execvp /usr/bin/proxmox-mail-forward: Permission denied

C

Cayuga

Renowned Member
May 3, 2011
86
0
71
I have a few proxmox nodes and only one of them is getting this error:
Code: 
(temporary failure. Command output: local: fatal: execvp /usr/bin/proxmox-mail-forward: Permission denied)
  • It only seems to happen with Replication Job emails
  • I can send emails from the command line and it works fine.
  • I have checked every permission that I can think of (and compared them to the working nodes)
  • postfix flush doesn't help
Any thoughts on where I can look?

Thanks!
 
What is the output of stat /usr/bin/proxmox-mail-forward?
Also, what is your pveversion -v?
 
Here is the output from those two commands. Let me know if you need anything else. Thanks!

Code: 
% stat /usr/bin/proxmox-mail-forward
  File: /usr/bin/proxmox-mail-forward
  Size: 981448          Blocks: 1920       IO Block: 4096   regular file
Device: 0,26    Inode: 27840635    Links: 1
Access: (4755/-rwsr-xr-x)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2023-09-18 08:00:28.575604412 -0400
Modify: 2023-05-26 10:01:04.000000000 -0400
Change: 2023-07-18 22:37:12.420312803 -0400
 Birth: 2023-07-18 22:37:12.384312770 -0400

% pveversion -v
proxmox-ve: 8.0.1 (running kernel: 6.2.16-4-pve)
pve-manager: 8.0.3 (running version: 8.0.3/bbf3993334bfa916)
pve-kernel-6.2: 8.0.3
pve-kernel-6.2.16-4-pve: 6.2.16-5
ceph-fuse: 16.2.11+ds-2
corosync: 3.1.7-pve3
criu: 3.17.1-2
glusterfs-client: 10.3-5
ifupdown: residual config
ifupdown2: 3.2.0-1+pmx3
ksm-control-daemon: 1.4-1
libjs-extjs: 7.0.0-3
libknet1: 1.25-pve1
libproxmox-acme-perl: 1.4.6
libproxmox-backup-qemu0: 1.4.0
libproxmox-rs-perl: 0.3.0
libpve-access-control: 8.0.3
libpve-apiclient-perl: 3.3.1
libpve-common-perl: 8.0.6
libpve-guest-common-perl: 5.0.3
libpve-http-server-perl: 5.0.4
libpve-rs-perl: 0.8.4
libpve-storage-perl: 8.0.2
libqb0: 1.0.5-1
libspice-server1: 0.15.1-1
lvm2: 2.03.16-2
lxc-pve: 5.0.2-4
lxcfs: 5.0.3-pve3
novnc-pve: 1.4.0-2
proxmox-backup-client: 3.0.1-1
proxmox-backup-file-restore: 3.0.1-1
proxmox-kernel-helper: 8.0.2
proxmox-mail-forward: 0.2.0
proxmox-mini-journalreader: 1.4.0
proxmox-offline-mirror-helper: 0.6.2
proxmox-widget-toolkit: 4.0.6
pve-cluster: 8.0.2
pve-container: 5.0.4
pve-docs: 8.0.4
pve-edk2-firmware: 3.20230228-4
pve-firewall: 5.0.3
pve-firmware: 3.7-1
pve-ha-manager: 4.0.2
pve-i18n: 3.0.5
pve-qemu-kvm: 8.0.2-3
pve-xtermjs: 4.16.0-3
qemu-server: 8.0.6
smartmontools: 7.3-pve1
spiceterm: 3.3.0
swtpm: 0.8.0+pve1
vncterm: 1.8.0
zfsutils-linux: 2.1.12-pve1
 
I rebooted to be running the latest kernel

Code: 
% stat /usr/bin/proxmox-mail-forward
  File: /usr/bin/proxmox-mail-forward
  Size: 981448          Blocks: 1920       IO Block: 4096   regular file
Device: 253,1   Inode: 2362910     Links: 1
Access: (4755/-rwsr-xr-x)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2023-09-21 00:42:31.248060075 -0400
Modify: 2023-05-26 10:01:04.000000000 -0400
Change: 2023-07-20 09:46:54.297604317 -0400
 Birth: 2023-07-20 09:46:54.265604455 -0400

% pveversion -v
proxmox-ve: 8.0.1 (running kernel: 6.2.16-4-pve)
pve-manager: 8.0.3 (running version: 8.0.3/bbf3993334bfa916)
pve-kernel-6.2: 8.0.3
pve-kernel-6.2.16-4-pve: 6.2.16-5
ceph-fuse: 16.2.11+ds-2
corosync: 3.1.7-pve3
criu: 3.17.1-2
glusterfs-client: 10.3-5
ifupdown: residual config
ifupdown2: 3.2.0-1+pmx3
ksm-control-daemon: 1.4-1
libjs-extjs: 7.0.0-3
libknet1: 1.25-pve1
libproxmox-acme-perl: 1.4.6
libproxmox-backup-qemu0: 1.4.0
libproxmox-rs-perl: 0.3.0
libpve-access-control: 8.0.3
libpve-apiclient-perl: 3.3.1
libpve-common-perl: 8.0.6
libpve-guest-common-perl: 5.0.3
libpve-http-server-perl: 5.0.4
libpve-rs-perl: 0.8.4
libpve-storage-perl: 8.0.2
libqb0: 1.0.5-1
libspice-server1: 0.15.1-1
lvm2: 2.03.16-2
lxc-pve: 5.0.2-4
lxcfs: 5.0.3-pve3
novnc-pve: 1.4.0-2
proxmox-backup-client: 3.0.1-1
proxmox-backup-file-restore: 3.0.1-1
proxmox-kernel-helper: 8.0.2
proxmox-mail-forward: 0.2.0
proxmox-mini-journalreader: 1.4.0
proxmox-offline-mirror-helper: 0.6.2
proxmox-widget-toolkit: 4.0.6
pve-cluster: 8.0.2
pve-container: 5.0.4
pve-docs: 8.0.4
pve-edk2-firmware: 3.20230228-4
pve-firewall: 5.0.3
pve-firmware: 3.7-1
pve-ha-manager: 4.0.2
pve-i18n: 3.0.5
pve-qemu-kvm: 8.0.2-3
pve-xtermjs: 4.16.0-3
qemu-server: 8.0.6
smartmontools: 7.3-pve1
spiceterm: 3.3.0
swtpm: 0.8.0+pve1
vncterm: 1.8.0
zfsutils-linux: 2.1.12-pve1
 
Hmm, so the permissions for the binary look correct.
Where exactly do you see this log message? In the system logs? Can you maybe provide the complete logs for that moment?

Also, does the following work? It should send a mail to the adress configured for the 'root@pam' user - unless changed this is the mail address that was entered during installation.

Code: 
$ sendmail root <<EOF
Subject: Test

This is a test.

EOF
 
Thanks Lukas!

No, the sendmail doesn't work. Here is what I see in the log:

Code: 
2023-09-26T09:31:23.256306-04:00 pie postfix/pickup[3578568]: 3E73DC15CC: uid=0 from=<root>
2023-09-26T09:31:23.264266-04:00 pie postfix/cleanup[3926841]: 3E73DC15CC: message-id=<20230926133123.3E73DC15CC@pie.zzz.com>
2023-09-26T09:31:23.265582-04:00 pie postfix/qmgr[3741867]: 3E73DC15CC: from=<root@pie.zzz.com>, size=271, nrcpt=1 (queue active)
2023-09-26T09:31:23.274069-04:00 pie local[3926844]: fatal: execvp /usr/bin/proxmox-mail-forward: Permission denied
2023-09-26T09:31:23.282956-04:00 pie postfix/local[3926843]: 3E73DC15CC: to=<root@pie.zzz.com>, orig_to=<root>, relay=local, delay=0.04, delays=0.02/0.01/0/0.01, dsn=4.3.0, status=deferred (temporary failure. Command output: local: fatal: execvp /usr/bin/proxmox-mail-forward: Permission denied )

Here is what I see from mailq:

Code: 
3E73DC15CC      271 Tue Sep 26 09:31:23  root@pie.zzz.com
(temporary failure. Command output: local: fatal: execvp /usr/bin/proxmox-mail-forward: Permission denied)
                                         root@pie.zzz.com
 
That is odd.
Have you modified the configuration files for Postfix in any way?
 
No, I also diffed them against a working node and the only difference was
Code: 
myhostname
 
Code: 
% /usr/bin/python3 test.py
SyntaxError: Non-UTF-8 code starting with '\x95' in file /usr/bin/proxmox-mail-forward on line 1, but no encoding declared; see https://peps.python.org/pep-0263/ for details
 
Last edited:
bbgeek17 said:
What happens when you create a file:
Code: 
import os

command = ["python3", "/usr/bin/proxmox-mail-forward"]
os.execvp(command[0], command)

and then run it via: /usr/bin/python3 [filename]

Blockbridge : Ultra low latency all-NVME shared storage for Proxmox - https://www.blockbridge.com/proxmox
Click to expand...
This does not make any sense, as you are trying to let the python interpreter run proxmox-mail-forward as if it was a python script. proxmox-mail-forward is a proper binary, not a script ;)

What you can try is execute proxmox-mail-forward directly:
Code: 
/usr/bin/proxmox-mail-forward < test.eml

This will attempt to forward test.eml to the address configured for root@pam. You can source the .eml file by e.g. downloading a mail from your mail client.

Alternatively, you can also do this:

Code: 
proxmox-mail-forward <<EOF
Subject: Test   

This is a test.

EOF

Could you also show me the contents of /root/.forward?
 
Lukas,

Code: 
% proxmox-mail-forward <<EOF
Subject: Test   

This is a test.

EOF
%
Worked fine :)
Code: 
2023-09-29T08:30:03.109907-04:00 pie postfix/cleanup[726202]: 186BDC03B2: message-id=<20230929123003.186BDC03B2@pie.zzz.com>
2023-09-29T08:30:03.111001-04:00 pie postfix/qmgr[865712]: 186BDC03B2: from=<root@pie.zzz.com>, size=274, nrcpt=1 (queue active)
2023-09-29T08:30:03.415592-04:00 pie postfix/smtp[726217]: 186BDC03B2: to=<sysadmin@zzz.com>, relay=mail.zzz.com[172.16.156.97]:25, delay=0.33, delays=0.02/0.04/0.13/0.14, dsn=2.0.0, status=sent (250 2.0.0 0d956e8d Message accepted for delivery)
2023-09-29T08:30:03.415730-04:00 pie postfix/qmgr[865712]: 186BDC03B2: removed

Code: 
% cat /root/.forward

|/usr/bin/proxmox-mail-forward

%  ls -ld /root/.forward
-rw-r--r-- 1 root root 32 Sep 25 05:39 /root/.forward

%
 
I did some reading, apparently Postfix uses the nobody user to invoke forwarding scripts/filters.
Could you try running proxmox-mail-foward as this user? You might need to install sudo first, in case you have not installed it yet.

Code: 
sudo -u nobody proxmox-mail-forward <<EOF
Subject: Test   

This is a test.

EOF
 
Code: 
% sudo -u nobody proxmox-mail-forward <<EOF
Subject: Test   

This is a test.

EOF
sudo: unable to execute /usr/bin/proxmox-mail-forward: Permission denied

Code: 
-rwsr-xr-x 1 root root 981448 May 26 10:01 /usr/bin/proxmox-mail-forward
drwxr-xr-x 2 root root 36864 Oct  2 08:12 /usr/bin
drwxr-xr-x 12 root root 4096 Feb 10  2023 /usr
drwxr-xr-x 21 root root 4096 Jul 20 09:47 /
 
Hi,
just a guess, but did you install/configure any security hardening features that might restrict execution of setuid binaries or the nobody user?
 
Not that I know of. I believe that all of the packages I've installed are on multiple nodes and this is the only node with this problem.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back