Email errors and file permissions
v66.0.18
We have been seeing the following in the exim panic logs for the past few days:
2017-09-06 10:40:20 failed to expand condition "${if exists {$home/etc/$domain/quota}{${if > {${lookup{$local_part}lsearch{$home/etc/$domain/quota}{$value}{0}}}{0}{${if match {${readsocket{/var/run/dovecot/quota-status}{request=smtpd_access_policy
recipient=${quote:$local_part}@${quote:$domain}
size=$message_size
}{3s}{
}{SOCKETFAIL}}}{action=5}{true}{false}}}{false}}}{false}}" for virtual_user_overquota router: failed to open /home/username/etc/domain.tld/quota for linear search: Permission denied (euid=47 egid=12)
The peculiar thing is that this only seems to affect 2 domains. I have checked the filesystem and the /quota file permissions are set to 640 - the same that all the other /quota files for all the domains that are not provoking errors. On an unrelated issue - I was dismayed to see the /username.rcube.db.latest files set to 777 permissions. I do think that there should never be any file with this level of global read/write in a users home directory.
The peculiar thing is that this only seems to affect 2 domains. I have checked the filesystem and the /quota file permissions are set to 640 - the same that all the other /quota files for all the domains that are not provoking errors. On an unrelated issue - I was dismayed to see the /username.rcube.db.latest files set to 777 permissions. I do think that there should never be any file with this level of global read/write in a users home directory.
-
***UPDATE*** I was able to 'fix' the errors being reported in the exim_paniclog very simply: - ]
- For the user that is reported as having an error, go to their cPanel and edit the quota of any of their email accounts that have a quota set (or set a quota on one that hasn't).
- Ensure you SAVE the new quota.
0 -
I am not sure what was causing them - perhaps there was an extra line or some non-printing character in the file - but editing it and saving it seems to have worked.
Hello, Did you happen to check the ownership values of those files before updating them through the cPanel email quota modification functionality? Thank you.0 -
I did check - the /quota files were all : owner:username group:mail permissions 640 0 -
***UPDATE*** After checking every single /home/username/etc/domain.tld/quota file, I did find one user whose file was set : owner:username group:username permissions 640 After modifying a quota for one of their email accounts, this users file changed to : owner:username group:mail permissions 640 To be honest, I am now doubting myself as to whether I checked the ownership before or after I changed the email quota for their account in cPanel. Hope someone can get something useful out of all this o_O 0 -
Hello, The following command is also useful if you want to correct the ownership or permissions of the mail quota files: /scripts/mailperm --verbose
Thank you.0
Please sign in to leave a comment.
Comments
5 comments