Operating System - OpenVMS
cancel
Showing results for 
Search instead for 
Did you mean: 

MAIL-E-OPENOUT insufficient privilege or file protection violation

 
SOLVED
Go to solution
Highlighted
Frequent Advisor

MAIL-E-OPENOUT insufficient privilege or file protection violation

From some users, SMTP configuration work well, with other users there is the problem in subject.

The system is an Alphaserver ES40 OpenVms7.3 named A1 with TCPIP v.5.1 eco4, in attachment the SMTP configuration, the UAF configuration, the errors on the SMTP LOG file, the DIR/OWN/PROT output of the SMTP files.
18 REPLIES 18
Highlighted
Frequent Advisor

Re: MAIL-E-OPENOUT insufficient privilege or file protection violation


I done newer tests, changing the destination domain.


Seem that the problem is related to this:

if SMTP send to a WAN mail domain, such as my domain mauriziorondina.it all go well, instead if SMTP send to a LAN mail domain, the message "insufficient privilege or file protection" appear. Now I think that the problem not depend on OpenVms User Account, and that the error message is unappropriate.

Highlighted
Honored Contributor

Re: MAIL-E-OPENOUT insufficient privilege or file protection violation

Maurizio

May be not related, but the protection looks wrong for the SMTP directory, as I see

[TCPIP$AUX,TCPIP$BOOTP]
and I suppose it should be
[TCPIP$AUX,TCPIP$SMTP]

can you post a
$ mc authorize sh/bri tcpip$*

and a

$ dir/sec sys$sysdevice:[*]tcpip*.dir
Highlighted
Frequent Advisor

Re: MAIL-E-OPENOUT insufficient privilege or file protection violation


UAF> sho/bri tcpip$*
Owner Username UIC Account Privs Pri Directory

TCPIP$BIND TCPIP$BIND [3655,5] TCPIP Normal 8 SYS$SPECIFIC:[TCPIP$BIND]
TCPIP$BOOTP TCPIP$BOOTP [3655,1] TCPIP Normal 8 SYS$SYSDEVICE:[TCPIP$BOOTP]
TCPIP$DHCP TCPIP$DHCP [3655,6] TCPIP Normal 8 SYS$SYSDEVICE:[TCPIP$DHCP]
TCPIP$FTP TCPIP$FTP [3655,4] TCPIP Normal 8 SYS$SYSDEVICE:[TCPIP$FTP]
TCPIP$LPD TCPIP$LPD [3655,5] TCPIP Normal 8 SYS$SPECIFIC:[TCPIP$LPD]
TCPIP$NFS TCPIP$NFS [3655,7] TCPIP Normal 8 SYS$SYSDEVICE:[TCPIP$NFS]
TCPIP$PCNFS TCPIP$PCNFS [3655,11] TCPIP Normal 8 SYS$SYSDEVICE:[TCPIP$PCNFS]
TCPIP$PORTM TCPIP$PORTM [3655,10] TCPIP Normal 8 SYS$SYSDEVICE:[TCPIP$PORTM]
TCPIP$REXEC TCPIP$REXEC [3655,12] TCPIP Normal 8 SYS$SYSDEVICE:[TCPIP$REXEC]
TCPIP$RSH TCPIP$RSH [3655,2] TCPIP Normal 8 SYS$SYSDEVICE:[TCPIP$RSH]
TCPIP$SMTP TCPIP$SMTP [3655,13] TCPIP Normal 8 SYS$SPECIFIC:[TCPIP$SMTP]
TCPIP$SNMP TCPIP$SNMP [3655,4] TCPIP Normal 8 SYS$SYSDEVICE:[TCPIP$SNMP]


Highlighted
Frequent Advisor

Re: MAIL-E-OPENOUT insufficient privilege or file protection violation

$ dir/sec sys$sysdevice:[*]tcpip*.dir

Directory SYS$SYSDEVICE:[SYS0]

TCPIP$BIND.DIR;1 [TCPIP$AUX,TCPIP$BIND] (RWE,RWE,RE,E)
TCPIP$ETC.DIR;1 [1,1] (RWE,RWE,RE,RE)
TCPIP$LPD.DIR;1 [TCPIP$AUX,TCPIP$LPD] (RWE,RWE,RE,E)
TCPIP$SMTP.DIR;1 [TCPIP$AUX,TCPIP$BOOTP] (RWE,RWE,RE,E)

Total of 4 files.

Directory SYS$SYSDEVICE:[VMS$COMMON]

TCPIP$LIB.DIR;1 [SYSTEM] (RWE,RWE,RE,RE)

Total of 1 file.

Grand total of 2 directories, 5 files.
Highlighted
Honored Contributor
Solution

Re: MAIL-E-OPENOUT insufficient privilege or file protection violation

As TCPIP$BOOTP has the UIC [3655,1] and
TCPIP$SMTP has [3655,13], you should issue

$ set file sys$sysdevice:[sys0]tcpip$smtp.dir/own=[3655,13]

$ set file sys$sysdevice:[sys0.tcpip$smtp]*.*;*/own=[3655,13]

and then stop and start SMTP and Mail.

You will notice that your files have RE (read and execute) for the group, not write.
Highlighted
Honored Contributor

Re: MAIL-E-OPENOUT insufficient privilege or file protection violation

Could it be that the TCPIP$SMTP directory and its contents are owned by TCPIP$BOOTP.

All though the TCPIP accounts are normally in the same UIC group, there is no WRITE access for the group, in the prot string.

I know that your account has BYPASS, but I think this is not being accessed by the user, but by the SMTP process.

I had a similar problem with NTP not being able to start because the root directory was owned by a different TCPIP account.

HTH

Dave.
Highlighted
Frequent Advisor

Re: MAIL-E-OPENOUT insufficient privilege or file protection violation

Labadie,

Now i gave the following commands

set file /own=[TCPIP$AUX,TCPIP$SMTP] sys$specific:[000000]tcpip$smtp.dir

and

set file /own=[TCPIP$AUX,TCPIP$SMTP] sys$specific:[tcpip$smtp]*.*;*

and now also the LAN mail domain recipient, haven't problems.

Isnâ t clearly if there was a Internet mail domain problem or a OpenVms protection problem. Why before to set the correct owner, the mail to WAN recipients go well?

Tomorrow should start the automated weekly e-mail from E$USER1 and i will see if it work fine. Then i will inform you if all go well.
Highlighted
Frequent Advisor

Re: MAIL-E-OPENOUT insufficient privilege or file protection violation

to The Brit (HTH Dave),

Very strange that the SMTP activation wizard of TCPIP$CONFIG, set the TCPIP$SMTP_COMMON directory and his content with TCPIP$BOOTP owner. BOOTP service never enabled on this system; seems that the TCPIP owners are set randomly.

And strange that with a similar protection problem, mail to LAN mail domain, go well.
Highlighted
Trusted Contributor

Re: MAIL-E-OPENOUT insufficient privilege or file protection violation

Random ownership of TCP/IP accounts can happen when a SYSUAF and RIGHTSLIST pair get copied from an old system to a new one when the order of setting up TCP/IP Services has been different between the two systems. E.g. I buld a new server to take over from the old one, I configure all of the networking services, then copy the SYSUAF and RIGHTSLIST from the old system to the new one so that all of the user accounts come over.
The correct way to do this is to merge the files rather than copy one over the other.

Steve