Search code examples
phppostfix-mtawebmin

Virtualmin 'Feed to Program' can't open file

I'm running Virtualmin on a Centos6 vps server with several domains. I'm trying to send email to an email alias which forwards to a php script.

The email is returned undeliverable with the following message...

Command died with status 1: "php
/home/mydomain/public_html/mail_pipe.php". Command output: Could not
open input file: /home/mydomain/public_html/mail_pipe.php

I have the path defined as 

php /home/mydomain/public_html/mail_pipe.php

I've set file permissions to 0777+x

Inside mail_pipe.php I have a mail parsing script I have used before. Since that didn't work, right now I'm just trying to do something so I can see if the file was accessed, since the error msg says that it could not open the file.

#!/usr/bin/php -q
<?php
    $myFile = "steve.txt";
    $fh = fopen($myFile, 'a');

    $stringData = "File was opened \n";
    fwrite($fh, $stringData);
    fclose($fh);
?>

I'm pretty sure it's actually trying to open the right file, since I get a file not found error when the target file is not there.

I had help the last time I did this. He did all the server side set up, while I handled the php script. So I'm a little out of my element here.

Solution

  • So, after talking to Jamie about this, there's only a very limited use case for this particular workflow that works.

    But, there is a way to achieve what you're after, which is to create a user for this action, and then login to Usermin as that user and setup the forwarding to your script as that user.

    The reason it doesn't work in Virtualmin is that the aliases are being processed as the nobody (or whatever the postfix user on your system is) user, which has no access to user home directories. When creating it under Usermin, it will execute the action via procmail as the user that created the rule, and so the user will have the permissions needed to run the script and write to the file.

    An alternative workaround, if the script doesn't need to write anything to the user's home (such as a complex auto-responder or something) would be to put your script in a location that nobody has access to.

    We're currently discussing whether to remove this from the Virtualmin form (since it has such limited use and can be confusing), or to make it actually work as expected. I lean toward making it work as expected, but doing it securely given the current way things work might be challenging.