Wednesday·07·December·2011
automounter vs procmail //at 00:10 //by abe
At work we use .procmailrc
files generated
by CGIpaf to let non-technical users create forwards,
out-of-office mails, etc. and any combination thereof. This also has
the advantage that we can filter out double bounces and spam (which
also prevents us from being listed in spammer blacklists).
Unfortunately autofs (seems independent if autofs4 or autofs5 is used) seems to be unreliable if there are bursts of mount or umount requests, resulting either in “File or directory not found” error message while trying to access the home directory of a user, or “Directory not empty” error messages if the automounter tries to remove the mount point after unmounting. In that case a not mounted directory owned by root is left over.
In the end both cases lead to procmail behaving as if that user does
not have a .procmailrc
– which looks like
sporadically lost mails to those who forward all mails. (The mails
then can be found in the local default INBOX for that user.)
Additionally there are similar issues when the NFS servers are not available.
The most effective countermeasure we found so far was adding tests to
the global /etc/procmailrc
to check if the
user’s home directory exists and belongs to the correct user:
# ----------------- # Global procmailrc # ----------------- # For debugging, turn off if everything works well VERBOSE=1 LOGFILE=/var/log/procmail.log # This only works with bourne shells, $SHELL defaults to the user's # login shell. And by experience dash seems not work, so we use bash. OLDSHELL=$SHELL SHELL=/bin/bash # temporary failure (see EX_TEMPFAIL in /usr/include/sysexits.h) if # $LOGNAME is not set for some reason. (Just to be sure our paths # later on are not senseless. :0 * ? test -z "$LOGNAME" { LOG="Expected variable LOGNAME not set. " EXITCODE=75 :0 /dev/null } # temporary failure (see EX_TEMPFAIL in /usr/include/sysexits.h) if # $HOME is not readable. ~$LOGNAME does not seem to work, so this uses # a hard wired /home/. :0 * ? test ! -r /home/$LOGNAME { LOG="Home of user $LOGNAME not readable: /home/$LOGNAME " EXITCODE=75 :0 /dev/null } # temporary failure (see EX_TEMPFAIL in /usr/include/sysexits.h) if # $HOME has wrong owner. ~$LOGNAME does not seem to work, so this uses # a hard wired /home/. :0 * ? test ! -O /home/$LOGNAME { LOG="Home of user $LOGNAME has wrong owner: /home/$LOGNAME " EXITCODE=75 :0 /dev/null } […]
If you want to store a copy of these mails for debugging purposes on
every delivery attempt, replace /dev/null
with some Maildir or mbox only accessible for root.
One small but important part was to explicitly declare bash as shell for executing the tests, otherwise mails for users with tcsh or zsh as login shell filled up the mail queue and never get delivered (if the SHELL variable never gets fixed).
Only drawback so far: This leads to more lagging e-mail on e-mail
bursts also for those users who have no .procmailrc
– because procmail can’t check if there’s really
no .procmailrc
.
Extensive procmail documentation can be found online at the Procmail
Documentation Project as well as in the man pages procmail(1),
procmailrc(5) and procmailex(5).
Tagged as: autofs, autofs4, autofs5, automounter, bash, CGIpaf, E-Mail, forward, ISG, out-of-office, Postfix, procmail, procmailrc, Sysadmin, tcsh, zsh
// show without comments // write a comment