[K12OSN] Using a remote mail server and letting apache have access to it
Les Mikesell
les at futuresource.com
Tue Nov 7 21:09:45 UTC 2006
On Tue, 2006-11-07 at 11:35 -0800, jones yeates wrote:
> ls -ld /var/spool/clientmqueue resulted in:
> drwxrwx--- 2 smmsp smmsp 4096 Nov 7 04:02 /var/spool/clientmqueue
>
> -- so that's good.
> -- I tried to include apache as a member of the smmsp group and it
> still didn't work. So I removed apache from the group.
Why is it running as apache at that point? Sendmail should be running as
user smmsp when it writes the queue file.
> None of the nslookup commands were successful. I tried it with the
> server's short name, full name (including domain name) and ip address.
> Results are shown below.
>
> nslookup SHORTNAME resulted in:
> ;; Got SERVFAIL reply from 10.32.140.1, trying next server
> Server: 172.17.6.1
> Address: 172.17.6.1#53
What are you expecting to happen here? Is the machine supposed
to be in an official or unofficial DNS domain? If it is, then
/etc/resolv.conf should have the domain name to add to your
hostname and it should resolve.
> ** server can't find SHORTNAME: SERVFAIL
>
> nslookup SHORTNAME.DOMAINNAME
> Server: 10.32.140.1
> Address: 10.32.140.1#53
>
> ** server can't find SHORTNAME.DOMAINNAME: NXDOMAIN
And in this form you add the domain yourself.
> nslookup IP.AD.DRE.SS
> Server: 172.17.6.1
> Address: 172.17.6.1#53
>
> ** server can't find 208.129.32.10.in-addr.arpa: NXDOMAIN
> --------------------------------
If this is a public IP address the reverse lookup must be configured
by the owner of the range. If it is private, your local server must
be configured to be the primary server for the appropriate
in-addr.arpa zone(s).
Anyway an entry in /etc/hosts for the address/name will keep
sendmail happy.
> I am not sure if I turned setuid off on sendmail. I don't know where
> I can see if it is set on or off. It didn't seem to say anything in
> the sendmail.cf file or the sendmail.mc file.
Fedora uses a set of symlinks to manage alternative mailers. Things
should look like:
# ls -l /usr/sbin/sendmail
/usr/sbin/sendmail -> /etc/alternatives/mta
# ls -l /etc/alternatives/mta
/etc/alternatives/mta -> /usr/sbin/sendmail.sendmail
ls -l /usr/sbin/sendmail.sendmail
-rwxr-sr-x 1 root smmsp 806456 Jul 20 05:23 /usr/sbin/sendmail.sendmail
So it's not setuid - it is setgid and uses the group smmsp permissions
to write the queue file which should still work.
> I am behind a NAT and I guess I should run a DNS server on this
> machine? I was thinking of just having the server's ip address and
> name in the server. I don't understand why it is not
> accessing /etc/hosts to see a list of names/ip addresses.
It will for most things. Nslookup specifically uses DNS. Sendmail
normally looks for MX records first, but as long as that fails it
will fall back to A records or the hosts file. But, you have to get
the queue file written before you'll know what happens next.
> I looked in sendmail.cf and it had this:
>
> # my official domain name
> # ... define this only if sendmail cannot automatically determine your
> domain
> DjSHORTNAME.DOMAINNAME
>
> # this is equivalent to setting class "t"
> Ft/etc/mail/trusted-users
> Troot
> Tdaemon
> Tuucp
> Tapache
These should match what you set in sendmail.mc - and that's where
you should change them if needed.
--
Les Mikesell
les at futuresource.com
More information about the K12OSN
mailing list