Solved

CANNOT SEND EMAIL VIA CGI SCRIPT - "cannot create queue file"

Posted on 2004-04-20
11
1,706 Views
Last Modified: 2013-12-17
I have been trying to understand why I cannot send email from a Perl Script.  I have added a log funtion as to find out what is up.  The hosting company I am using is a bit touchy about me poking around their log files.  Here's the script:

#!/usr/local/bin/perl -T
 
use strict;
 
our($sec,$min,$hr,$mday,$mon,$year,$wday,$yday,$isdst,$longyr,$vmon,$recipient,$datestamp);
 

#########################
#### CONTROL MODULE #####
#########################
&procinput;
&setvars;
&sendmessage;
########################
########################
########################
 
 
##### INPUT ######
sub procinput {
        ($sec,$min,$hr,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time);
        $longyr = $year + 1900;
        $vmon = $mon + 1;
}
 
sub setvars {
        $ENV{HOME} = '/home/shearer';
        $ENV{PATH} = '/usr/lib';
        $ENV{IFS} = '';
        $recipient = 'webmaster@get-onit.com';
        $datestamp = ("$mon/$mday/$longyr at $hr:$min");
}
 
sub sendmessage {
        open (MAIL, "|/usr/lib/sendmail -t -X /home/shearer/mgmt/logs/mail.log -v");
        print MAIL "To: $recipient\n";
      print MAIL "Subject: ERROR AT GET ON IT\n\n";
        print MAIL "On $datestamp a request for $ENV{'REQUEST_URI'} caused an error.  The users name was $ENV{'USER_NAME'}.\n";
        close (MAIL);
}

The log entries that are created include the following messages:

05027 >>> collect: Cannot write ./dfi3KJjsRo005027 (bfcommit, uid=1567, gid=1569): Permission denied
05027 >>> queueup: cannot create queue file ./qfi3KJjsRo005027, euid=1567: Permission denied

/usr/lib/sendmail is a link to /usr/sbin/sendmail owned by root.  The hosting company has asked me to use the link.

/var/spool/mqueue is owned by root and the mail group.  permissions to /var/spool/mqueue are 755.  I have not verified that this is the queue indicated in sendmail.cf.  

The hosting company copied my script to a new script with www as the group but that didn't work either.  

It seems to me that 2 things are needed: 1) group permissions for /var/spool/mqueue need to include write and 2) my script needs to be apart of the mail group.

What am I missing?

Thanks

0
Comment
Question by:Shearer-Services
  • 7
  • 3
11 Comments
 
LVL 40

Expert Comment

by:jlevie
ID: 10874827
For that to work /usr/sbin/sendmail must be suid to root, which would be the normal configuration. We can tell if that's the case by looking at what 'ls -l /usr/sbin/sendmail' shows.
0
 

Author Comment

by:Shearer-Services
ID: 10876602
/usr/sbin/sendmail's  permissions are -rwsr-xr-x.  It is owned by root and the group is a site-specific group name.  If I understand setuid, the /usr/sbin/sendmail runs with my privileges.  Aren't I back to the issue that I, or /usr/sbin/sendmail acting for me, doesn't have access to /var/spool/mqueue?
0
 

Author Comment

by:Shearer-Services
ID: 10876611
I just had another thought.  Have I created a problem within my script by setting $ENV{PATH} = '/usr/lib';?  That is the path to the link not to sendmail.
0
 

Author Comment

by:Shearer-Services
ID: 10876698
It seems the path maybe at least part of the problem.  When I comment out the path statement, I don't get the error that I can't write to the queue.  Though, I have yet to actually receive mail at the intended address.  

I have extended the path statement in the script to $ENV{PATH} = '/usr/lib:/usr/sbin:/var/spool/mqueue';  but am still not allowed to write to the queue when this statement is uncommented.  Any thoughts?
0
 
LVL 40

Expert Comment

by:jlevie
ID: 10878117
The path set in the Perl script shouldn't matter becuse your code uses and absolute path "/usr/lib/sendmail" to invoke sendmail. Since it seems that the sendmail binary is suid to root, and thus should have sufficinet privs to write to /var/spool/mqueue I'd like to know what happens if you change "open (MAIL, "|/usr/lib/sendmail" to "open (MAIL, "|/usr/sbin/sendmail"
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 

Author Comment

by:Shearer-Services
ID: 10878405
I changed the path to sendmail to /usr/sbin/sendmail and sent a message.  As long as the path statement was commented out I received no errors in my log.  As soon as I used the path statement, I reveived the same errors stating that I don't have access to the queue.  The part that is getting me is that no mail is received at the address even when I get no errors.

I am considering using the -d switch.  Before I do, will the combination of -d and -X log the debug information to  /home/shearer/mgmt/logs/mail.log rather than the systems logs?

I see that -d40 debugs information about the queue.  But at this point, it seems I may have resolved the issue on the queue so, are there any recommendations about where to begin with the use of -d?

0
 
LVL 40

Accepted Solution

by:
jlevie earned 100 total points
ID: 10902664
On the face of it that makes no sense. Since the open() explicitly specifies an absolute path to the sendmail binary it should make no difference whether you set PATH or not. And certainly it should not affect permissions that sendmail runs as. Something else has to be going on.

Do you have login access to this server? If so I'd suggest trying a small Perl script and see if it can send outgoing email.
0
 

Author Comment

by:Shearer-Services
ID: 10902705
I have backed all the way out to sending a message from the shell command line.  That worked fine.  Your suggestion is my next step. I'll give it a try tonight and let you know what happens.  

Thanks.
0
 

Author Comment

by:Shearer-Services
ID: 10997103
Thanks for your help jlevie.  I have asked that the question be closed and a 100 points awarded to you for your help.  Thanks again.
0
 

Author Comment

by:Shearer-Services
ID: 10997128
Oops, I thought I posted my working script.  Here are the relative portion.  I still don't actually know what kept it from working.  Once I had a working script, I copied portions of the old script into the working script to try to identify the problem.  It always worked!!  Mercy!!

$ENV{HOME} = '/home/shearer';
$ENV{PATH} = '/usr/lib';
$ENV{IFS} = '';
$recipient = 'customerservice@get-onit.com';
                                                                                                               
open (MAIL, "|/usr/lib/sendmail -t");
print MAIL "To: $recipient\n";
print MAIL "Subject: Message from website.\n\n";
print MAIL "-----------------------------------------\n";
print MAIL "From: $FORM{'from'}\n";
print MAIL "Message: $FORM{'message'}\n";
close (MAIL);
0

Featured Post

How does your email signature look on mobiles?

Do your employees use mobile devices to reply to emails? With mobile becoming increasingly important to the business world, it is in your best interest to make sure that your email signature looks great across all types of devices.

Join & Write a Comment

Microsoft has released various new features which are capable of handling various tasks. One of these tasks is ‘Migration from pop3 to Exchange Server’. Pop3 data stores various data along mailboxes like contacts, tasks, etc. So, it becomes the need…
Granting full access permission allows users to access mailboxes present in their database. By giving full access permission one can open and read the content of any mailbox but cannot send emails from that mailbox.
Familiarize people with the process of utilizing SQL Server views from within Microsoft Access. Microsoft Access is a very powerful client/server development tool. One of the SQL Server objects that you can interact with from within Microsoft Access…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now