Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Confusion | 18 comments | Create New Account
Click here to return to the 'Confusion' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Confusion
Authored by: professor on Mar 10, '03 03:29:03PM

o After the security update, the first invocation of sendmail, with the -bd flag but without the -Am flag reads submit.cf, *not* sendmail.cf. This contrary to your statement and contrary to its behavior before the security update. For all I know it means that Apple's binary is broken. But it's also true that adding -Am did force sendmail to read sendmail.cf as it had before, which is what I thought I wanted (and you seem to agree).
[Also, just for the record, the second invocation in my StartupItems/Sendmail/Sendmail file doesn't have the -Ac switch it has -C /etc/mail/submit.cf instead, though I would guess there is no difference in execution.]

From the sendmail manpage:

Parameters
   -Ac    Use  submit.cf  even if the operation mode does not
          indicate an initial mail submission.

   -Am    Use sendmail.cf even if the  operation  mode  indi-
          cates an initial mail submission.

   -bd    Run as a daemon.  Sendmail will  fork  and  run  in
          background listening on socket 25 for incoming SMTP
          connections.

   -Cfile Use alternate configuration file.  Sendmail refuses
          to run as root if an alternate  configuration  file
          is specified.

So I'm pretty sure "-bd" ought to imply "sendmail.cf". There is a subtle difference between "-Csubmit.cf" and "-Ac". When in doubt, I'd use the latter.

o Netinfo doesn't tell sendmail what directory to use, it tells it which file to use. Before the update, I configured netinfo to tell sendmail to use sendmail.cf (in/etc/mail/), and the first invocation of sendmail did so. After the update, netinfo was still configured to tell sendmail to use sendmail.cf but instead sendmail uses submit.cf (as said above). Using netinfo for this purpose in Mac OS X is recommended by Apple in /etc/mail/README. But of course one arm at Apple my not read the README of another are at Apple. ;)

Again, which .cf file to use should be determined by how sendmail is envoked. If the envocation is as I wrote in my first post, you should not need NETINFO to tell it. It can only trip you up down the road (my experience).

Also, you are correct in guessing that Apple did not update /usr/share/sendmail/conf/, so building new .cf files without downloading the source version of sendmail is impossible.

Easily remedied, eh?

I agree Davidson's article spent a lot of time explaining simple things (much of what he said was how to write a shell script that performs what is recommended by Apple in /etc/mail/README) but I thought his tutorial on DontBlameSendmail and other sendmail configuration options was at a good level for those of us with famililarity with unix at the user level but not at the sysadmin level.

I think there are a lot better tutorials on sendmail available on the 'net. They may not be MacOSX specific, but the only truly MacOSX-specific aspects of Davidson's article were

  1. The bit about NETINFO (which i think was superfluous).
  2. The fact that sendmail gets started by /System/Library/StartupItems/Sendmail/Sendmail
  3. The fact that Apple's installers have a nasty habit of changing "/" to be group-writable, and that sendmail doesn't like this. But I think the correct solution (ie, more secure) is to do a
    % sudo chmod 755/
    after running the installer, rather than (as he advocates) making sendmail bend over and not complain about running with a group-writable directory.


[ Reply to This | # ]
Confusion
Authored by: mnewman on Mar 10, '03 08:53:45PM

Well, guess what. I'm still confused. Is anyone out there willing to post step-by-step instructions for those of us who used the O'Reilly method (dontblamesendmail) to get sendmail running ought to do after applying the latest security update?

---
Mike Newman
Saipan and Narita Layover Pages:
http://net.saipan.com/personal/mike_newman/



[ Reply to This | # ]
Confusion
Authored by: AndyB40 on Mar 12, '03 04:41:41AM

I too would like to see what changes (step by step) are needed inside
the Sendmail file to fix the problem caused by the security update.



[ Reply to This | # ]