Can you try running:

sudo xcodebuild -license

And see if it helps?

On Oct 4, 2015, at 4:06 AM, Steve Freegard notifications@github.com wrote:

Weird that it doesn't run under sudo though. I can find a few other nodejs projects reporting similar issues and using the firewall to redirect the ports instead.

Please let me know if you find a solution.

— Reply to this email directly or view it on GitHub.

[ruandao]

In fact i had been changed the file(/usr/local/Cellar/node/0.12.7/bin/node)'s suid bit to -r-sr-xr-x for convenient install global library but forget change the owner to root.
And, now i change the owner to root, it work.

It may not same with other people.

[baudehlo]

Node is not suid safe. You really shouldn't do that.

On Oct 4, 2015, at 7:28 PM, ruandao notifications@github.com wrote:

In fact i had been changed the file(/usr/local/Cellar/node/0.12.7/bin/node)'s suid bit to -r-sr-xr-x for convenient install global library but forget change the owner to root.

And, now i change the owner to root, it work.

It may not same with other people.

— Reply to this email directly or view it on GitHub.

[ruandao]

Yes, thank you. I will change it back.