From owner-freebsd-security Tue Jan 7 19:03:47 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id TAA08430 for security-outgoing; Tue, 7 Jan 1997 19:03:47 -0800 (PST) Received: from fools.ecpnet.com (moke@fools.ecpnet.com [204.246.64.101]) by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id TAA08418 for ; Tue, 7 Jan 1997 19:03:39 -0800 (PST) Received: from localhost (moke@localhost) by fools.ecpnet.com (8.8.4/8.8.4) with SMTP id VAA01095 for ; Tue, 7 Jan 1997 21:01:32 -0600 (CST) Date: Tue, 7 Jan 1997 21:01:32 -0600 (CST) From: Jimbo Bahooli To: freebsd-security@freebsd.org Subject: sendmail running non-root SUCCESS! Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Well here goes how I have sendmail running flawlessly as user daemon. It requires netcat (/usr/ports/net/netcat). 1. Setup a group called mailer in /etc/group. 2. chown root.mailer /var/spool/mqueue. 3. chmod 775 /var/spool/mqueue. 4. chown daemon.mailer /usr/sbin/sendmail. 5. chmod 6555 /usr/sbin/sendmail. 6. edit /etc/sendmail.cf to bind to a port above the 1024 line. example: O DaemonPortOptions=Port=2025 7. edit /etc/inetd.conf to redirect to port 2025 using netcat. example: w/ tcpd smtp stream tcp nowait nobody /usr/libexec/tcpd /usr/local/bin/recvmail -w 3 127.0.0.1 2025 w/o smtp stream tcp nowait nobody /usr/local/bin/recvmail /usr/local/bin/recvmail -w 3 127.0.0.1 2025 *(lines above have probably been wrapped, should be on one line) **(recvmail is symlink to /usr/local/bin/nc, makes logging via tcpd clearer) Other notes, i believe all .forward and related files need to be readable by the user daemon. I also recommend using tcp_wrappers for logging because in /var/log/maillog the relay will show up as localhost because of the redirection. Any comments? -moke@fools.ecpnet.com