622542 – [SOLVED] mail-mta/nullmailer not working as-expected (nullmailer-send is never triggered)

Bug 622542 - [SOLVED] mail-mta/nullmailer not working as-expected (nullmailer-send is never triggered)

Summary: [SOLVED] mail-mta/nullmailer not working as-expected (nullmailer-send is neve...

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Linux bug wranglers

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2017-06-23 16:49 UTC by Gordon Pritchard
Modified:	2017-06-23 17:09 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Gordon Pritchard 2017-06-23 16:49:39 UTC

I have several kvm/QEMU virtual guests (hardened Gentoo), running on several different Gentoo hosts.  Nullmailer-send isn't getting invoked, and therefore mail jams up in the queue, and is never sent.

Observation 1:
Manually invoking nullmailer-send as user 'root' within the guest VM works - the queue is flushed and mail gets delivered as-expected.

Observation 2:
In addition to VM guests, I have many standalone hardened servers with nullmailer installed.  These are historical/legacy machines, where nullmailer has worked fine for ~15yrs, and continues to do so.  So, our site-configuration is well-known, well-tested, well-documented.

Observation 3:
A crucial difference appears between the working/legacy nullmailer, and the more-recent non-working kvm VMs:

Working-server directory structure:
# ls -al /var/nullmailer/
total 1
drwxr-xr-x  5 root     root     144 Jun 23  2015 .
drwxr-xr-x 17 root     root     496 Mar  6  2013 ..
drwxrwx---  2 nullmail nullmail  96 Jun 23 03:12 queue
drwxr-xr-x  4 root     root     152 Jun 23  2015 service
drwxrwx---  2 nullmail nullmail 120 Jun 23 03:12 tmp
prw-rw----  1 nullmail nullmail   0 Jun 23 03:12 trigger


Non-Working-server directory structure:
# ls -al /var/nullmailer/
total 0
drwxr-xr-x  3 nullmail root  20 Jun 20 12:00 .
drwxr-xr-x 13 root     root 154 Oct 18  2016 ..
drwxr-xr-x  4 root     root  46 Jun 21 11:15 service


For both the working and non-working situations, nullmailer runs under svscan, and uses the openrc init-system.  Kernel-notification features are the same between working/non-working:

# cat /usr/src/linux/.config | grep NOTIFY
CONFIG_FB_NOTIFY=y
CONFIG_FSNOTIFY=y
CONFIG_DNOTIFY=y
CONFIG_INOTIFY_USER=y
CONFIG_FANOTIFY=y

This isn't a new experience (non-working nullmailer in a hardened VM); for at least the past year when I encountered this issue, I would 'sigh' and install Postfix instead.  In a round-about way, this also implies the behaviour does not depend on GCC-4 transition to GCC-5, for one example.

Thanks for looking!

Comment 1 Gordon Pritchard 2017-06-23 17:09:13 UTC

Examining the file-structure more-closely:

Working-server directory structure:
# ls -al /var/spool/nullmailer/
ls: cannot access /var/spool/nullmailer/: No such file or directory


non-Working-server directory structure:
# ls -al /var/spool/nullmailer/
total 0
drwxr-xr-x 6 root     root      69 Jun 22 09:30 .
drwxr-xr-x 4 root     root      46 Jun 20 12:00 ..
drwx------ 2 root     root       6 Jun 20 12:00 failed
drwxrwx--- 2 nullmail nullmail 132 Jun 23 03:10 queue
drwxr-xr-x 3 root     root      26 Jun 22 09:30 service
drwxrwx--- 2 nullmail nullmail  40 Jun 23 03:10 tmp
prw-rw---- 1 nullmail nullmail   0 Jun 22 09:30 trigger


SOLUTION:
Re-configure svscan to supervise this different location:

# ln -fs /var/spool/nullmailer/service /service/nullmailer
# /etc/init.d/svscan restart


Somewhere along the line, it seems /var/nullmailer got changed to /var/spool/nullmailer.  Updating our internal documentation will address this problem.  The only required change lies with svscan, and monitoring the correct directory.

Thank-you,