Solved

CANNOT SEND EMAIL VIA CGI SCRIPT - "cannot create queue file"

Posted on 2004-04-20
11
1,728 Views
Last Modified: 2013-12-17
I have been trying to understand why I cannot send email from a Perl Script.  I have added a log funtion as to find out what is up.  The hosting company I am using is a bit touchy about me poking around their log files.  Here's the script:

#!/usr/local/bin/perl -T
 
use strict;
 
our($sec,$min,$hr,$mday,$mon,$year,$wday,$yday,$isdst,$longyr,$vmon,$recipient,$datestamp);
 

#########################
#### CONTROL MODULE #####
#########################
&procinput;
&setvars;
&sendmessage;
########################
########################
########################
 
 
##### INPUT ######
sub procinput {
        ($sec,$min,$hr,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time);
        $longyr = $year + 1900;
        $vmon = $mon + 1;
}
 
sub setvars {
        $ENV{HOME} = '/home/shearer';
        $ENV{PATH} = '/usr/lib';
        $ENV{IFS} = '';
        $recipient = 'webmaster@get-onit.com';
        $datestamp = ("$mon/$mday/$longyr at $hr:$min");
}
 
sub sendmessage {
        open (MAIL, "|/usr/lib/sendmail -t -X /home/shearer/mgmt/logs/mail.log -v");
        print MAIL "To: $recipient\n";
      print MAIL "Subject: ERROR AT GET ON IT\n\n";
        print MAIL "On $datestamp a request for $ENV{'REQUEST_URI'} caused an error.  The users name was $ENV{'USER_NAME'}.\n";
        close (MAIL);
}

The log entries that are created include the following messages:

05027 >>> collect: Cannot write ./dfi3KJjsRo005027 (bfcommit, uid=1567, gid=1569): Permission denied
05027 >>> queueup: cannot create queue file ./qfi3KJjsRo005027, euid=1567: Permission denied

/usr/lib/sendmail is a link to /usr/sbin/sendmail owned by root.  The hosting company has asked me to use the link.

/var/spool/mqueue is owned by root and the mail group.  permissions to /var/spool/mqueue are 755.  I have not verified that this is the queue indicated in sendmail.cf.  

The hosting company copied my script to a new script with www as the group but that didn't work either.  

It seems to me that 2 things are needed: 1) group permissions for /var/spool/mqueue need to include write and 2) my script needs to be apart of the mail group.

What am I missing?

Thanks

0
Comment
Question by:Shearer-Services
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 3
11 Comments
 
LVL 40

Expert Comment

by:jlevie
ID: 10874827
For that to work /usr/sbin/sendmail must be suid to root, which would be the normal configuration. We can tell if that's the case by looking at what 'ls -l /usr/sbin/sendmail' shows.
0
 

Author Comment

by:Shearer-Services
ID: 10876602
/usr/sbin/sendmail's  permissions are -rwsr-xr-x.  It is owned by root and the group is a site-specific group name.  If I understand setuid, the /usr/sbin/sendmail runs with my privileges.  Aren't I back to the issue that I, or /usr/sbin/sendmail acting for me, doesn't have access to /var/spool/mqueue?
0
 

Author Comment

by:Shearer-Services
ID: 10876611
I just had another thought.  Have I created a problem within my script by setting $ENV{PATH} = '/usr/lib';?  That is the path to the link not to sendmail.
0
Why You Need a DevOps Toolchain

IT needs to deliver services with more agility and velocity. IT must roll out application features and innovations faster to keep up with customer demands, which is where a DevOps toolchain steps in. View the infographic to see why you need a DevOps toolchain.

 

Author Comment

by:Shearer-Services
ID: 10876698
It seems the path maybe at least part of the problem.  When I comment out the path statement, I don't get the error that I can't write to the queue.  Though, I have yet to actually receive mail at the intended address.  

I have extended the path statement in the script to $ENV{PATH} = '/usr/lib:/usr/sbin:/var/spool/mqueue';  but am still not allowed to write to the queue when this statement is uncommented.  Any thoughts?
0
 
LVL 40

Expert Comment

by:jlevie
ID: 10878117
The path set in the Perl script shouldn't matter becuse your code uses and absolute path "/usr/lib/sendmail" to invoke sendmail. Since it seems that the sendmail binary is suid to root, and thus should have sufficinet privs to write to /var/spool/mqueue I'd like to know what happens if you change "open (MAIL, "|/usr/lib/sendmail" to "open (MAIL, "|/usr/sbin/sendmail"
0
 

Author Comment

by:Shearer-Services
ID: 10878405
I changed the path to sendmail to /usr/sbin/sendmail and sent a message.  As long as the path statement was commented out I received no errors in my log.  As soon as I used the path statement, I reveived the same errors stating that I don't have access to the queue.  The part that is getting me is that no mail is received at the address even when I get no errors.

I am considering using the -d switch.  Before I do, will the combination of -d and -X log the debug information to  /home/shearer/mgmt/logs/mail.log rather than the systems logs?

I see that -d40 debugs information about the queue.  But at this point, it seems I may have resolved the issue on the queue so, are there any recommendations about where to begin with the use of -d?

0
 
LVL 40

Accepted Solution

by:
jlevie earned 100 total points
ID: 10902664
On the face of it that makes no sense. Since the open() explicitly specifies an absolute path to the sendmail binary it should make no difference whether you set PATH or not. And certainly it should not affect permissions that sendmail runs as. Something else has to be going on.

Do you have login access to this server? If so I'd suggest trying a small Perl script and see if it can send outgoing email.
0
 

Author Comment

by:Shearer-Services
ID: 10902705
I have backed all the way out to sending a message from the shell command line.  That worked fine.  Your suggestion is my next step. I'll give it a try tonight and let you know what happens.  

Thanks.
0
 

Author Comment

by:Shearer-Services
ID: 10997103
Thanks for your help jlevie.  I have asked that the question be closed and a 100 points awarded to you for your help.  Thanks again.
0
 

Author Comment

by:Shearer-Services
ID: 10997128
Oops, I thought I posted my working script.  Here are the relative portion.  I still don't actually know what kept it from working.  Once I had a working script, I copied portions of the old script into the working script to try to identify the problem.  It always worked!!  Mercy!!

$ENV{HOME} = '/home/shearer';
$ENV{PATH} = '/usr/lib';
$ENV{IFS} = '';
$recipient = 'customerservice@get-onit.com';
                                                                                                               
open (MAIL, "|/usr/lib/sendmail -t");
print MAIL "To: $recipient\n";
print MAIL "Subject: Message from website.\n\n";
print MAIL "-----------------------------------------\n";
print MAIL "From: $FORM{'from'}\n";
print MAIL "Message: $FORM{'message'}\n";
close (MAIL);
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microsoft has released various new features which are capable of handling various tasks. One of these tasks is ‘Migration from pop3 to Exchange Server’. Pop3 data stores various data along mailboxes like contacts, tasks, etc. So, it becomes the need…
Easy CSR creation in Exchange 2007,2010 and 2013
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question