We just want to see logs. We don’t generally log into folks servers, for a variety of reasons.
The issue is that so far I’ve not seen a log else it would be simple to resolve.
I’m still going to build a new system to check it’s not an issue with the live system and will report back once this is done with logs if the issue exists or an update
So far what I have been able to establish is that Mail() tries to call sendmail and sendmail is missing from the jail, if you add it sendmail links to postfix and you there forhave to include the whole of postfix in to the jail as well. You also cant use SSL/TLS SMTP to resolve that issue as the CA Certs are also missing from the jail.
Oh, that’s expected. I thought you were trying to use a PHP module that sends via an SMTP connection to localhost.
To use the sendmail command, you certainly need sendmail in the jail. Can’t run a command that doesn’t exist. There is a jk_cp tool for copying a command and its libraries to the jail, or you can add it to your jail definition for newly created jails.
So we have to copy the whole of postfix to the jail then?
And why does it work by simply chaging the php mode from fpm to fcgi?
I don’t know. What happens when you use jk_cp to copy sendmail to the jail? I would expect a handful of other files (including some files from the Postfix package, since sendmail is provided by the Postfix package), but not the entire Postfix installation.
fcgi isn’t jailed. It runs under suexec and is not started with the users shell.
Ok, i will give it ago, from memory i dont remember the file but it was a .cf config file, possibly master.cf
sendmail can get option values from main.cf, but I’m not sure if it needs one. I think you can specify all options on the command line. But, I’m not sure, I’d hope it’d produce a useful error if a main.cf is required.
I don’t know of a master.cf connection, as that’s for configuring various services.
It’s 5am but ill test the file, running sendmail in the jail produced an error about a missing file ill report it here and try including it later on.
The missing ssl certs is an issue as well for smtp connections
1 Like
Yes, you’ll also need the system CA bundle if you’re making SSL/TLS connections. But, I was under the impression you’re sending via the local mail server (and getting there via the sendmail command), which doesn’t benefit from TLS. Local connections are fine unencrypted…only root capable users could see it, and they could see everything regardless.
Hey Joe,
We have a few sites that do things different ways 
Some use an SMTP plugin to email using another service like smtp2go for example.
OK, so to complete what I mentioned last night this is the error, I am continuing to test things now.
sendmail: fatal: open /etc/postfix/main.cf: No such file or directory
OK, some more testing and after adding the below to the jail we get stuck on this error.
jk_cp -j /home/chroot/175058694147486 /etc/postfix/main.cf
jk_cp -j /home/chroot/175058694147486 /etc/mailname
jk_cp -j /home/chroot/175058694147486 /var/spool/postfix
jk_cp -j /home/chroot/175058694147486 /usr/sbin/postdrop
@mail:~$ sendmail
postdrop: warning: mail_queue_enter: create file maildrop/887464.50647: Permission denied
postdrop: warning: mail_queue_enter: create file maildrop/887659.50647: Permission denied
This then hangs indefinitely.
UPDATE:
OK,
So after some tinkering importing the whole of postfix into the jail and getting it to work seemed daft and over the top I installed msmtp and added this in to the jail with user based config.
find the JailID using mount
You should see something like this
/dev/sda1 on /home/chroot/1750594974102064/home/domainname type ext4 (rw,relatime,quota,usrquota,grpquota,errors=remount-ro)
The below was all ran as root.
sudo apt install msmtp
jk_cp -j /home/chroot/1750594974102064 /usr/bin/msmtp
mkdir -p /home/chroot/1750594974102064/usr/sbin
ln -s /usr/bin/msmtp /home/chroot/1750594974102064/usr/sbin/sendmail
I then made a config file as the user
su - USERNAME
nano /home/chroot/1750594974102064/etc/msmtprc
Paste this in
defaults
auth off
account local
host localhost
port 25
from noreply@yourdomain.com
account default : local
I can now send emails from wordpress fine and my test script.
The correct from address us used as well from the sendmail command ignoring the one in the config file.
I’m not sure how to easily expand this to 200 websites though Is it possible to have some help with this?
Yeah, that does seem over the top and is a lot more trouble than I expected, but now that I think of it, sendmail does need to be able to drop mail into the queue, and obviously a jailed user can’t do that.
I think the right thing is to get a sendmail command in the jail that is configured to use SMTP to send via 127.0.0.1. It might be possible to bind mount the maildrop directory into the jail, though.
I’ll have to think on it and do some testing.
The issue here is that sendmail on Debian (unsure if Virtualmin is doing it) is symlinked to postfix.
sendmail is not actually installed.
No, that’s not the issue.
sendmail, the command for sending mail, is provided by Postfix or Sendmail or exim or probably any other MTA. We’re not talking about the MTA Sendmail, we’re talking about the command for sending email from the command line (there are many such commands, but sendmail is a very commonly used one, and it is provided by all popular MTAs).
To be clear, installing Sendmail (the MTA) in the jail or the host is not a solution to this problem.
The problem is that sendmail provided by Postfix defaults to sending email by dropping the message into a maildrop directory, and Postfix (the MTA) sees that new file, queues it for delivery and removes it from the maildrop directory. This is a problem because the maildrop directory exists on the host filesystem and is inaccessible to the jail. Merely creating the directory in the jail doesn’t solve the problem because it’s not the special directory Postfix checks for new mail to queue…a bind mount would probably work, though.
The two possible simple solutions I see are:
- Configure
sendmail(anysendmail, not the MTA Sendmail) to send via SMTP to 127.0.0.1 on port 25. - Bind mount the
maildropdirectory into the jail.
Option 1 has several possible solutions (the “any sendmail” bit). There are other commands that do what sendmail does, some are simpler, some are configurable in various ways to do various things. If the Postfix sendmail cannot be configured to relay through localhost:25 without a lot of complexity, there are probably other mail sending commands that can.
Is the method I ran prior using msmtp and copying it into the jail not a solution?
Sorry for my ignorance, I sort of skimmed through the thread.
Seems you’re having troubles using “mail” function in WordPress due to your user being in a “jailed” environment.
Why not simply install an SMTP plugin for WordPress then have WordPress use that instead of attempting to use the “mail” function?
Yes! It’s one variant of option 1 I just discussed. It is a sendmail compatible tool for sending email.