No access to mailboxes??

All types of networks, network stacks, and protocols supported by OpenVMS.
Post Reply

Topic author
willemgrooters
Valued Contributor
Posts: 87
Joined: Fri Jul 12, 2019 1:59 pm
Reputation: 0
Location: Netherlands
Status: Offline
Contact:

No access to mailboxes??

Post by willemgrooters » Wed Dec 22, 2021 4:32 am

I copied one DS10 completely to another one, network addresses changed (obviously), upgraded to VSI 0842L1 under coimmunity license) and started. Runs fine, except for one thing. Arriving mail is sent to a front-end (Process Precise Mail AntiSpam) that worked great on the original machine, even to non-privileged users. On the copy, the program has of course been altered to match the new IP address, and works fine for system users ([1, ...]) but for others ([200,...]) it cannot access the mail files, though SYSTEM and USER have sufficient protection (al least RW): the SMTP logfiles states:

%%%%%%%%%%%% 21-DEC-2021 19:38:19.91 %%%%%%%%%%%%
%MAIL-E-SENDERR, error sending to user (user)
-MAIL-E-OPENOUT, error opening USER:[(user)]MAIL.MAI as output
-RMS-E-PRV, insufficient privilege or file protection violation

I can no longer check the original settings because that system now fails to start - completely...

User avatar

arne_v
Master
Posts: 299
Joined: Fri Apr 17, 2020 7:31 pm
Reputation: 0
Location: Rhode Island, USA
Status: Offline
Contact:

Re: No access to mailboxes??

Post by arne_v » Wed Dec 22, 2021 8:51 am

The problems sounds like a classic SOGW RWED problem.

Does MAIL.MAI exist?

If not try creating it by sending a local email.
Arne
arne@vajhoej.dk
VMS user since 1986


Topic author
willemgrooters
Valued Contributor
Posts: 87
Joined: Fri Jul 12, 2019 1:59 pm
Reputation: 0
Location: Netherlands
Status: Offline
Contact:

Re: No access to mailboxes??

Post by willemgrooters » Wed Dec 22, 2021 11:08 am

I have found the reason (ownership of directiry and files) because the used backup command lacked /by_owner. Changed ownership and restarted pmas, mail is now received by recepient


Topic author
willemgrooters
Valued Contributor
Posts: 87
Joined: Fri Jul 12, 2019 1:59 pm
Reputation: 0
Location: Netherlands
Status: Offline
Contact:

Re: No access to mailboxes??

Post by willemgrooters » Sun Mar 26, 2023 7:07 am

The same problem seems to exist on the original system now, after I installed VSI 0842L1; In this case, the rest of the environment wasn't changed. I checked ownership and access to the user directory and mail files: Directory owned by [SYSTEM], access (RWED,RWED,RE,RE); mail.mai owned by [SYSTEM], acces (RW,RW,,). However, the system where I had this problem originally is out of order for the moment (hardware issue where I have no access to the disks...) so I cannot check how it should be set.
After I changed ownership of the user's directory, the message wasn't delivered, I got the message in SMTP logfile

%MAIL-E-SENDERR, error sending to user <user>
-MAIL-E-OPENOUT, error opening USER:[000000](user).DIR as output
-RMS-E-PRV, insufficient privilege or file protection violation
Local part : POSTMASTER
550 %TCPIP-E-SMTP_XFAIL, remote transaction failure, (sender domain)
Local part : SYSTEM
Last edited by willemgrooters on Sun Mar 26, 2023 7:38 am, edited 1 time in total.


sms
Master
Posts: 310
Joined: Fri Aug 21, 2020 5:18 pm
Reputation: 0
Status: Offline

Re: No access to mailboxes??

Post by sms » Sun Mar 26, 2023 8:34 am

Code: Select all

> [...]  I checked ownership and access to the user directory and mail
> files: Directory owned by [SYSTEM], access (RWED,RWED,RE,RE); mail.mai
> owned by [SYSTEM], acces (RW,RW,,). [...]

   Eh?  Why would a user _not_ own his own home directory and mail file?
Around here, for example:

its $ show logi sys$login
   "SYS$LOGIN" = "ITS$DKA0:[SMS]" (LNM$PROCESS_TABLE)
   "SYS$LOGIN" = "HOME_SMS:[SMS]" (LNM$JOB_8A99D600)

its $ show logi HOME_SMS
   "HOME_SMS" = "HOME_DEV0:" (LNM$SYSTEM_TABLE)
1  "HOME_DEV0" = "ITS$DKA0:" (LNM$SYSTEM_TABLE)


its $ mail

MAIL> show all
Your mail file directory is HOME_SMS:[SMS.MAIL].
Your current mail file is ITS$DKA0:[SMS.MAIL]MAIL.MAI.
[...]

its $ dire /owne /prot ITS$DKA0:[000000]SMS.DIR, [SMS]MAIL.DIR, -
 [SMS.MAIL]MAIL.MAI

Directory ITS$DKA0:[000000]

SMS.DIR;1            [SMS]                            (RWE,RWE,RE,E)

Total of 1 file.

Directory ITS$DKA0:[SMS]

MAIL.DIR;1           [SMS]                            (RWE,RWE,,)

Total of 1 file.

Directory ITS$DKA0:[SMS.MAIL]

MAIL.MAI;1           [SMS]                            (RW,RW,,)

Total of 1 file.

Grand total of 3 directories, 3 files.

   I see "SYSTEM" nowhere in there.


> [...] Arriving mail is sent to a front-end (Process Precise Mail
> AntiSpam) [...]

   I know nothing about it, but I'd guess that some executable is
installed with privileges.  But I wouldn't expect it (or anyone else) to
write mail for some user to a file (with (RW,RW,,) protection) which is
owned by some other user (like, say, SYSTEM).


> [...] because the used backup command lacked /by_owner. [...]

   Sounds plausible to me.  Could be a big job to fix it all, too.


Topic author
willemgrooters
Valued Contributor
Posts: 87
Joined: Fri Jul 12, 2019 1:59 pm
Reputation: 0
Location: Netherlands
Status: Offline
Contact:

Re: No access to mailboxes??

Post by willemgrooters » Sun Mar 26, 2023 1:27 pm

Agreed, user should be owner, of course :)

I recall I have indeed used backup setting up this system as well; the original data is on disks that are no longer connected... Setting ownership of directory and .MAI files to this user solved part of the problem, left over was a return message to sender that amil bounced - which I didn't get before. After allowing W: RW access to the mail file, a message sent was now received.
There must be a 'nicer' way to do this (ACL for [TCPIP$AUX,TCPIP$SMTP] and others? Well, I could hook up the old disks and see how the original setup was; That worked...

Luckily, there are not that many users :)

On PMAS - as mentioned - this is the front-end accepting incoming requests, scans the message headers and content to detect spam (and potentially harmful content) but if accepted, the mail will be forwarded to TCPIP$SMTP to process it within the system - in fact: deliver it to the intended user


sms
Master
Posts: 310
Joined: Fri Aug 21, 2020 5:18 pm
Reputation: 0
Status: Offline

Re: No access to mailboxes??

Post by sms » Sun Mar 26, 2023 3:12 pm

Code: Select all

> [...] After allowing W: RW access to the mail file, a message sent was
> now received.
> There must be a 'nicer' way to do this (ACL for [TCPIP$AUX,TCPIP$SMTP]
> and others?

   None of that should be needed.  Around here, the results from
"DIRE /SECU" and "DIRE /OWNE /PROT" on these files are the same, so
there are no ACLs, and, as you can see, Group and World have no access. 
And I get local and SMTP e-mail with no such trouble.  Is your problem
with SMTP only, or both?

   If "W: RW access to the mail file" is needed, then you have some
other problem, I claim.  Ownership, privilege, INSTALL, ...?  I know
nothing, but INSTALL /LIST (here) says that TCPIP$SMTP_RECEIVER.EXE is
installed with "Prv", so I'd bet that it shouldn't need any such "help".

> [...] Well, I could hook up the old disks and see how the original
> setup was; That worked...

   I'd be tempted to start again, and do the BACKUP correctly this time.
Sure, you could try to find all the places where the (bad) copy differs
from the original, but who knows where they all are?  And how many will
you find only next month or next year, when something else breaks?


Topic author
willemgrooters
Valued Contributor
Posts: 87
Joined: Fri Jul 12, 2019 1:59 pm
Reputation: 0
Location: Netherlands
Status: Offline
Contact:

Re: No access to mailboxes??

Post by willemgrooters » Mon Mar 27, 2023 7:56 am

It's just mail that had the problem. There is nothing fancy on the system front, it has been installed without any particular settings. So what I found on INSTALL LIST should be fine; Just all that has to do with mail:
TCPIP$SMTP_RECEIVER;1
Open Hdr Shared Prv
...
MAILSHR;1 Open Hdr SharAddr Lnkbl
MAILSHRP;1 Open Hdr SharAddr Prot Lnkbl
...
TCPIP$SMTP_MAILSHR;1
Open Hdr Shared Lnkbl

The SMTP service, running on port 25 would run process TCPIP$SMTP but I guess it is triggered when a message arrives; there is no such process active at the moment.


sms
Master
Posts: 310
Joined: Fri Aug 21, 2020 5:18 pm
Reputation: 0
Status: Offline

Re: No access to mailboxes??

Post by sms » Mon Mar 27, 2023 10:11 am

Code: Select all

> It's just mail that had the problem. [...]

   Ok, but there are local mail and SMTP mail (at least).  I know
nothing about the details, but I'd expect some different software to be
involved.

   What I _do_ know is that only the owner should have RW[E] permission
on any of those mail-related directories/files.

> [...] So what I found on INSTALL LIST should be fine; [...]

   Around here:

ITS $ pipe install list | search sys$input mail, smtp
   MAIL;1           Open Hdr SharAddr 
   MAIL_SERVER;1    Open Hdr SharAddr Prv 
   DECW$MAILSHR;1   Open Hdr Shared            Lnkbl 
   TCPIP$SMTP_RECEIVER;1
[                   Open Hdr Shared   Prv            ]
[... DECwindows stuff ...]
   MAILSHR;1        Open Hdr SharAddr          Lnkbl 
   MAILSHRP;1       Open Hdr SharAddr     Prot Lnkbl 
   TCPIP$SMTP_MAILSHR;1
[                   Open Hdr Shared            Lnkbl ]

   "MAIL_SERVER.EXE" looks like DECnet, so you may not care.  (And
they're all owned by SYSTEM.)

   Rather than eliminate all mail privacy, I might look into (the
undocumented) SET WATCH command to try to see more precisely what fails
when it fails.


Topic author
willemgrooters
Valued Contributor
Posts: 87
Joined: Fri Jul 12, 2019 1:59 pm
Reputation: 0
Location: Netherlands
Status: Offline
Contact:

Re: No access to mailboxes??

Post by willemgrooters » Mon Mar 27, 2023 10:47 am

It is just mail from Internet. I'll check what went wrong now I know when it doesn't work. Thanks for helping.

Post Reply