home | O'Reilly's CD bookshelfs | FreeBSD | Linux | Cisco | Cisco Exam  

Previous Section Next Section

ControlSocketName
Path to control socket V8.10 and later

Starting with V8.10, the sendmail daemon can accept a few control and status commands via a Unix-based named socket. This interface is primarily intended for use with the tools provided with the commercial version of sendmail, but it can be equally valuable for use with your own home-grown tools. The ControlSocketName option enables this type of controlling interface. It is declared like this: 

O ControlSocketName=path                   configuration file (V8.10 and later) 
-OControlSocketName=path                   command line (V8.10 and later) 
define(`confCONTROL_SOCKET_NAME', path)    mc configuration (V8.10 and later)

Here, the argument path, of type string, is the full pathname of the Unix named socket. The file named by path need not exist. If it exists, sendmail will remove it and create a new named socket. As a consequence, you should avoid accidently declaring path with an existing file. The file will be silently removed when sendmail starts.

The path needs to be secure. That is, every component of it should be owned by, and writable only by, root or the trusted user specified in the TrustedUser option (TrustedUser). Because this interface can be used to shut down the sendmail daemon, the socket requires extra protection. On some operating systems (such as with Solaris and pre-4.4 BSD kernels) it is not enough to make the socket mode 0600. You should also place it in a directory that is root owned and of mode 0700. On such operating systems, if you put it in a directory that is world-searchable, anyone on the same machine will be able to shut down the daemon.

If the path specification is one where some component does not exist, sendmail will log the following message and not use a controlling socket: 

daemon could not open control socket /vqr/spool/mqueue/.control: No such file or directory

Here, /vqr was mistyped, when /var is what was meant.

An example of code that shows one way to use the controlling socket is in contrib/smcontrol.pl, a perl(1) script that requires version 5 or higher perl to use. It gathers the name of the control socket from the hardcoded filename /etc/mail/sendmail.cf. To run it, you just invoke it with a single argument: 

# cd contrib
# ./smcontrol.pl help
Help for smcontrol:
help            This message.
restart         Restart sendmail.
shutdown        Shut down sendmail.
status          Show sendmail status.
memdump         Dump allocated memory list (for debugging only).
End of HELP info

The contrib/smcontrol.pl program is a simple command-line interface to the controlling socket. It should be considered a prototype for developing your own, more sophisticated, tools. Consider, for example, the usefulness of the status output: 

# ./smcontrol.pl status
Daemon Status: (process 13480) Accepting connections

Child Process 13560 Status: SMTP server child for 123.45.67.8
Child Process 13579 Status: SMTP server child for 123.45.67.9
Child Process 13584 Status: console socket child

This shows that the daemon is up, and that two sites are connected to yours for the transmission of mail.

The ControlSocketName option is not safe. If specified from the command line, it can cause sendmail to relinquish its special privileges.

    Previous Section Next Section