Forward mail to php script via Pipe

R3DGeek

Verified User
Joined
Nov 16, 2022
Messages
7
Hi,

I have been searching and testing many different setups to get this working.

I found out you can create the forward on a domain and select PIPE so that was perfect but I get errors.

R=virtual_aliases_nouser_nostar T=virtual_address_pipe: Child process of virtual_address_pipe transport returned 1 from command
And the pipe is then "|/usr/local/bin/php -q /home/user/domains/url/public_html/pipe.php"

but first I tried with just "| /home/user/domains/url/public_html/pipe.php" and then the error was
R=virtual_aliases_nouser_nostar T=virtual_address_pipe: Child process of virtual_address_pipe transport returned 127 (could mean unable to exec or command does not exist) from command

I did a chmod +x on the file. because I found something it has to be executable.
And I would like this way because time is of an issue when the mail comes in.

Any ideas that I did wrong?

Thank you in advance
 
I'm using a pipe too which is used for the ticket system.

Maybe it's just you masking things but I see you used /url/ in your statement here:
"|/usr/local/bin/php -q /home/user/domains/url/public_html/pipe.php"

This should be correct, I'm using this one:
Code:
"|/usr/local/bin/php -q /home/user/domains/domain.com/public_html/pipe.php"
and url is imho http://www.domain.com but it should be just as domain.com. However as said, maybe you masked it that way.
If that is the case it's exactly the same as you're using. Do not use a white space between the pipe character and the link to php.

You might also want to check the temp file Exim is using. If it's /temp for example, be sure it's chmod 1777.

Is the email address this pipe is being used for an existing one?
 
I'm using a pipe too which is used for the ticket system.

Maybe it's just you masking things but I see you used /url/ in your statement here:


This should be correct, I'm using this one:
Code:
"|/usr/local/bin/php -q /home/user/domains/domain.com/public_html/pipe.php"
and url is imho http://www.domain.com but it should be just as domain.com. However as said, maybe you masked it that way.
If that is the case it's exactly the same as you're using. Do not use a white space between the pipe character and the link to php.

You might also want to check the temp file Exim is using. If it's /temp for example, be sure it's chmod 1777.

Is the email address this pipe is being used for an existing one?

yeah it is the correct file path to that file so that should not be a problem. but I don't have a /temp only a /tmp folder on the server.
is there something special I have to do in the exim.conf maybe?
 
is there something special I have to do in the exim.conf maybe?
No. Piping should be working out of the box, I didn't need to make any changes either for piping to work, just put in that line as displayed with the " characters around it. So if you also used the " things, then it should be fine.
 
Code:
Could not open input file:

in the mail delivery i get this error could that maybe the issue that the process can't read the php file I'm trying to run
 
That could be the case. I don't know which php mode you're using.
I'm using php-fpm so I'm using it like this:
-rw-r--r-- 1 user user 917 2022-02-15 22:28 pipe.php

But maybe it's modsec or something which is preventing access?
 
That could be the case. I don't know which php mode you're using.
I'm using php-fpm so I'm using it like this:
-rw-r--r-- 1 user user 917 2022-02-15 22:28 pipe.php

But maybe it's modsec or something which is preventing access?

Thank you for the quick reply's but it is the same and still no luck
Also using php-fpm it is a new server as well so weird
 
Make sure /home/user/domains/url/public_html/pipe.php is not outputting anything to /dev/stdout or /dev/stderr. A mail pipe doesn't need to output anytime, otherwise that output will be picked up by the MTA and generate an error like you are seeing.

Alternatively, send an email to a mailbox on the server and then cat that message to your pipe script.

cat /home/%user%/imap/%domain%/%email%/Maildir/new/%anyfile% | /usr/local/bin/php -q /home/user/domains/url/public_html/pipe.php

And if the script prints anything, then that's your problem
 
My educated guess is that the user does not have permissions to access the /home/user/domains/url/public_html/pipe.php file. Not just that file, but ALL directories leading up to the pipe.php need to have user and/or group execute permissions for the process owner/group in order for that process to access the file. I am not 100% sure which user id exim will have at the time of a .forward, but I would assume it has already done a setuid() to become the user so the user would own the process but the group most likely would remain mail. So making sure the user has full execute permissions up to public_html and at least read permissions on pipe.php.
 
My educated guess is that the user does not have permissions to access the /home/user/domains/url/public_html/pipe.php file. Not just that file, but ALL directories leading up to the pipe.php need to have user and/or group execute permissions for the process owner/group in order for that process to access the file. I am not 100% sure which user id exim will have at the time of a .forward, but I would assume it has already done a setuid() to become the user so the user would own the process but the group most likely would remain mail. So making sure the user has full execute permissions up to public_html and at least read permissions on pipe.php.
rights could be the problem but what is the best way to check this?
 
The easiest would look something like this:
ls -ld /home/user/domains/url/public_html/
ls -ld /home/user/domains/url
ls -ld /home/user/domains
ls -ld /home/user

As for the user/group the process runs as, you might want to run a test and have your .forward pipe to a script that executes the command "id" which will give you the user and group of the process. Then you can make sure the above "ls -ld" outputs have the execute bit (displayed with an x) in the appropriate position (---x------- for the directory owners user id ------x---- for the directory group id and ---------x- for all other users). So if the process owner id matches the directory owner, then x should be in the 4th position, if the directory group matches the process's group then the x can be in the 7th position and if the directory isn't owned or in the same group as the process the x needs to be in the 10th position so that any process can change to that directory.

Of course, you could always move the location of the pipe.php file so that you don't need to worry about all the permissions, like for example, have it located in the same directory as the .forward or a sub-directory of that directory with the appropriate permissions.
 
I doubt it's a permission issue. The default umask for directory creation will set directories at 0755, which means the other bit has read and execute permissions.

I would encourage piping a message directly to the script from the command-line to see what it says.
 
I doubt it's a permission issue. The default umask for directory creation will set directories at 0755, which means the other bit has read and execute permissions.

I would encourage piping a message directly to the script from the command-line to see what it says.
could you give me an example then i can test tomorrow.

Thanks in advance for everyones input
 
Back
Top