Hi Ed,
I am glad the problem is solved. I am keeping your note in a special
mail folder I have created for quick reference to these type of things.
You are definately more educated in sendmail 8.12 than I am, as I have
not made the leap quite as far yet. I am only up to sendmail 8.11.6.
Now that you have blazed that trail, and provided the knowledge of MTA
being separated from MSP, I have to consider whether or not I am even
ready for that leap. The MSP used to be LDA (local delivery agent),
so I wonder how many other programs this will impact, such as procmail.
Dan Liston
Ed Kasky wrote:
>
> Hey Dan -
>
> As these things have a tendency to do, this turned into an
> education. There are quite a few changes to sendmail security from 8.8 to
> 8.12. I also discovered the newsgroup feature at google. Talk about quick
> and easy access to newsgroups! and the threading is great...
>
> I checked to be sure that it was reading the correct .cf - which btw
> changed from /etc to /etc/mail and had majordom listed. I did not have it
> listed in submit.cf which I didn't think I was using but manually added it
> there, restarted sendmail, ran a digest and no more Authentication-Warnings...
>
> Here is what I found out about submit.cf:
>
> "The default configuration starting with sendmail 8.12 uses one sendmail
> binary which acts differently based on operation mode and supplied options.
> sendmail must be a set-group-ID (default group: smmsp, recommended gid: 25)
> program to allow for queueing mail in a group-writable directory. Two .cf
> files are required: sendmail.cf for the daemon and submit.cf for the
> submission program
>
> This is a brief summary how the two configuration files are used:
>
> sendmail.cf For the MTA (mail transmission agent)
> The MTA is started by root as daemon: /PATH/TO/sendmail -L sm-mta -bd -q1h
> it accepts SMTP connections (on ports 25 and 587 by default); it runs the
> main queue (/var/spool/mqueue by default).
>
> submit.cf For the MSP (mail submission program)
> The MSP is used to submit e-mails, hence it is invoked by programs (and
> maybe users); it does not run as SMTP daemon; it uses
> /var/spool/clientmqueue by default; it can be started to run that queue
> periodically: /PATH/TO/sendmail -L sm-msp-queue -Ac -q30m"
>
> I was getting occasional warnings before I made the change and now I get
> none. I wonder if by running the mail command from the command line it set
> off the mail submission...
>
> Ed
>
> At 02:37 AM Thursday, 11/15/2001, you wrote -=>
> >Hi Ed,
> >
> >Are you sure you are using the correct sendmail.cf or trusted-users file?
> >If your server is hosted, you might need to pipe the message through mail
> >to a fully qualified majordomo address like majordomo@yoda.wrenkasky.com
> >or majordomo@esson.net.
> >
> >You are correct regarding a trust relationship to sendmail though.
> >
> >Dan Liston
> >
> >Ed Kasky wrote:
> > >
> > > Folks -
> > >
> > > Now before you jump up and down about this being covered in the faq and in
> > > the archives, hear me out for one second.... ;-)
> > >
> > > What am I missing if I am running this from _my_ crontab, not root's:
> > >
> > > 01 0 * * * echo mkdigest list-digest list-digest-outgoing list.passwd |
> > > mail majordomo
> > >
> > > ...and it causes the following:
> > >
> > > Nov 13 00:01:01 yoda sendmail[20770]: fAD811CY020770:
> > > Authentication-Warning: yoda.wrenkasky.com: majordom set sender to
> > > Majordomo-Owner@esson.net using -f
> > > Nov 13 00:01:01 yoda sendmail[20774]: fAD811nE020774:
> > > Authentication-Warning: yoda.wrenkasky.com: majordom set sender to
> > > owner-therox-digest@esson.net using -f
> > >
> > > majordom is set as a trusted user in sendmail.cf and I double checked the
> > > ownership of the files in ../majordomo and they are majordom.majordom.
References:
|
|
