Very Computer

Hello,

Yesterday I was trying version 8.12.6 of Sendmail. I was still using 8.11
so i discovered the new stricter permissions.
However, I kept running into problems and I really don't see what i am
doing wrong :-)

I think I have done everything what the SECURITY document says:

I built sendmail ( sh Build, sh Build install-cf, sh Build install), made
the user smmsp and group smmsp.

My permissions are as followed :

drwxr-xr-x    2 smmsp    smmsp        4096 Sep 20 11:26 mail

-rw-------    1 root     root            0 Jun  1 21:57 access
-rw-------    1 root     root        12288 Jun  1 21:57 access.db
-rw-r--r--    1 root     root         3130 Sep 20 00:01 aliases
-rw-------    1 root     root        12288 Sep 20 10:11 aliases.db
-rw-r--r--    1 root     root          471 Sep 20 10:39 local-host-names
-rw-r--r--    1 root     root        36839 Sep 20 10:44 sendmail.cf
-rw-------    1 root     root          628 Sep 20 11:24 statistics
-rw-r--r--    1 root     root        38764 Sep 19 17:44 submit.cf
-rw-r--r--    1 root     root           10 Sep 20 10:39 trusted-users
-rw-r-----    1 root     root        12288 Sep 20 11:26 virtusertable.db
-rw-r--r--    1 root     root            1 Sep 20 00:01 virtusertable.txt

-r-xr-sr-x    1 root     smmsp      519864 Jun  4 23:10  /usr/sbin/sendmail*
drwxrwx---    2 smmsp    smmsp        8192 Sep 20 11:27 clientmqueue
drwx------    2 smmsp    root         4096 Aug 12  1994 mqueue
drwxrwxrwt    3 root     mail         4096 Sep 19 18:45 mail

I used the following .mc file :

divert(-1)
include(`/usr/src/sendmail/cf/m4/cf.m4')
VERSIONID(`mymc.mc 2002/09/20 10:00')
OSTYPE(linux)dnl
define(`PROCMAIL_MAILER_PATH', `/usr/bin/procmail')dnl
FEATURE(local_procmail)dnl
MASQUERADE_AS(testserver.local)dnl
FEATURE(masquerade_envelope)dnl
FEATURE(nouucp,reject)dnl
FEATURE(virtusertable)dnl
FEATURE(use_cw_file)dnl
FEATURE(use_ct_file)dnl
MODIFY_MAILER_FLAGS(`LOCAL', `-m')dnl
MAILER(local)dnl
MAILER(smtp)dnl

and i did: m4 mymc.mc > /etc/mail/sendmail.cf

At the end, i started sendmail:

/usr/sbin/sendmail -v -L sm-mta -bd -q25m
/usr/sbin/sendmail -v -L sm-msp-queue -Ac -q25m

A "echo test | mail root" gives this effect:

sendmail[7209]: g8K9VOrK007209: to=root, ctladdr=root (0/0),
delay=00:00:00,xdelay=00:00:00, mailer=relay, pri=30010,
relay=localhost.testserver.local.
[127.0.0.1], dsn=4.0.0, stat=Deferred: 421 4.3.0 collect: Cannot write
./dfg8K9VO71007210 (bfcommit, uid=0, gid=25): Permission denied

But in what directory can't it write? And bfcommit has uid=0, so why this
permission problem?

Another question: newaliases doesn't rebuild the virtusertable.db. Is it
still ok to rebuild the virtusertable.db with makemap hash ( the man of
newaliases specificly states NOT to build aliases.db with makemap ).

If somebody has a tip where to look or what the solution is to this
problem, i would be very thankful ...

Thanks!

Well, let's check.

Quote:> drwx------    2 smmsp    root         4096 Aug 12  1994 mqueue

Hmm, that's wrong.

drwx------      root   wheel    ... /var/spool/mqueue

Quote:> Another question: newaliases doesn't rebuild the virtusertable.db. Is it
> still ok to rebuild the virtusertable.db with makemap hash ( the man of
> newaliases specificly states NOT to build aliases.db with makemap ).

Yes.

newaliases is only for aliases (as the name might imply...)

--
If you feel the urgent wish to send me a courtesy copy of a Usenet
posting, then make sure it's recognizable as such!
The FAQ: http://www.sendmail.org/faq/              Before you ask.

Quote:> Hmm, that's wrong.
> drwx------ root   wheel    ... /var/spool/mqueue

Thanks !!! Looks like I followed an HOWTO that wasn't correct :-) Now
everything is running smoothly !

Then please inform the author of that "HOWTO".
sendmail/SECURITY lists the correct values.

Quote:> everything is running smoothly !

Good.
--
If you feel the urgent wish to send me a courtesy copy of a Usenet
posting, then make sure it's recognizable as such!
The FAQ: http://www.sendmail.org/faq/              Before you ask.