From owner-freebsd-questions@FreeBSD.ORG  Wed May  4 15:56:06 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1C47916A4DC
	for <freebsd-questions@freebsd.org>;
	Wed,  4 May 2005 15:56:06 +0000 (GMT)
Received: from smtpout.mac.com (smtpout.mac.com [17.250.248.88])
	by mx1.FreeBSD.org (Postfix) with ESMTP id F0A1543D31
	for <freebsd-questions@freebsd.org>;
	Wed,  4 May 2005 15:56:00 +0000 (GMT)	(envelope-from cswiger@mac.com)
Received: from mac.com (smtpin08-en2 [10.13.10.153])
	id j44FpTlJ009068;	Wed, 4 May 2005 08:51:29 -0700 (PDT)
Received: from [10.1.1.245] (nfw1.codefab.com [199.103.21.225])
	(authenticated bits=0)
	by mac.com (Xserve/smtpin08/MantshX 4.0) with ESMTP id j44FpR75009661;
	Wed, 4 May 2005 08:51:28 -0700 (PDT)
In-Reply-To: <D367E451-3566-4FD1-9EC3-A893B1B3B533@shire.net>
References: <D367E451-3566-4FD1-9EC3-A893B1B3B533@shire.net>
Mime-Version: 1.0 (Apple Message framework v622)
Content-Type: text/plain; charset=US-ASCII; format=flowed
Message-Id: <7800270b24fa24c9238a32311b643059@mac.com>
Content-Transfer-Encoding: 7bit
From: Charles Swiger <cswiger@mac.com>
Date: Wed, 4 May 2005 11:51:27 -0400
To: "Chad Leigh -- Shire.Net LLC" <chad@shire.net>
X-Mailer: Apple Mail (2.622)
cc: FreeBSD Mailing List <freebsd-questions@freebsd.org>
Subject: Re: mail/sendmail submit question
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 04 May 2005 15:56:06 -0000

On May 3, 2005, at 1:33 PM, Chad Leigh -- Shire.Net LLC wrote:
> I am trying to allow mail submission and sending on a 5.3-RELEASE box 
> from inside a jail, but not a running MTA...
> [ ... ]
> When I try to do a mail on the command line, I get:
>
> root@machine:/home/chad# can not chdir(/var/spool/clientmqueue/): 
> Permission denied
> Program mode requires special privileges, e.g., root or TrustedUser.
>
> Where do I set this TrustedUser and how do I make the mail program 
> work as a TrustedUser?

You might do better to run the MSA as normal, not from within the jail, 
but from the base system.  This will give you a mail submission agent 
listening on localhost and a queue runner to flush the 
/var/spool/clientmqueue/.  If you don't run the MSA as a daemon, you'll 
need to schedule a queue runner via cron, or else any mail being 
submitted will probably just get left in that spool directory and never 
get sent onwards.

The other option would be to make sendmail setuid-root, which will 
solve the permissions problem and let it queue or forward mail via SMTP 
directly.  Of course, there's a security tradeoff being made in doing 
so, but if you're using a jail, you've already set up restrictions...

-- 
-Chuck