Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Configure Sendmail to prevent failure after system updates UNIX
Sendmail has a bad habbit of breaking after system updates because it doesn't like a group writeable directory. Also, if you to make it so / is not writable, it prevents you from editing files are not in folders.

However, the DontBlameSendmail option allows certian file checks to be overwritten, including Group Writable Directories. This allows Sendmail to work and not make your harddrive read-only. Sendmail's configuration file is very complex so the use of M4 configuration files is recommend. I'm assuming you don't already have a setup M4 file, and you're just starting from scratch. If you already have a file, read the comment at the bottom of this hint. You'll need the Developer Tools installed, and make sure you log in as an admin and then follow the steps in the second part of this hint...

Fixing Sendmail:
  1. Open Terminal and change directories to /usr -> share -> sendmail -> conf -> cf
      cd /usr/share/sendmail/conf/cf
  2. Spawn a root login(enter your password when prompted) by typing sudo su. The reason we start a root shell is because redirects don't quite work with sudo (if you try redirecting to a place/file that your normal user can't, you get Permission Denied)

  3. Copy generic-darwin.mc to system-darwin.mc
      cp generic-darwin.mc system-darwin.mc
  4. Add the DontBlameSendmail line
      echo "define(`confDONT_BLAME_SENDMAIL', `GroupWritableDirPathSafe')dnl"
      >> system-darwin.mc
    [That should be one line]

  5. Move Apple's sendmail.cf and submit.cf out of the way
      mv /etc/mail/sendmail.cf /etc/mail/sendmail.cf.apple
      mv /etc/mail/submit.cf /etc/mail/submit.cf.apple
  6. Recreate Sendmail's sendmail.cf and submit.cf
      m4 ../m4/cf.m4 system-darwin.mc > /etc/mail/sendmail.cf
      m4 ../m4/cf.m4 system-darwin.mc > /etc/mail/submit.cf
  7. Enable Sendmail Daemon Mode
    sed "s/MAILSERVER=-NO-/MAILSERVER=-YES-/" /etc/hostconfig >
      /etc/hostconfig.new && mv /etc/hostconfig.new /etc/hostconfig
    [That should be all on one line]

  8. Start Sendmail
      /System/Library/StartupItems/Sendmail/Sendmail start
    Now sendmail is running in daemon mode so you can use 127.0.0.1 as an SMTP server.

  9. Make sure sendmail works by typing telnet 0 25. If you see something like this:
      Trying 0.0.0.0...
      Connected to 0.
      Escape character is '^]'.
      220 nemesis1.local ESMTP Sendmail 8.12.9/8.12.9; Sat,
        3 May 2003 21:15:18 -0400 (EDT)
    
    Then you have a working sendmail configuration.
Note: If you already have a sendmail m4 file, paste this line in at the bottom:
define(`confDONT_BLAME_SENDMAIL', `GroupWritableDirPathSafe')dnl
Note 2: Should Sendmail stop working due to a upgrade of sendmail (Apple upgrades Sendmail from time to time), repeat all steps expect for #3 to fix it.
    •    
  • Currently 1.00 / 5
  • 1
  • 2
  • 3
  • 4
  • 5
  (1 vote cast)
 
[8,135 views]  

Configure Sendmail to prevent failure after system updates | 14 comments | Create New Account
Click here to return to the 'Configure Sendmail to prevent failure after system updates' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Configure Sendmail to prevent failure after system updates
Authored by: astrodawg on May 07, '03 12:36:27PM

This line does not work for me, I get an error "Unmatched '."

echo "define(`confDONT_BLAME_SENDMAIL',
`GroupWritableDirPathSafe')dnl" >> system-darwin.mc

Maybe something lost in the copy/paste. (Yes, I had it on one line)



[ Reply to This | # ]
Configure Sendmail to prevent failure after system updates
Authored by: bspahn on May 07, '03 01:14:34PM
I noticed at least one important problem with the terminal command you're trying to run. Notice that the two leading single quotes (`confDONT_BL... and `GroupWritableDi...) are incorrectly displayed as back ticks in the instructions above.

The correct line should read:

echo "define('confDONT_BLAME_SENDMAIL', 'GroupWritableDirPathSafe')dnl" >> system-darwin.mc

[all in one line of course]

I hope this resolves the problem because I didn't even have the time to try out this very interesting hint myself yet.

Enjoy!

[ Reply to This | # ]
Configure Sendmail to prevent failure after system updates
Authored by: SonicMcTails on May 07, '03 09:09:11PM

That was an error on my part, and I forgot to the quotes.
However, the rest of the hint works :)

---
Instert Better Signature Here ...



[ Reply to This | # ]
Correction
Authored by: SonicMcTails on May 07, '03 09:11:40PM
Wait, sorry, I misread your comment (I thought I forgot the ""'s). That's correct, here are the last three lines from my system-darwin.mc file
MAILER(smtp)
MAILER(procmail)
define(`confDONT_BLAME_SENDMAIL',`GroupWritableDirPathSaf
e')dnl

---
Instert Better Signature Here ...

[ Reply to This | # ]

Configure Sendmail to prevent failure after system updates
Authored by: babbage on Aug 19, '03 12:01:37PM

That wasn't an error -- the m4 config files seem to need unbalanced quotes, `like this'. I'm not sure if balanced quotes will work, but all the Sendmail configuration I've been able to find uses the backtick-apostrophe style of quotation.

I'd agree that it's a very odd syntax, but apparently this is what the m4 macro language wants. *shrug*


---
--
DO NOT LEAVE IT IS NOT REAL



[ Reply to This | # ]
Configure Sendmail to prevent failure after system updates
Authored by: macavenger on May 07, '03 01:28:41PM

Actually, the line as shown is correct. The first character is
supposed to be a backtick and the second is a single quote, in
both words. But for some reason this does not work with the
echo command. What I ended up doing is putting them both in
as single quotes in the echo command, and then editing the
system-darwin.mc with pico to change the first single quote to a
backtick. If you leave it as a single quote it does not work, you
do need it exactly as typed in the hint.

---
iMac DV 400, OS 10.0.2



[ Reply to This | # ]
Configure Sendmail to prevent failure after system updates
Authored by: discordantus on May 07, '03 02:51:02PM
Assuming that MacAvenger is correct, and that you DO need the backtick, then you should be able to "fix" the hint by escaping the backtick with backslashes, thusly:

echo "define(\`confDONT_BLAME_SENDMAIL', \`GroupWritableDirPathSafe')dnl" >> system-darwin.mc

You need to do this because the backtick is a special shell character, anything enclosed in them will get executed in a subshell. You need to place a backslash in front of them if you want the shell to consider them to be a normal character.
Example:

user1% echo I am at `hostname`
I am at foo.net
user1% echo I am at \`hostname\`
I am at `hostname`


And yes, I censored my real hostname.

[ Reply to This | # ]
testing. ignore this!
Authored by: discordantus on May 07, '03 03:17:45PM

just testing how backslashes get stripped. move along...
16 backslashes:
\\\\\\\\\\\\\\\\



[ Reply to This | # ]
Configure Sendmail to prevent failure after system updates
Authored by: kerouassady on May 07, '03 01:13:48PM
If you install Webmin, you can easily enable, disable, and configure sendmail with an interface. If you click on the "Sendmail Options" button under the Sendmail Server tab, at the bottom, it lists configurable options. GroupWriteableDirPathSafe is in the list at the bottom. Just click it and hit start.

Can configuring Sendmail be put into a FAQ here somewhere here? This seems like a hint that gets repeated after every system update.

The other option, as someone else, I'm sure, will post, is to use Fink to install either another version of Sendmail or another mail server like Postfix or Qmail that will put itself into another folder that Apple won't touch when there's an update. Plus, I'm sure someone will say, Postfix is more secure and better and blah blah blah.

[ Reply to This | # ]

Configure Sendmail to prevent failure after system updates
Authored by: discordantus on May 07, '03 02:57:26PM
Okay, I just hit on another problem: All of the backslashes got stripped from my comment! That's probably the reason the original hint was wrong in the first place....

but basically, any backtick that you don't want to use as a "special shell character" needs to have a backslash placed directly to the left of it. There.

[ Reply to This | # ]

Someone HAD to say this
Authored by: hagbard on May 07, '03 03:50:29PM

the reason sendmail doesn't want group writable directories is for your own good. Of course you can bypass this easilly with the dontblamesendmail directive, but be aware that you're opening yourself to *known* secutiry problems....

at least someone said it...



[ Reply to This | # ]
Permissions
Authored by: professor on May 07, '03 05:58:56PM

It surprises me that someone would prefer to compromise the security of their machine, rather than remember to type

sudo chmod 755 / 

after running the Installer.

I guess there's no accounting for tastes.



[ Reply to This | # ]
Permissions
Authored by: SonicMcTails on May 07, '03 09:07:23PM

The reason I submitted this hint us because sendmail doesn't
like /etc as a symlink, and it reads / instead. If you were to
read Compile/System Quarks on sendmail.org, it says a
possiable fix for this extact problem.

In applying the alternate workaround, care must be taken
while swapping the symlink /etc with the directory /
private/etc. In all likelihood any admin who is concerned
with this sendmail error has enough experience to not
accidentally harm anything in the process.
a. Swap the /etc symlink with /private/etc (as superuser):
rm /etc
mv /private/etc /etc
ln -s /etc /private/etc

b. Set / to group unwritable (as superuser):
chmod g-w /

Finnally, Sendmail runs in a smrsh enviroment be default, it
can't even launch any programs that there isn't a sym. link to.

---
Instert Better Signature Here ...



[ Reply to This | # ]
Permissions
Authored by: hagbard on May 21, '03 04:41:15PM

See the problem is that the system resets the permissions more or less every hour.
I set up a cron job to set the perm to 755 on a hourly basis, which I feel is the safest way to go



[ Reply to This | # ]