Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 12 Apr 2012 13:40:32 +0000
From:      Ian Lord <lordi@msdi.ca>
To:        'Matthew Seaman' <matthew@FreeBSD.org>
Cc:        "'freebsd-questions@freebsd.org'" <freebsd-questions@freebsd.org>
Subject:   RE: Sendmail recommended permissions for apache/php server
Message-ID:  <AC28A3ECE8FFEA4CAE20B2B79FDB8F709B842A@server01.msdi.local>
In-Reply-To: <20120412034932.b6b7de0a.freebsd@edvax.de>
References:  <AC28A3ECE8FFEA4CAE20B2B79FDB8F709B6DDB@server01.msdi.local> <20120412034932.b6b7de0a.freebsd@edvax.de>
next in thread | previous in thread | raw e-mail | index | archive | help 
>You should not be changing the ownership and permissions on any of the
>directories used by sendmail(8), or the group membership of any of the
>groups used by sendmail.  Not even if you think you know what you are
>doing.  This is extremely security sensitive, and getting it wrong means
>at minimum unprivileged users can forge e-mails untraceably[*].

That's what I thought, I found it to work but preferred to ask on the list =
since it didn't make sense to me :)

>To the OP -- can you execute sendmail outside PHP?  If you can use
>mail(1) to send a test e-mail, then sendmail should be fine.  Note: test
>this as an unprivileged user.

No it doesn't work, just tried it:
%mail -s Hello lordi@msdi.ca
Hello !
.
EOT
%WARNING: RunAsUser for MSP ignored, check group ids (egid=3D0, want=3D25)
can not chdir(/var/spool/clientmqueue/): Permission denied
Program mode requires special privileges, e.g., root or TrustedUser.
Apr 12 08:47:08 dev sendmail[94980]: NOQUEUE: SYSERR(msdi): can not chdir(/=
var/spool/clientmqueue/): Permission denied

>What are the permissions on /usr/libexec/sendmail/sendmail ? They should
>look like this:
>% ls -la /usr/libexec/sendmail/sendmail
>-r-xr-sr-x  1 root  smmsp  662136 Apr  1 08:38
>/usr/libexec/sendmail/sendmail

# ls -al /usr/libexec/sendmail/sendmail
-r-xr-sr-x  1 root  wheel  707160 Jan  3 02:57 /usr/libexec/sendmail/sendma=
il

So the group is wrong... I changed it from wheel to smmsp and everything wo=
rks fine now !

Thanks a lot for the fix, but this server is a clean install of 9.0-RELEASE=
 that I installed about 2-3 months ago. I never changed the permission myse=
lf on that file so I guess there is something wrong that would need to be f=
ixed (unless it's already fixed in newer versions).

Thanks again

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Ian Lord
MSD Informatique
143 Rue des Fauvettes
St-Colomban=A0(Qu=E9bec) J5K 0E2
T=E9l: (514) 776-MSDI=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 -> (514) 776-6=
734
Sans Frais: 1(877) 776-MSDI -> 1(877) 776-6734
http://www.msdi.ca

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AC28A3ECE8FFEA4CAE20B2B79FDB8F709B842A>