BubbleWrap jail for PHP - mail issue

[erick85]

Has anyone managed to configure BubbleWrap jail for PHP (fast cgi) to get mail() to work? On a fresh DA installation (and also on another, long working server), I ran such a list of commands:

cd /usr/local/directadmin/custombuild
./build update
./build bubblewrap
./build jailshell
./build set eximconf yes
./build exim_conf
./build jailshell
echo "action=rewrite&value=jail"> /usr/local/directadmin/data/task.queue
/usr/local/directadmin/dataskq d

Which is compatible with https://directadmin.com/features.php?id=2740 and https://directadmin.com/features.php?id=2843.

I tried a few other commands, but also to no avail:

./build exim
./build rewrite_confs

There are no errors from the script, the logs (http/exim) are also empty. With jailshell disabled, mail() works fine. In my opinion, there is no way that there is no bug here, but Support says everything is working properly. I wonder where the truth lies, and if I'm wrong, where can I make a mistake?

 

[factor]

If you have csf
Did you check if 25 is open.

Does mail work in Roundcube?

You might ./build php
Since it’s mail() which I believe is php mail.

You might run ./build all
To just update everything

 

[erick85]

If you have csf
Did you check if 25 is open.

CSF/firewalld disabled.

Does mail work in Roundcube?

I don't use roundcube, but I also don't mean smtp authorized sending, but PHP's mail() function. Without jailshell it works fine.

You might ./build php
You might run ./build all

I've tried it all. That's why I reported it as a bug to support, but support says everything is fine. Now I'm looking for someone who uses jaillshell and can confirm or deny that I am wrong.

 

[factor]

Not many use jailshell because it’s new...aka might be buggy.

I have only seen a few posts on it ever. You might research bubble wraps docs and see what you find.

Btw
Welcome to the forum and DA as I see you are new.

 

[erick85]

I know and I have no fault whatsoever. But I must admit that I am particularly interested in the approach of one person from the support, who does not accept the fact that soft may have a bug. Each time I have the answer: "You don't have a paid support, so don't disturb." While I don't expect any support, I just want to report a bug

I am new to the forum, although I have been using DA for over 10 years It is a pity that the support approach has changed so much. And Hi

 

[factor]

DA for over 10 years

Well, you are late but glad you made it.

I just want to report a bug

That has actually been a topic lately. Where to file Bug reports. They don't have an official place.

Sub-Accounts for /clients area and new Tickets

Hello, Sub-Accounts As many of our clients have larger teams to manage licenses and support tickets, we've added "Sub-Account" functionality to the /clients area, which can be accessed from:/clients » Profile Icon (top-right) » Account » Sub-Accounts Tab This page lets you add E-Mail accounts...

forum.directadmin.com

Add a bug reporting portal - Feature requests - DirectAdmin Feedback

Please add a real way to report bugs. Please make it so License holders can sign in, report and follow bugs. Something like bugzilla.redhat.com/index.cgi see forum.directadmin.com/threads/sub-accounts-for-clients-area-and-new-tickets.62093/post-319812

feedback.directadmin.com

support approach has changed so much

Well not sure it changed but got overwhelmed. They haven't Pivoted yet. Not sure what they are waiting for but I don't own the company.

might be buggy

What I mean by this is I stay far away from stuff that is really new or just introduced. Like a lot of people will be clamoring for PHP 8 soon. You never want to jump on we just released this train. Also, DA is really slow with the documentation aspect of anything new.

Hi

Stay well..

 

[Ohm J]

on my centos7 - nginx_apache
php-fpm56 with crontab or ssh

after ./build bubblewrap ./build jailshell
first you need to rebuild exim
./build exim

Otherwise you will got error Exim like , /etc/exim.conf doesn't exists

======================================================

after playing a littile time I got this 2 error
first you need to enter command
"/usr/bin/jailshell"

sendmail: recipient address [email protected] not accepted by the server
sendmail: authentication failed (method PLAIN)
sendmail: server message: 535 Incorrect authentication data
sendmail: could not send mail (account default from /home/admin/.msmtprc)
admin$ php /home/admin/testsendmail.php

then It's wrong password, then just exit and reenter again /usr/bin/jailshell

then I got this error

sendmail: server message: 550-Verification failed for <[email protected]>

sendmail: server message: 550 Sender verify failed

sendmail: could not send mail (account default from /home/admin/.msmtprc)

admin$ php /home/admin/testsendmail.php

[email protected] has exists in my Email Account List
and after I use [email protected] then can sending normally.

===========================================================
after more researching
I have :fail: in CMD_EMAIL_FORWARDER

like [email protected] => :fail:
this cause sendmail: server message: 550 Sender verify failed

BUT WITHOUT jailshell I can sending normally.

 

[erick85]

As I mentioned at the beginning, I did ./build exim afterwards - it didn't help. In /usr/local/safe-bin I can see that sendmail gets admin@, so that's a bad lead too.

PS. According to the PHP manpage in bubblewrap, it only works as fast cgi, so your PHP-FPM is probably running in standard mode.

 

[smtalk]

on my centos7 - nginx_apache
php-fpm56 with crontab or ssh

after ./build bubblewrap ./build jailshell
first you need to rebuild exim
./build exim

Otherwise you will got error Exim like , /etc/exim.conf doesn't exists

======================================================

after playing a littile time I got this 2 error
first you need to enter command
"/usr/bin/jailshell"

sendmail: recipient address [email protected] not accepted by the server
sendmail: authentication failed (method PLAIN)
sendmail: server message: 535 Incorrect authentication data
sendmail: could not send mail (account default from /home/admin/.msmtprc)
admin$ php /home/admin/testsendmail.php

then It's wrong password, then just exit and reenter again /usr/bin/jailshell

then I got this error

sendmail: server message: 550-Verification failed for <[email protected]>

sendmail: server message: 550 Sender verify failed

sendmail: could not send mail (account default from /home/admin/.msmtprc)

admin$ php /home/admin/testsendmail.php

[email protected] has exists in my Email Account List
and after I use [email protected] then can sending normally.

===========================================================
after more researching
I have :fail: in CMD_EMAIL_FORWARDER

like [email protected] => :fail:
this cause sendmail: server message: 550 Sender verify failed

BUT WITHOUT jailshell I can sending normally.

Maybe eximconf=no is set in your configuration? It requires latest exim configuration and latest jailshell script for mail function to work (from CLI/FastCGI etc.).

 

[erick85]

Maybe eximconf=no is set in your configuration?

As I said in first post, I tried:

cd /usr/local/directadmin/custombuild
./build update
./build bubblewrap
./build jailshell
./build set eximconf yes
./build exim_conf
./build jailshell
echo "action=rewrite&value=jail"> /usr/local/directadmin/data/task.queue
/usr/local/directadmin/dataskq d
./build exim
./build rewrite_confs

 

[smtalk]

As I said in first post, I tried:

I've quoted @jamgames2 there (a reply to his post).

Regarding your own case - I think it needs more debug details to be posted to give suggestions.

 

[erick85]

@smtalk Are there any commands from my list to properly run jailshell on a fresh DA installation for PHP running in fast cgi?
Shouldn't there be any references to exim in the files in /usr/local/safe-bin? Because I don't see them at the moment, unlike, for example, https://files.directadmin.com/services/custombuild/bubblewrap/jailshell-0.4.sh

--ro-bind-try /usr/local/bin/msmtp /usr/sbin/exim \
--ro-bind-try /usr/local/bin/msmtp /etc/alternatives/mta \

(of course I tried to add them there, but it didn't help).

 

[smtalk]

Neither of the commands you posted in your initial post touch the scripts in safe-bin. They're only touched on PHP build time. And yes, it's one of the places where the problem might be (or it might not).

I've read your other posts in this thread (to check if "./build update; ./build php" was there, it seems it wasn't).

It is a pity that the support approach has changed so much.

There was a choice in the past - license with support or without (90 days of support included). I'm sorry, but I think it's a pity when customers demand something they didn't want to have included with the license too. License type can be changed anytime. For customers who are not willing to support development/future of DA - forum is the place for the support (and possible bug reports as well). I think customers became so demanding, because they received what was not included with their license (support), and it was not fair from the perspective of the customers paying for the support. If there was a strict rule of 90 days of tech support in the beginning, there would likely be no complaints on this. I don't think life-time support would be a problem if someone would like to work in support department for a very low one-time fee (then the low one-time fee for a life-time license with support wouldn't become unprofitable).

 

[erick85]

Yes, they were - I wrote about it in the first two posts. I believe that if the DA installation was fresh (on the current OS), and all the commands were run, there is no way here that it is not a bug on the part of DA. In the ticket I offered you a ready environment for the test, but I heard that you will not check it without the purchased support. Okay, I just wanted to help / speed up the problem resolution.

As for the support, I would distinguish "silly" questions like: "how to add a domain" or "how to install exim" (i.e. every thing that can be found in the manual) from reporting software bugs. The software producer should want his software to work as well as possible and to be free from bugs, because thanks to this he will be able to sell more of this software.

 

[Ohm J]

@smtalk

everything is lastest version
exim_config => 4.5.30
jailshell_sh => 0.4

but when I have in Mail Forwarder like

[email protected] => :fail:
that I don't want to catch email from reply client or anything to inbound this mailbox.

It can't send email and got

sendmail: recipient address [email protected] not accepted by the server
sendmail: server message: 550-Verification failed for <[email protected]>
sendmail: server message: 550 Sender verify failed
sendmail: could not send mail (account default from /home/admin/.msmtprc)

normally without jailshell call, It's working fine.

==========================================
after researching more and more and more....

I change from :fail: to :blackhole:
In now every thing work perfectly

In now I need to find a way better than :blackhole: , because I can't use :fail: so sadly ;(