Let's review:
Your old server crashed and you had to reinstall majordomo on a newer
one with\out identical OS, perl, sendmail, or other applications.
You installed majordomo, but you are getting permission warnings/errors.
From the top, FIRST sendmail must work. You can receive mail to users
on the machine, and those users can use sendmail to get mail out of the
system to other users on the internet, and an alias can expand to a local
or remote address with successful delivery. If this does not work, do not
proceed to the next step.
SECOND, sendmail allows aliases that use :include: files in directories
that are not owned by sendmail. These files are also not owned by sendmail.
THIRD, sendmail can write messages to a file in a directory that it does
not own. (something has to tell sendmail these files/directories are safe)
Notice: majordomo is not participating yet
FORTH, sendmail must be able to pipe messages to other programs for
delivery (or further processing) and trust that program.
Notice: sendmail was able to do all these things on your old server
Were you able to capture sendmail.cf from the old machine? It should
still work with the newer version.
Once you have the prerequisites above achieved, you can introduce
majordomo to the environment. For security reasons, majordomo should
not use the same uid or gid as root, daemon, postmaster, mailer-daemon,
or sendmail for that matter.
Since you can't have your cake, and eat it too, you have to make some
hard decisions on allowing your 10 year users to continue in their old
habits of editing files at the command shell, or relaxing the newer
versions of sendmail security.
Lastly, yes. I was referring *.config files as only those in my lists
directory, and they are owner:group majordomo:majordomo (I run linux).
Relaxing sendmail security at the file system level does not make it
easier for hackers to get into your system or to use your sendmail
service. (unless one of your list owners is the hacker) Remember,
you are only allowing what sendmail always allowed in your previous
version, and you can be specific about the directories that you are
telling sendmail to consider "safe".
Ultimately, majordomo and sendmail are only secure/safe if there are
no human users on your system. Even then, you still have to take more
precautions to protect these services from the outside world too.
Let us know what you decide.
Dan Liston
Kenneth G. Gordon wrote:
> On 20 Aug 2009 at 18:06, Daniel Liston wrote:
>
>>> However, if I set ALL files in the majordomo/lists director to mode
>>> 644, neither the header nor the footer appears on any list message.
>> Are you sure they are not in the message?
>
> Yes. Absolutely. They are not even there when I use PINE to view
> those e-mails, nor in Pegasus, even when I look at the RAW file.
> They are simply not there.
>
>> Or are they hidden by
>> MIME/HTML message bodies? CTRL-U in netscape/mozilla/thunderbird to
>> see pieces of the message hidden by the client. I am not sure of
>> equivalent outlook/eudora/other clients keys, but they do have this
>> ability too.
>
> NONE of this applies in this case.
>
>>> The above leads me to believe that the $list.config files are not
>>> even being used at all with the present mode.
>> This depends on the answer to the above, and whether "resend" is being
>> used on the alias that directs messages for your list.
>
> It is.
>
>>> Shouldn't some of those files be executable?
>> ABSOLUTELY NOT!!!
>
> I assumed as much.
>
>> None. The only executables are in/under your majordomo $HOME
>> directory. My *.config files are 660 and my lists are 644.
>
> Ah HA! WHICH *..config files? Where? This is the question I am
> asking....
>
>> My list,
>> digest, and archive directories are all 750.
>
> As are mine....although I think my list directory is 4750...since it is
> owned by majordom
>
>> Then again, my majordomo
>> user has it's own group, and mail is a member of majordomo and
>> majordomo is trusted.
>
> So is mine...actually, majordom is a member of mail. I suppose I
> should reverse that...
>
>>> If I do not set at least the $list file to mode 644, I get an error
>>> message from sendmail that the file is group writeable and it won't
>>> read it.
>> Sendmail security can be reduced to allow group writable files, but
>> this is not necessary either.
>
> And I do not want to do that either!
>
>> As this is not in majordomo's control,
>> but sendmail's,
>
> Yes. I know.
>
>> I offer;
>>
>> http://www.sendmail.org/tips/dontBlameSendmail
>
> I have already read that....so many times my eyes are tired.
>
>>> Thus, none of the list administrators can edit their $list files
>>> unless they su majordom, or unless I make all the files associated
>>> with a particular list owned by the list administrator.
>> Incorrect! Admins do not have to manipulate the files locally, or
>> even have a login on your majordomo/sendmail server. Lists and their
>> configs can be managed remotely through email commands to majordomo.
>
> I know that. I HAVE read the Majordomo documentation, after all,
> although it may seem as though I haven't. However, most of my list
> managers prefer to use SSH or similar rather than the e-mail
> management method.
>
>> To add or remove addresses from a list, they simply send one line for
>> each command in the body of a message to your majordomo alias.
>>
>> approve list-password [un]subscribe listname email @
address
>> approve list-password [un]subscribe listname other @
email .
address
>>
>> The above method means list owners do not need permission to
>> manipulate files in the majordomo lists directory, as majordomo is the
>> user making changes.
>>
>> [approve list-password] who listname
>> will retrieve the entire subscriber file
>
> Yes. I know all that, thanks. As I said, most of my list managers are
> reluctant to use that method. They prefer something they are used
> to using....SSH/telnet. After all, they have been using their preferred
> method for nigh onto 10 years...
>
>> SEE ALSO:
>> config listname list-password
>> newconfig listname list-password
>> writeconfig listname list-password
>
> I have read all that. As I said...
>
>>> I have added majordom to the list of Trusted users in my
>>> sendmail.cf, which allows sendmail to read the $list files at all,
>>> but what do I do about the other files, especially the $list.config
>>> files?
>> Adding majordom as a Trusted user does not do what you describe above,
>> but it may seem like it. A trusted user is one that sendmail will not
>> issue warnings about setting the from address to something other than
>> it's own login name. It may have a side effect of trusting
>> directories/files owned by that user as well. You should really be
>> following majordomo documentation for managing majordomo, then if
>> sendmail security is restricting your majordomo actions, you can relax
>> sendmail accordingly.
>
> That last, relaxing sendmail's security, I do NOT want to do. I have
> had too much trouble with hackers to even suggest making it any
> easier for those scum-of-the-earth.
>
>> This might be helpful, with lots of good troubleshooting/debugging
>> information;
>>
>> http://www.greatcircle.com/majordomo/README
>
> I have read that, repeatedly, and have printed it off several times.
>
> To provide another clue, I have the following files in my lists
> directory.
>
> $list
> $list.config
> $list.info
> $list.save
> $list.strip
>
> ALL $list files are 644
>
> If I make $list.config 644, it does not get "read" or applied. I HAVE
> to set that file, at least, as 664 in order for it to work.
>
> I do not yet know if the others are effected as well.
>
> However, you say above that your *.config files are 664, so again, I
> ask WHICH *.,config files? Those dealing with majordomo itself,
> those associated with each list, those over in the directory where I
> did Make and Install? Which?
>
> Am I correct in assuming that when you said *.config, you meant
> ONLY those in the lists directory?
>
> Thank for all the time and help, BTW.
>
> Ken Gordon
References:
|
|
