[Novalug] sendmail error

James Ewing Cottrell 3rd JECottrell3 at Comcast.NET
Thu Oct 29 11:27:57 EDT 2009 

The error say "permission denied". It's an open problem, not a data 
format error. Ah yes, the separation into submit vs MTA.

Once again, look at the UID/GID *numbers* inside the file. Then figure 
out which names you need to make it work.

You may also need to set the DontBlameSendmail option to something.

There may be other options besides the DefaultUser...look thru the 
Sendmail Operations Guide to see which options apply.

I think you want a group readable file. Playing games with containing 
directory mode/owner/groups won't help...sendmail will figure out what 
is unsafe based on the entire permission chain.

Also, look to see which other files are being read by sendmail and what 
their modes/owners/groups are.

If your mailer is on its own box then it doesn't matter who can read any 
file.

And while you're at it, why not upgrade that RH9 box to CentOS 5.3?

JIM

covici at ccs.covici.com wrote:
> Jon LaBadie <novalugml at jgcomp.com> wrote:
> 
>> On Thu, Oct 29, 2009 at 12:04:09AM -0400, James Ewing Cottrell 3rd wrote:
>>> Jon LaBadie wrote:
>>>> I'm trying to set up login authentication to Verizon as a 'smarthost'.
>>>> But my sendmail is not able to access the db file containing the
>>>> id/password info.  Here is the maillog message, even before trying
>>>> to access outgoing.verizon.net.
>>>>
>>>> SYSERR(root): Cannot open hash database /etc/mail/authinfo.db: Invalid 
>>>> argument
>>>>
>>>> The same error in in the messages logfile but with no additional info.
>>>>
>>>> Any ideas what might be the "Invalid argument".
>>>>
>>>> The file exists, -rw-------  1 root  other  32768 Oct 28 18:34 authinfo.db
>>>> and sendmail does run as suid root.
>>>>
>>>> Jon
>>> Yes, sendmail is suid root, so it can do things like open privileged 
>>> sockets, namely port 25. And when that it done it switches to another 
>>> UID/GID...pardon me while I go look it up.....
>>>
>>> Tradionally, it switched to UID/GID of 1/1, which may have been daemon, 
>>> or sys, or bin withthe directives
>>>
>>> Ou1
>>> Og1
>>>
>>> But in current Linux it runs as 8/12, which is mail/mail via
>>>
>>> O DefaultUser = 8:12
>>>
>>> So...any file you want send mail to read or write had better be owned or 
>>> have a group of mail and the appropriate permissions.
>>>
>>> You're Welcome,
>>>
>> Good thought.  On my Fedora 9 it seems to run as smmsp:smmsp.  On the
>> Solaris 9 box I'm doing this on there is a mail group, but no mail
>> user.  Again, the mail submission part of sendmail runs as smmsp:smmsp.
>> On both the sendmail daemon accepting connections on both systems runs
>> as root:smmsp.
>>
>> Using this info I tried about 10 different combinations of owner/group
>> and restrictive modes.  And I tried moving authinfo.db into a secure
>> subdir with root or smmsp ownership.  Anytime the authinfo.db file was
>> NOT owned by root I got a different error (unsafe file), 
>>
>>    SYSERR(root): hash map "authinfo": \
>>        unsafe map file /etc/mail/auth/authinfo.db: Permission denied
>>
>> When it was owned by root I again got the original "cannot open ...
>> invalid argument" error.
> 
> Did you try remaking the file and are you sure the text file is correct?
> 
> 
> 
> 
> ------------------------------------------------------------------------
> 
> 
> No virus found in this incoming message.
> Checked by AVG - www.avg.com 
> Version: 8.5.423 / Virus Database: 270.14.37/2466 - Release Date: 10/28/09 19:39:00
>

More information about the Novalug mailing list