Support Ticket Using Sendmail, Not Working

gistambo · July 19, 2023, 6:23pm

Greetings,
First of all, thank you for this wonderful app. We’ve deployed it less than 2 months ago, and we’re already seeing an uptick in resource usage at our HPC Center.

We’re trying to get the built-in Support Ticket from the Help menu working, and we’re running OOD version 3.01 on a RHEL 8 server. Our postfix daemon is up, and can successfully use the sendmail command with the -i and -f options:

Note that the second sendmail test from the image above does fail, and it shows in the logs:

However, when we test the support ticket form accessible from the Help dropdown menu, nothing gets logged in the maillog and we get this error message in the browser instead:

Here is our support_ticket.yml file:
support_ticket.yml.txt (1.1 KB)

Any assistance that you can offer is appreciated.

jeff.ohrstrom · July 19, 2023, 6:35pm

I think in Linux 126 means it’s not executable. When you tested in shell session you need 2 things - (1) to be an unprivileged user (i.e., not root) and (2) to conduct the test on the the server that OOD is running.

[~()]  touch foo
[~()]  ./foo
-bash: ./foo: Permission denied
[~()]  echo $?
126
[~()]

gistambo · July 19, 2023, 8:31pm

Both of these conditions were fulfilled while we were testing. We are STIG compliant and we do have many directories mounted with the noexec option. Does this app create and execute any temporary scripts?
Here’s our /etc/fstab file in case you need it.
fstab.txt (2.0 KB)

jeff.ohrstrom · July 19, 2023, 8:39pm

I don’t believe so, at this point we’re deep in the ruby libraries - but it appears to be just issuing a single command.

github.com

mikel/mail/blob/10a4443b9d4ffa71b9ad643ad86cc23ccc99f0f3/lib/mail/network/delivery_methods/sendmail.rb#L82


      
                popen(command) do |io|
                  io.puts ::Mail::Utilities.binary_unsafe_to_lf(envelope.message)
                  io.flush
                end
              end
          
              private
                def popen(command, &block)
                  IO.popen(command, 'w+', :err => :out, &block).tap do
                    if $?.exitstatus != 0
                      raise DeliveryError, "Delivery failed with exitstatus #{$?.exitstatus}: #{command.inspect}"
                    end
                  end
                end
            end
          end

Maybe get rid of that configuration to use sendmail and just use the default local SMTP server?

gistambo · July 19, 2023, 9:07pm

You were right, it was a permission issue. We have SELinux in enforcing mode with confined users. Once we turned that off, it started working. Here is the SELinux denial from the logs:

node=cauchy type=AVC msg=audit(07/19/2023 14:03:10.854:1101750) : avc: denied { execute } for pid=3575990 comm=sh name=sendmail.postfix dev=“dm-1” ino=402654539 scontext=system_u:system_r:ood_pun_t:s0 tcontext=system_u:object_r:sendmail_exec_t:s0 tclass=file permissive=0

Thanks for all the help

gistambo · July 20, 2023, 12:43am

We went back to the local smtp configuration, and SELinux isn’t an issue with this one, so we don’t have to create a custom SELinux policy. You can close this ticket

system · January 16, 2024, 12:43am

This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Support Ticket is not working Get Help question	4	528	December 5, 2023
Built in Support Ticket problem: Error: error=Net::ReadTimeout" Get Help	9	111	October 15, 2024
Support Ticket : execution expired Get Help	4	30	November 6, 2024
Support ticket questions Get Help question	13	544	April 20, 2024
Adding Support Email and URL to Help Menu Get Help	5	1533	May 26, 2022

Support Ticket Using Sendmail, Not Working

Related topics