home | O'Reilly's CD bookshelfs | FreeBSD | Linux | Cisco | Cisco Exam  

sendmail

sendmailSearch this book
Previous: 15.1 Test the Configuration File Chapter 15
Install and Test the client.cf File 		Next: 15.3 MX Records
 

15.2 The Real Queue Directory

In the current client.cf file, the queue directory is defined as /tmp . Because of its nature, the /tmp directory is always world-readable, -writable, and -searchable. Any file that is placed in /tmp can possibly be accessed, copied, or removed by any user. The use of /tmp clearly violates the need for confidentiality.

Another drawback to using /tmp is that /etc/rc files, which are executed when the system boots, often remove everything from /tmp . You certainly would not want queued mail messages removed just because the machine rebooted.

Instead of /tmp , you should use the existing mail queue directory to store queued messages. If you haven't already done so, find that location by looking for the QueueDirectory ( Q ) option in your existing sendmail.cf file: 

% 

egrep "^OQ|QueueDirectory" /etc/sendmail.cf


OQ/usr/spool/mqueue

Here, we look for lines in the /etc/sendmail.cf file that begin with the letters OQ (an old-style declaration) or that use the new option name QueueDirectory . Remember that your sendmail.cf file may not be in /etc . Replace the location used above with one that is suitable for your situation.

Edit the client.cf file and replace /tmp with what you found. At the same time, remove the comment that was left there reminding you to do just that:

O QueueDirectory=/tmp  # BEWARE: use /var/spool/mqueue upon release  
<- change this

O QueueDirectory=/var/spool/mqueue                                   
<- to this

This change causes sendmail to use the correct queue directory, but it has an unfortunate side effect. Recall that sendmail runs as the root unless an unsafe command-line switch causes it to give up that privilege. The -C switch that you've been using all along to run sendmail is just such an unsafe switch. Consequently, if you were to now run sendmail as:

% 

./sendmail -Cclient.cf 



you

the -C would cause sendmail to run as an ordinary user. For confidentiality the queue directory is usually protected by making it accessible only to root . Ordinary users, such as we've been assuming you are, lack permission to access the queue directory. Running the above command now will likely result in a error similar to the following:

queuename: Cannot create "qfIAA12390" in "/var/spool/mqueue" (euid=4010): 
Permission denied

You need to install the client.cf file in place of the system sendmail.cf file so that you can successfully run sendmail . With the client.cf file installed, you no longer need to use the -C switch to tell sendmail where to find its configuration file. Unfortunately, before you can make that change, you need to first make sure other machines know about it.

Previous: 15.1 Test the Configuration File sendmail Next: 15.3 MX Records
15.1 Test the Configuration File Book Index 15.3 MX Records

[ Library Home | DNS & BIND | TCP/IP | sendmail | sendmail Reference | Firewalls | Practical Security ]