Date: Tue, 7 Jan 1997 21:01:32 -0600 (CST) From: Jimbo Bahooli <moke@fools.ecpnet.com> To: freebsd-security@freebsd.org Subject: sendmail running non-root SUCCESS! Message-ID: <Pine.BSF.3.95.970107204204.1023A-100000@fools.ecpnet.com>
next in thread | raw e-mail | index | archive | help
Well here goes how I have sendmail running flawlessly as user daemon. It requires netcat (/usr/ports/net/netcat). 1. Setup a group called mailer in /etc/group. 2. chown root.mailer /var/spool/mqueue. 3. chmod 775 /var/spool/mqueue. 4. chown daemon.mailer /usr/sbin/sendmail. 5. chmod 6555 /usr/sbin/sendmail. 6. edit /etc/sendmail.cf to bind to a port above the 1024 line. example: O DaemonPortOptions=Port=2025 7. edit /etc/inetd.conf to redirect to port 2025 using netcat. example: w/ tcpd smtp stream tcp nowait nobody /usr/libexec/tcpd /usr/local/bin/recvmail -w 3 127.0.0.1 2025 w/o smtp stream tcp nowait nobody /usr/local/bin/recvmail /usr/local/bin/recvmail -w 3 127.0.0.1 2025 *(lines above have probably been wrapped, should be on one line) **(recvmail is symlink to /usr/local/bin/nc, makes logging via tcpd clearer) Other notes, i believe all .forward and related files need to be readable by the user daemon. I also recommend using tcp_wrappers for logging because in /var/log/maillog the relay will show up as localhost because of the redirection. Any comments? -moke@fools.ecpnet.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95.970107204204.1023A-100000>