search

virtualmin / virtualmin-gpl

Virtualmin web hosting control panel for Webmin
https://www.virtualmin.com
GNU General Public License v3.0
315 stars 98 forks source link

Postgrey PID unwriteable in default location (permission denied in maillog) #164

Open ChristopherW opened 4 years ago

ChristopherW commented 4 years ago

On my CentOS 7 install, with Postgrey 1.34 from EPEL, it uses a systemctl file in /etc/systemd/system/multi-user.target.wants/postgrey.service

This file contains PIDFile=/var/run/postgrey.pid and a similar reference in the ExecStart command. These need modifying, as Postgrey cannot write to postgrey.pid inside /var/run. It was logging an according error in maillog which wasn't stopping it working, but was pointless.

On each restart after a whitelist addition, Postfix maillog logged the error Couldn't unlink "/var/run/postgrey.pid" [Permission denied])

I followed the simple steps in this Debian bugreport: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=630353#msg15 but also had to alter the postgrey.service command (obviously /etc/init.d/postgrey doesn't exist with systemd).

Any opportunity to deploy Postgrey 1.37 in Virtualmin deploy and bake the config fix in?

SupRavII commented 2 years ago

mkdir /var/run/postgrey chown postgrey:postgrey /var/run/postgrey

change /etc/init.d/postgrey: PIDFILE=/var/run/$NAME.pid to PIDFILE=/var/run/$NAME/$NAME.pid

/etc/init.d/postgrey stop rm /var/run/postgrey.pid /etc/init.d/postgrey start

jcameron commented 2 years ago

Seems like this should be fixed upstream in the Postgrey package?

grzegorz-janoszka commented 2 years ago

The same bug has been there for years. Please fix the package.

Another thing is extremely outdated default whitelist in the distribution package - entries from 2004 to 2015 (nothing newer) - most of them don't resolve to any hosts.

chris001 commented 2 years ago

I found a cron job script to auto update the existing postgrey whitelist each 28 days to the newest one available. I'll make a PR for this.

swelljoe commented 2 years ago

We no longer maintain a postgrey package. We use the EPEL package on Red Hat derivatives. We recommend you use the EPEL package (it's always been the EPEL package, we just added it to our repos for reasons I can't recall).

swelljoe commented 2 years ago

Does this problem exist in the EPEL package version 1.37, @grzegorz-janoszka ?

grzegorz-janoszka commented 2 years ago

@swelljoe I use Debian package 1.36-5.2. I will see if there is a newer version of the package.

grzegorz-janoszka commented 2 years ago

I have postgrey 1.37 and it looks much better. I had no idea there were so many changes between 1.36 and 1.37.

GaalexxC commented 7 months ago

They will never fix this, here's the complete work around/fix

mkdir /run/postgrey chown -R postgrey:postgrey /run/postgrey chmod 0755 /run/postgrey/

nano /usr/lib/tmpfiles.d/postgrey.conf

insert and save d /run/postgrey 0750 postgrey postgrey - -

nano /etc/init.d/postgrey

PIDFILE=/run/$DAEMON_NAME.pid
    to
PIDFILE=/run/$DAEMON_NAME/$DAEMON_NAME.pid

Add to systemd

nano /lib/systemd/system/postgrey.service

Insert and save

[Unit] Description=Postfix Greylisting Service Before=postfix.service

[Service] Type=forking ExecStartPre=-/bin/rm -f /run/postgrey/postgrey.pid PIDFile=/run/postgrey/postgrey.pid ExecStart=/usr/sbin/postgrey --inet=10023 -d --delay=150 --pidfile=/run/postgrey/postgrey.pid Restart=always RestartSec=1

[Install] WantedBy=multi-user.target

chmod 0644 /lib/systemd/system/postgrey.service systemctl enable postgrey.service systemctl daemon-reload

Remove the pid in question rm /var/run/postgrey.pid

Restart service postgrey restart or /etc/init.d/postgrey restart