From owner-freebsd-questions@FreeBSD.ORG Thu Apr 12 01:49:34 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 419321065673 for ; Thu, 12 Apr 2012 01:49:34 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from mx01.qsc.de (mx01.qsc.de [213.148.129.14]) by mx1.freebsd.org (Postfix) with ESMTP id 007148FC0A for ; Thu, 12 Apr 2012 01:49:33 +0000 (UTC) Received: from r56.edvax.de (port-92-195-101-40.dynamic.qsc.de [92.195.101.40]) by mx01.qsc.de (Postfix) with ESMTP id 391CF3C9E1; Thu, 12 Apr 2012 03:49:33 +0200 (CEST) Received: from r56.edvax.de (localhost [127.0.0.1]) by r56.edvax.de (8.14.5/8.14.5) with SMTP id q3C1nW7x002396; Thu, 12 Apr 2012 03:49:32 +0200 (CEST) (envelope-from freebsd@edvax.de) Date: Thu, 12 Apr 2012 03:49:32 +0200 From: Polytropon To: Ian Lord Message-Id: <20120412034932.b6b7de0a.freebsd@edvax.de> In-Reply-To: References: Organization: EDVAX X-Mailer: Sylpheed 3.1.1 (GTK+ 2.24.5; i386-portbld-freebsd8.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: "'freebsd-questions@freebsd.org'" Subject: Re: Sendmail recommended permissions for apache/php server X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Polytropon List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Apr 2012 01:49:34 -0000 On Wed, 11 Apr 2012 23:57:51 +0000, Ian Lord wrote: > I then got a different error in /var/log/messages > Apr 11 19:38:40 dev sendmail[41170]: NOQUEUE: SYSERR(www): can not write to queue directory /var/spool/clientmqueue/ (RunAsGid=0, required=25): Permission denied > > I found very old threads saying to change the group of apache > to "smmsp" but I doubt it's a good idea. No, not "change to", but you can _add_ apache (or whatever is originating the error) to the smmsp group. Add it to "smmsp:*:25:" in /etc/group. See the error message above: "can not write to queue directory /var/spool/clientmqueue/" Check: % ls -ld /var/spool/clientmqueue drwxrwx--- 2 smmsp smmsp 512 Apr 12 03:12 /var/spool/clientmqueue/ ^^^ This directory can be read, written and entered/searched by _members_ of the smmsp group. Back to the error message: "(RunAsGid=0, required=25)" It is indicated that group #25 (smmsp) is the required GID, not 0. And: "Permission denied" which is the logical conclusion. Conclusion: You must make sure that whatever needs to access this directory is in the smmsp group (25). > Chmodding 777 the /var/spool/clientmqueue/ fixed the problem, > I can now send emails, but I wonder if this is the way to fix > the issue correctly. You souldn't need to do that. Now this directory can be modified by anyone, that's not good. > Is that the official fix or did I missed some configuration > somewhere ? Sending emails from php using mail or sendmail > should be something working out of the box I guess, I doubt > we're supposed to change permissions to make it work Correct. In regards of _security_, it's required to _allow_ the corresponding program / functionality / part of apache / mailer or whatever the access to the mail queue. This is something that is _not_ possible out of the box because there are many possi- bilities and security considerations. > Any help would be appreciated. Try to add apache (or whatever part of it, or PHP subsystem called by it that needs to access the mail queue) to the required group to give it the proper permission to do so. -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ...