Shearer-Services
asked on
CANNOT SEND EMAIL VIA CGI SCRIPT - "cannot create queue file"
I have been trying to understand why I cannot send email from a Perl Script. I have added a log funtion as to find out what is up. The hosting company I am using is a bit touchy about me poking around their log files. Here's the script:
#!/usr/local/bin/perl -T
use strict;
our($sec,$min,$hr,$mday,$m on,$year,$ wday,$yday ,$isdst,$l ongyr,$vmo n,$recipie nt,$datest amp);
#########################
#### CONTROL MODULE #####
#########################
&procinput;
&setvars;
&sendmessage;
########################
########################
########################
##### INPUT ######
sub procinput {
($sec,$min,$hr,$mday,$mon, $year,$wda y,$yday,$i sdst) = localtime(time);
$longyr = $year + 1900;
$vmon = $mon + 1;
}
sub setvars {
$ENV{HOME} = '/home/shearer';
$ENV{PATH} = '/usr/lib';
$ENV{IFS} = '';
$recipient = 'webmaster@get-onit.com';
$datestamp = ("$mon/$mday/$longyr at $hr:$min");
}
sub sendmessage {
open (MAIL, "|/usr/lib/sendmail -t -X /home/shearer/mgmt/logs/ma il.log -v");
print MAIL "To: $recipient\n";
print MAIL "Subject: ERROR AT GET ON IT\n\n";
print MAIL "On $datestamp a request for $ENV{'REQUEST_URI'} caused an error. The users name was $ENV{'USER_NAME'}.\n";
close (MAIL);
}
The log entries that are created include the following messages:
05027 >>> collect: Cannot write ./dfi3KJjsRo005027 (bfcommit, uid=1567, gid=1569): Permission denied
05027 >>> queueup: cannot create queue file ./qfi3KJjsRo005027, euid=1567: Permission denied
/usr/lib/sendmail is a link to /usr/sbin/sendmail owned by root. The hosting company has asked me to use the link.
/var/spool/mqueue is owned by root and the mail group. permissions to /var/spool/mqueue are 755. I have not verified that this is the queue indicated in sendmail.cf.
The hosting company copied my script to a new script with www as the group but that didn't work either.
It seems to me that 2 things are needed: 1) group permissions for /var/spool/mqueue need to include write and 2) my script needs to be apart of the mail group.
What am I missing?
Thanks
#!/usr/local/bin/perl -T
use strict;
our($sec,$min,$hr,$mday,$m
#########################
#### CONTROL MODULE #####
#########################
&procinput;
&setvars;
&sendmessage;
########################
########################
########################
##### INPUT ######
sub procinput {
($sec,$min,$hr,$mday,$mon,
$longyr = $year + 1900;
$vmon = $mon + 1;
}
sub setvars {
$ENV{HOME} = '/home/shearer';
$ENV{PATH} = '/usr/lib';
$ENV{IFS} = '';
$recipient = 'webmaster@get-onit.com';
$datestamp = ("$mon/$mday/$longyr at $hr:$min");
}
sub sendmessage {
open (MAIL, "|/usr/lib/sendmail -t -X /home/shearer/mgmt/logs/ma
print MAIL "To: $recipient\n";
print MAIL "Subject: ERROR AT GET ON IT\n\n";
print MAIL "On $datestamp a request for $ENV{'REQUEST_URI'} caused an error. The users name was $ENV{'USER_NAME'}.\n";
close (MAIL);
}
The log entries that are created include the following messages:
05027 >>> collect: Cannot write ./dfi3KJjsRo005027 (bfcommit, uid=1567, gid=1569): Permission denied
05027 >>> queueup: cannot create queue file ./qfi3KJjsRo005027, euid=1567: Permission denied
/usr/lib/sendmail is a link to /usr/sbin/sendmail owned by root. The hosting company has asked me to use the link.
/var/spool/mqueue is owned by root and the mail group. permissions to /var/spool/mqueue are 755. I have not verified that this is the queue indicated in sendmail.cf.
The hosting company copied my script to a new script with www as the group but that didn't work either.
It seems to me that 2 things are needed: 1) group permissions for /var/spool/mqueue need to include write and 2) my script needs to be apart of the mail group.
What am I missing?
Thanks
For that to work /usr/sbin/sendmail must be suid to root, which would be the normal configuration. We can tell if that's the case by looking at what 'ls -l /usr/sbin/sendmail' shows.
ASKER
/usr/sbin/sendmail's permissions are -rwsr-xr-x. It is owned by root and the group is a site-specific group name. If I understand setuid, the /usr/sbin/sendmail runs with my privileges. Aren't I back to the issue that I, or /usr/sbin/sendmail acting for me, doesn't have access to /var/spool/mqueue?
ASKER
I just had another thought. Have I created a problem within my script by setting $ENV{PATH} = '/usr/lib';? That is the path to the link not to sendmail.
ASKER
It seems the path maybe at least part of the problem. When I comment out the path statement, I don't get the error that I can't write to the queue. Though, I have yet to actually receive mail at the intended address.
I have extended the path statement in the script to $ENV{PATH} = '/usr/lib:/usr/sbin:/var/s pool/mqueu e'; but am still not allowed to write to the queue when this statement is uncommented. Any thoughts?
I have extended the path statement in the script to $ENV{PATH} = '/usr/lib:/usr/sbin:/var/s
The path set in the Perl script shouldn't matter becuse your code uses and absolute path "/usr/lib/sendmail" to invoke sendmail. Since it seems that the sendmail binary is suid to root, and thus should have sufficinet privs to write to /var/spool/mqueue I'd like to know what happens if you change "open (MAIL, "|/usr/lib/sendmail" to "open (MAIL, "|/usr/sbin/sendmail"
ASKER
I changed the path to sendmail to /usr/sbin/sendmail and sent a message. As long as the path statement was commented out I received no errors in my log. As soon as I used the path statement, I reveived the same errors stating that I don't have access to the queue. The part that is getting me is that no mail is received at the address even when I get no errors.
I am considering using the -d switch. Before I do, will the combination of -d and -X log the debug information to /home/shearer/mgmt/logs/ma il.log rather than the systems logs?
I see that -d40 debugs information about the queue. But at this point, it seems I may have resolved the issue on the queue so, are there any recommendations about where to begin with the use of -d?
I am considering using the -d switch. Before I do, will the combination of -d and -X log the debug information to /home/shearer/mgmt/logs/ma
I see that -d40 debugs information about the queue. But at this point, it seems I may have resolved the issue on the queue so, are there any recommendations about where to begin with the use of -d?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I have backed all the way out to sending a message from the shell command line. That worked fine. Your suggestion is my next step. I'll give it a try tonight and let you know what happens.
Thanks.
Thanks.
ASKER
Thanks for your help jlevie. I have asked that the question be closed and a 100 points awarded to you for your help. Thanks again.
ASKER
Oops, I thought I posted my working script. Here are the relative portion. I still don't actually know what kept it from working. Once I had a working script, I copied portions of the old script into the working script to try to identify the problem. It always worked!! Mercy!!
$ENV{HOME} = '/home/shearer';
$ENV{PATH} = '/usr/lib';
$ENV{IFS} = '';
$recipient = 'customerservice@get-onit. com';
open (MAIL, "|/usr/lib/sendmail -t");
print MAIL "To: $recipient\n";
print MAIL "Subject: Message from website.\n\n";
print MAIL "------------------------- ---------- ------\n";
print MAIL "From: $FORM{'from'}\n";
print MAIL "Message: $FORM{'message'}\n";
close (MAIL);
$ENV{HOME} = '/home/shearer';
$ENV{PATH} = '/usr/lib';
$ENV{IFS} = '';
$recipient = 'customerservice@get-onit.
open (MAIL, "|/usr/lib/sendmail -t");
print MAIL "To: $recipient\n";
print MAIL "Subject: Message from website.\n\n";
print MAIL "-------------------------
print MAIL "From: $FORM{'from'}\n";
print MAIL "Message: $FORM{'message'}\n";
close (MAIL);