Sendmail recommended permissions for apache/php server
Ian Lord
lordi at msdi.ca
Thu Apr 12 13:39:35 UTC 2012
>You should not be changing the ownership and permissions on any of the
>directories used by sendmail(8), or the group membership of any of the
>groups used by sendmail. Not even if you think you know what you are
>doing. This is extremely security sensitive, and getting it wrong means
>at minimum unprivileged users can forge e-mails untraceably[*].
That's what I thought, I found it to work but preferred to ask on the list since it didn't make sense to me :)
>To the OP -- can you execute sendmail outside PHP? If you can use
>mail(1) to send a test e-mail, then sendmail should be fine. Note: test
>this as an unprivileged user.
No it doesn't work, just tried it:
%mail -s Hello lordi at msdi.ca
Hello !
.
EOT
%WARNING: RunAsUser for MSP ignored, check group ids (egid=0, want=25)
can not chdir(/var/spool/clientmqueue/): Permission denied
Program mode requires special privileges, e.g., root or TrustedUser.
Apr 12 08:47:08 dev sendmail[94980]: NOQUEUE: SYSERR(msdi): can not chdir(/var/spool/clientmqueue/): Permission denied
>What are the permissions on /usr/libexec/sendmail/sendmail ? They should
>look like this:
>% ls -la /usr/libexec/sendmail/sendmail
>-r-xr-sr-x 1 root smmsp 662136 Apr 1 08:38
>/usr/libexec/sendmail/sendmail
# ls -al /usr/libexec/sendmail/sendmail
-r-xr-sr-x 1 root wheel 707160 Jan 3 02:57 /usr/libexec/sendmail/sendmail
So the group is wrong... I changed it from wheel to smmsp and everything works fine now !
Thanks a lot for the fix, but this server is a clean install of 9.0-RELEASE that I installed about 2-3 months ago. I never changed the permission myself on that file so I guess there is something wrong that would need to be fixed (unless it's already fixed in newer versions).
Thanks again
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Ian Lord
MSD Informatique
143 Rue des Fauvettes
St-Colomban (Québec) J5K 0E2
Tél: (514) 776-MSDI -> (514) 776-6734
Sans Frais: 1(877) 776-MSDI -> 1(877) 776-6734
http://www.msdi.ca
More information about the freebsd-questions
mailing list