|
Maybe you meant this.
ls -ld /var/spool/mail drwxrwxr-x 2 mail mail 4096 Jan 15 19:09 /var/spool/mail |
So this is the deal. All my mail is sitting in mqueue with these priveledges
ls -ld /var/spool/mqueue drwxr-xr-x 2 mail mail 4096 Jan 15 19:14 /var/spool/mqueue It must actually move the mail to /var/spool/mail/. I guess it cant for some reason. |
/usr/share/sendmail-cf/mailer/procmail.m4
_DEFIFNOT(`PROCMAIL_MAILER_FLAGS', `SPhnu9') I think this shows the S flag as being set. Is there a way to just rebuild this file. M4 loses all my changes to sendmail.cf and just messes stuff up. |
Moving mail from mqueue to mail should be done by the MTA, not by hand :-] So, what was sendmail's uid again, wasnt it "sendmail" and it's gid "mail"? If that's the case, and "ls -ld /var/spool/mqueue" turns up as uid and gid "mail" then sendmail can't use the mqueue if the permissions are set to 0750 (groupid 5; read and executable, not writable). (But why isnt the mqueue uid/gid "sendmail.mail"?)
M4 works like "m4 configfile.mc > processed_config.cf", and the procmail.mc is a part of the sendmail.mc I guess. But how do you update your sendmail.cf if you can't use m4? Mailconf? (Linuxconf), then use "mailconf --generatecf" and itll update /etc/sendmail.cf. Linuxconf is quite retarded, but if you add custom .cf's in /etc/mail/mailconf itll process those in override mode. |
Hi,
Well i found out why m4 screwed things up. Since i changed all permissions to mail.mail, its didnt like it. I changed everything back to root.root, then m4. So now my mail is the way it used to be. I will try the S flag thing in the sendmail.mc. Then run the m4 compile and then chown the stuff back to mail.mail. How was i doing the changes b4. I was just editing sendmail.cf. I just changed stuff like privacy option/trusted user/..... Ill update with my results by end of day. My mail server is in use right now and I cant rush myself. Cross your fingers..... THanks as always |
Good luck!
If this works out it would be greatly appreciated if you could take the time to post your directives, kinda FAQ-like, would be very usefull. .. |
OHHH!!! Its not over yet. ALmost.
The MODIFY_MAILER_FLAGS(`LOCAL', `-S') fixed the gid thang. New error is: procmail Insufficient privileges to deliver to "user" I have searched google and someone said use add o for mailer. MODIFY_MAILER_FLAGS(`LOCAL', `o-S') MODIFY_MAILER_FLAGS(`LOCAL', `o -S') I tried both of these and no good. even when sendmail works with root. I add the o and nothing works. Thanks |
even tried this:
Add the o flag and remove the S flag in the Mlocal, F= section. Before Mlocal, P=/usr/sbin/scanmails, F=lsDFMAw5:/|@qSPfhn9, S=10/30, After Mlocal, P=/usr/sbin/scanmails, F=olsDFMAw5:/|@qPfhn9, S=10/30, Id have to say that sendmail is screwing me all up. |
I cant seem to understand why i cant find any info. I must be the only person making my servers secure.
Can i possibly be the only person? |
I did chown root:mail /var/spool/mqueue and no more error. I send mail from an internet account to my box and it doesnt get rejected. I look in maillog and no errors. It just doesnt transfer it to /var/spool/mail. Its not in mqueue either. I dont know where the hell it is.
Currently /var/spool/mail is owned by mail:mail. made it root.mail and still nothing. Any ideas. |
Actually from chown root:mail /var/spool/mqueue,im getting Can't create transcript file
Now I know why people use microsoft. Its not at twisted as this crap. These damn faq and docs from google are junk and do me no good. There isnt one single article that explains the process. They all assume your a guru. Know why the hell would a guru be reading articles |
<Yoda>Ok, ok. Learn anger, to control, Luke, or drawn to the M$ side, you will be...</Yoda>
Ok, let's go back a bit please, cuz by now youve chowned stuff back and from, and Ive lost track. Who does sendmail RunAs now? (sendmail) Who does procmail run as now? (mail?) Who does pop3 run as now? (mail?) What's the owner/write permissions on /var/spool/mqueue? (0775, hopefully) What does "sendmail -bp" (check mail queue) say?, and ls -al /var/spool/mqueue? What's the write permissions on /var/spool/mail? What does ls -al /var/spool/mail show as uid/gid? The "Cant..transcript" is because the user sendmail runs as, has no permissions to write to the mqueue. For testing you could try making mqueue and mail 0777, but thats WORLD READABLE so not recommended (but for testing functionality and tcp wrappers in place and no daemon listening on the outside IP address it s could do for a few moments testing IMO). Basically all mail related daemons should run under the same user id or group id to be able to read/write mqueue and mail, but each users mailspool should only have a single group id. If youre getting fed up, I could show up in #linux on irc.box.sk, sometime later (much later) this day. |
1)Who does sendmail RunAs now?
2)Who does procmail run as now? Have no idea l ls -al /usr/bin/procmail -rwxr-xr-x 1 root mail 63484 Jan 6 2001 /usr/bin/procmail 3)Who does pop3 run as now? Not sure. 4)What's the owner/write permissions on /var/spool/mqueue? (0775, hopefully) drwxr-xr-x 2 mail mail 4096 Jan 16 22:16 /var/spool/mqueue 5)What does "sendmail -bp" (check mail queue) say?, and ls -al /var/spool/mqueue? sendmail -bp /var/spool/mqueue is empty ls -al /var/spool/mqueue total 8 drwxr-xr-x 2 mail mail 4096 Jan 16 22:16 . drwxr-xr-x 13 root root 4096 Jan 14 15:25 .. 6)What's the write permissions on /var/spool/mail? ls -ld /var/spool/mail drwxrwxr-x 2 mail mail 4096 Jan 17 07:36 /var/spool/mail 7)What does ls -al /var/spool/mail show as uid/gid? ls -al /var/spool/mail total 8 drwxrwxr-x 2 mail mail 4096 Jan 17 07:36 . drwxr-xr-x 13 root root 4096 Jan 14 15:25 .. -rw------- 1 forumkid mail 0 Jan 17 07:35 me With this setup i Get these errors in maillog. Jan 17 07:39:32 mail procmail[5891]: Insufficient privileges to deliver to "me" Jan 17 07:39:32 mail sendmail[5890]: g0HCdSn05888: to=<me>, ctladdr=<me> (5 05/505), delay=00:00:01, xdelay=00:00:00, mailer=local, pri=30157, dsn=5.0.0, stat=Insufficient permission Jan 17 07:39:32 mail sendmail[5890]: g0HCdSn05888: g0HCdWn05890: DSN: Insufficient permission FYI: whereis sendmail sendmail: /usr/sbin/sendmail /etc/sendmail.cf /usr/lib/sendmail /usr/share/man/man8/sendmail.8.gz ls -l /usr/sbin/sendmail -r-sr-xr-x 1 root root 417828 Mar 3 2001 /usr/sbin/sendmail ls -l /etc/sendmail.cf -rw-r--r-- 1 mail mail 46300 Jan 17 07:33 /etc/sendmail.cf ls -l /usr/lib/sendmail lrwxrwxrwx 1 root root 16 Jan 14 15:22 /usr/lib/sendmail -> ../sbin/sendmail Not sure if this helps |
I even tried making usr/sbin/sendmail owned by mail. If everything is owned by mail, what could it be complaining about?
But i did change back to the original. |
Hey unSpawn,
I give up. Im going to assume the RunAsUser option isnt really more secure that just running sendmail as root. I think its rudiculous that I have searched everywhere and come up empty handed. Is is worth this hassle. Is running sendmail with RunAsUser option really more secure?? Thanks for all your help. I owe you more than a few cold ones. :confused: :mad: :confused: |
| All times are GMT -5. The time now is 12:51 PM. |