[Novalug] sendmail error

Jon LaBadie novalugml at jgcomp.com
Thu Oct 29 02:54:05 EDT 2009 

On Thu, Oct 29, 2009 at 12:04:09AM -0400, James Ewing Cottrell 3rd wrote:
> Jon LaBadie wrote:
> >I'm trying to set up login authentication to Verizon as a 'smarthost'.
> >But my sendmail is not able to access the db file containing the
> >id/password info.  Here is the maillog message, even before trying
> >to access outgoing.verizon.net.
> >
> > SYSERR(root): Cannot open hash database /etc/mail/authinfo.db: Invalid 
> > argument
> >
> >The same error in in the messages logfile but with no additional info.
> >
> >Any ideas what might be the "Invalid argument".
> >
> >The file exists, -rw-------  1 root  other  32768 Oct 28 18:34 authinfo.db
> >and sendmail does run as suid root.
> >
> >Jon
>
> Yes, sendmail is suid root, so it can do things like open privileged 
> sockets, namely port 25. And when that it done it switches to another 
> UID/GID...pardon me while I go look it up.....
> 
> Tradionally, it switched to UID/GID of 1/1, which may have been daemon, 
> or sys, or bin withthe directives
> 
> Ou1
> Og1
> 
> But in current Linux it runs as 8/12, which is mail/mail via
> 
> O DefaultUser = 8:12
> 
> So...any file you want send mail to read or write had better be owned or 
> have a group of mail and the appropriate permissions.
> 
> You're Welcome,
> 

Good thought.  On my Fedora 9 it seems to run as smmsp:smmsp.  On the
Solaris 9 box I'm doing this on there is a mail group, but no mail
user.  Again, the mail submission part of sendmail runs as smmsp:smmsp.
On both the sendmail daemon accepting connections on both systems runs
as root:smmsp.

Using this info I tried about 10 different combinations of owner/group
and restrictive modes.  And I tried moving authinfo.db into a secure
subdir with root or smmsp ownership.  Anytime the authinfo.db file was
NOT owned by root I got a different error (unsafe file), 

   SYSERR(root): hash map "authinfo": \
       unsafe map file /etc/mail/auth/authinfo.db: Permission denied

When it was owned by root I again got the original "cannot open ...
invalid argument" error.

jon
-- 
Jon H. LaBadie                  jon at jgcomp.com
 JG Computing
 12027 Creekbend Drive		(703) 787-0884
 Reston, VA  20194		(703) 787-0922 (fax)

More information about the Novalug mailing list