Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Fixing Sendmail after March 2003 Security Update' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Fixing Sendmail after March 2003 Security Update
Authored by: bluehz on Mar 10, '03 12:26:18PM
I too was having this same problem. As usual every time Apple updates something - it usually breaks sendmail. I personally only use sendmail to mail out crontask output to another full mailserver running on another box on my LAN. I ran across a nice tip though that may save me the grief of having to fix sendmail eacha nd every time Apple updates. The tip was to just replace sendmail with postfix via fink. The theory being that since postfix is not in your standard system layout (rather it lives in /sw) then it won't get broken each time Apple updates. So I did just that - installed postfix via Fink.
fink install postfix
It remains to be seen whether it survives an Apple update - but the theory sounds solid. Beside that postfix is known to be much more secure than sendmail anyway. Configuration is also much easier than sendmail. I personally use and recommend Qmail as full-fledged mailserver. Its installation can be a bit hairy - but with a little work you can have am extremely configurable and secure Qmail installation with imap, mailing list, web interface configuration, etc. You can get the OS X Qmail installer here:

http://www.apple.com/downloads/macosx/unix_open_source/qmailsecureemailserverinstaller.html

and here are some tips for setup/installation:

http://www.macosxhints.com/article.php?story=20020709091327481&query=qmail

[ Reply to This | # ]

More confusion
Authored by: tjj on Mar 10, '03 02:49:39PM

Hmmm, confused indeed. I too used the oreilly article getting sendmail to pass on output from cronjobs. However, I don't think my sendmail broke immediately after the sec-update. I think it first broke after running either the weekly or monthly cleanup job. I then added a # to a out-commented line in the config.mc file and updated as per the instructions on the oreilly site. This got things working. I then checked the sendmail binary for this line
[xxx:/usr/sbin] xxx% strings sendmail | grep 'Dropped invalid comments from header address'
Dropped invalid comments from header address

which, according to the sendmail.org site should be present after the patch.
Sendmail version stated when i do mail -v.... is ESMTP Sendmail 8.12.7/8.12.6. Is this ok? I mean, the specified line IS in the sendmail binary...

Digression (sorry): I have my /Users/myusername sym-linked to another volume: /Volumes/Users/myusername and sendmail keeps complaining about the permissions of /Volumes beeing world writable. I keep changing it to
drwxrwxr-t 7 root wheel 238 Mar 10 17:10 /Volumes/
Am I causing trouble by removing th e world writable ability?

Think I may look into this qmail when the time is available...
TIA



[ Reply to This | # ]
Fixing Sendmail after March 2003 Security Update
Authored by: yosithezet on Mar 10, '03 04:57:25PM

[191][david@localhost-11:46pm]/<1>mail] > fink apropos postfix
Information about 771 packages read in 2 seconds.

[192][david@localhost-11:46pm]/<1>mail] >



[ Reply to This | # ]
postfix via fink
Authored by: jzsimon on Mar 10, '03 09:07:37PM

> fink info postfix-release
Information about 1459 packages read in 7 seconds.


postfix-release-1.1.11-2: Mail transfer agent that's fast and secure
Postfix is a mail transfer agent designed to be fast, secure, and easy to
configure. It is meant to be Sendmail compatible so that it does not cause
problems for existing Sendmail users who want to make the switch to
another MTA.
.
This is an official release of Postfix. According to the Postfix web site:
"Official releases do not change except for bugfixes and for portability
fixes. New features are tested out in experimental releases..."
.
Usage Notes:
You need to do a few things to set Postfix up before you can use it:
.
1) Edit /sw/etc/postfix/main.cf. In particular, edit myorigin,
mydestination and mynetworks in that file. The file is well commented.
.
2) Edit the aliases in NetInfo so that root and postmaster redirect mail
to a real, live person. To do that, run:
.
sudo niutil -createprop . /aliases/root members youremail
.
Where youremail is a valid email address. If you check your mail on
this computer, you can just use your user name. Otherwise, you will
probably want to use your regular email address.
.
3) Run 'sudo mta-switch postfix' to move the old sendmail out of the way
and place symlinks to postfix in its place. You may need to do this
after upgrades of Mac OS X from Apple.
.
4) Run 'sudo daemonic enable postfix'. This will create a Postfix startup
item, but it won't actually start Postfix. To do that, you can run
'sudo postfix start'.
.
Removing postfix via Fink will automatically disable it and re-enable
sendmail.
.
Web site: http://www.postfix.org/
.
Maintainer: Daniel Parks <daniel@mwdesign.dyndns.org>



[ Reply to This | # ]
postfix via fink
Authored by: Johnny_B on Mar 19, '03 05:43:42PM

I love you man :O)

And I wondered, this line:

sudo niutil -createprop . /aliases/root members youremail

There where no such alias user here (root), so is it okay to just use the postmaster ? Like...

sudo niutil -createprop . /aliases/postmaster members youremail

??



[ Reply to This | # ]