10.1.5 and sendmail, again

robh · 06-06-2002, 01:12 PM

Ok I've tried the various fixes to make sendmail happy in 10.1.5 but am left with this problem..

mail rob <.cshrc

send-mail: setgroups: Operation not permitted
/Users/rob/dead.letter... Saved message in /Users/rob/dead.letter

Anyone else hit that and found the fix ?

Incoming email is working via the daemon, but local mail from crontab and terminal fail.

thanks

mervTormel · 06-06-2002, 04:16 PM

permissions. on some queue. what does:

% mailq -v

say? and what are (if any, other than dead letter) the significant messages in
/var/log/mail.log after you've tried your local mail send?

macubergeek · 06-06-2002, 05:44 PM

here are my permissions, I've set them to match these per macosxhints article/sendmail.org page:
-r-xr-sr-x root smmsp ... /PATH/TO/sendmail
drwxrwx--- smmsp smmsp ... /var/spool/clientmqueue
drwx------ root wheel ... /var/spool/mqueue
-r--r--r-- root wheel ... /etc/mail/sendmail.cf
-r--r--r-- root wheel ... /etc/mail/submit.cf

here is tail of mail.log:
Jun 6 17:39:35 localhost sendmail[469]: g56LdZrI000469: to=james.kelly@wap.org, ctladdr=jamesk (501/20), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30025, relay=localhost [127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by localhost
Jun 6 17:41:02 localhost sendmail[477]: My unqualified host name (localhost) unknown; sleeping for retry

here is the output from the command:
jamesk @ /Users/jamesk@HOME-->mail -v james.kelly@wap.org<.reminder
WARNING: local host name (localhost) is not qualified; fix $j in config file
james.kelly@wap.org... Connecting to localhost via relay...
james.kelly@wap.org... Deferred: Connection refused by localhost

now I did a sudo chmod g-w on / /etc and /etc/mail

additionally I checked the DS macro in sendmail.cf and tried settiing it to the smpt server name for wap.org of DSicecube.wap.org, with no luck

and yet the mail command stubbornly refuses to work.

any insight would be appreciated.

mervTormel · 06-06-2002, 06:01 PM

james, what is your hostname in /etc/hostconfig ?

mine was an unqualified "gunther"

i put a .net at the end of my hostname last nite and the "Deferred: Connection refused by localhost" messages went away. but, i've wrangled my sendmail config pretty good, so there may have been some other things that fixed that issue.

there isn't really a FQDN of gunther.net that gets you to my domain, it's just an intranet apparition here.

i am working on a series of commando operations to make sendmail config compliant with the new version dist'd (stomped) by apple. hopefully, to have something here later today.

in the meantime, you could try to qualify your hostname with a .net and enable

MAILSERVER=-YES-

in hostconfig. that may relieve your pain for a while.

my goal here (later today, perhaps) is to re-enable local mail relay without having to run the sendmail server, like it was before 10.1.5

06-07-2002, 01:43 AM

I pretty much followed the instructions in /etc/mail/README plus changed the ownership on /var/spool/clientmqueue. I have my local only mail abilities back. I did not need to set MAILSERVER=-YES- . Left it at NO and my cron jobs are sending me mail again.

mervTormel · 06-07-2002, 02:18 AM

from your account, does:

% mail -s "subject" root

work?

06-07-2002, 02:34 AM

Yes, most definitely!

Be aware though, I did change root's .forward file to point to my user account. But this is stuff I did ages ago to get local mail working in the first place.

Oh and I should add, no weird errors in mail.log either.

bakaDeshi · 06-07-2002, 03:21 AM

Code:

[localhost:~] kennsan% tail -5 /var/log/mail.log
Jun  6 23:55:05 localhost sendmail[415]: g574t4RD000415: 
from=<kennsan@localhost>, size=32, class=0, nrcpts=0, 
proto=ESMTP, daemon=MTA, relay=localhost [127.0.0.1]
Jun  7 01:07:52 localhost sendmail[495]: My unqualified 
host name (localhost) unknown; sleeping for retry
Jun  7 01:08:52 localhost sendmail[495]: unable to qualify 
my own domain name (localhost) -- using short name
Jun  7 01:08:52 localhost sendmail[495]: g5768qNE000495: 
from=kennsan, size=29, class=0, nrcpts=1, 
msgid=<200206070608.g5768qNE000495@localhost>, 
relay=kennsan@localhost
Jun  7 01:08:52 localhost sendmail[495]: g5768qNE000495: 
to=root, ctladdr=kennsan (501/20), delay=00:00:00, 
xdelay=00:00:00, mailer=relay, pri=30024, relay=localhost 
[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused 
by localhost

I just used the generic-darwin.mc. Should I have put something else? localhost.mc? makeMyOwnFakeDomain.mc? I've messed with the other hints with changing perms and such but none has helped. Curious as to why it works for some people and not others.

TIA,

chris

[edit: folded message width -mt]

mervTormel · 06-07-2002, 03:46 AM

Quote:


	Originally posted by enola Be aware though, I did change root's .forward file to point to my user account.

yes, of course. the [ % mail -s "subj" root ] would exercise the .forward, which is one of the issues why sendmail needs 'root' access...

but my errors persist:

Code:

$ ll /var/spool/mqueue/ -d

drwx------  2 root wheel  24 Jun  7 00:18 /var/spool/mqueue//

$ mail -s "test" root
test
.
EOT
$ can not chdir(/var/spool/mqueue/): Permission denied
Program mode requires special privileges, e.g., root or TrustedUser.

i want mail ( a la sendmail ) to use the new clientmqueue for local mail, so the above exception doesn't occur?

06-07-2002, 03:56 AM

I have different perms on mqueue:

Code:

% ls -ld mqueue
drwxr-x---  2 root  wheel  24 Jun  6 23:29 mqueue

I did not change any perm or ownership for mqueue from what was there originally.

bakaDeshi · 06-07-2002, 04:52 AM

Okay, I've been able to get it working through the instructions on the main site. (can't read, doh!) However, now I have 2 sendmail processes running all the time. enola, can you show your perms on clientmqueue? You mail works without having sendmail running all the time, correct?

Another question, on the main hint, one of the chmods was to change the setuid from the user to group. Is this necessary? What does it do? Time to read some man pages...

p.s. Thanks for fixing my previous post, merv

vonleigh · 06-07-2002, 05:16 AM

Hello,

What I want to know is if I should alter my /System/Library/StartupItems/Sendmail/Sendmail from:

/usr/sbin/sendmail -bd -q1h &

to

/usr/sbin/sendmail -C /etc/mail/submit.cf -q1h

and why?

thanks,
Vonleigh

robh · 06-07-2002, 05:27 AM

I made some progress.

sendmail in 10.1.5 had these permissions: -r-sr-xr-x

The various discussions (e.g Mac OSX Hints ) and fixes say to change this to: -r-xr-sr-x

If I use both, -r-sr-sr-x then the permission problems go away.

Looks like the official sendmail line is to use -r-xr-sr-x, but Apple have buggered up the permissions and need sendmail to always be run as root.

Next problem was this:
Domain of sender address rob@host.domain.net does not exist)

which was solved by adding host.domain.net to /etc/hostconfig and /etc/hosts.

All seems well now.

bakaDeshi · 06-07-2002, 05:27 AM

Quote:


	Originally posted by vonleigh What I want to know is if I should alter my /System/Library/StartupItems/Sendmail/Sendmail from: /usr/sbin/sendmail -bd -q1h & to /usr/sbin/sendmail -C /etc/mail/submit.cf -q1h and why?

<edit>forgot to quote</edit>
That's what confused me. You need both with the new one coming second.

Code:

    /usr/sbin/sendmail -bd -q1h 
    /usr/sbin/sendmail -C /etc/mail/submit.cf -q1h

I went and read the archives over at apple and from what I understand, there are now 2 queues. One is mqueue and the other is clientmqueue. The clientmqueue is for local mail. The second sendmail (with -C) is what monitors the local queue. I'm sure there are more details to this but that's what I gathered. Here's the link again http://lists.apple.com/mhonarc/macos.../msg18907.html
user and password is 'archives'.

What I want to know, which was stated by ppmax, is why is it more secure when sendmail is running? Shouldn't it be more secure if it isn't running at all and I only use it on occasion? More reading required...but tomorrow, sleep beckons.

robh · 06-07-2002, 05:48 AM

Quote:


	Originally posted by bakaDeshi <edit>forgot to quote</edit> That's what confused me. You need both with the new one coming second. Code: /usr/sbin/sendmail -bd -q1h /usr/sbin/sendmail -C /etc/mail/submit.cf -q1h

I didn't add second call, and I'm up and running again now.

There seem to be at least 2 problems:

1) permissions and ownerships. Here are mine..

Code:

-r-sr-sr-x	root   smmsp	... /usr/sbin/sendmail
drwxrwx---	smmsp  smmsp	... /var/spool/clientmqueue
drwx------	root   wheel	... /var/spool/mqueue
-r--r--r--	root   wheel	... /etc/mail/sendmail.cf
-r--r--r--	root   wheel	... /etc/mail/submit.cf

(note, to get -r-sr-sr-x you use "chmod 6555" and to change owner/group you'd use e.g. "chown root:smmsp")

2) Problems delivering to local addresses, with "Domain of sender address x@y.z does not exist" errors. This can be fixed by editing /etc/hostconfig and /etc/hosts..

/etc/hostconfig, edit HOSTNAME=y to HOSTNAME=y.z

/etc/hosts, I added y and y.z to the entry with my fixed IP address. I don't know what this'll look like for users without a fixed IP address, you might get away with adding it to the 127.0.0.1 line.

06-07-2002, 10:43 AM

Quote:


	Originally posted by bakaDeshi enola, can you show your perms on clientmqueue? You mail works without having sendmail running all the time, correct?

drwxrwx--- 4 smmsp smmsp 92 Jun 6 00:06 clientmqueue

Right, I don't have sendmail running all the time. I didn't do the edit to sendmail startup item either. I pretty much did exactly what that README said to do although I m4'd the generic-darwin.mc directly to a new sendmail.cf. The only perm/owner/group type change I did was to clientmqueue.

I had previously done all the host and hostconfig things before 10.1.5. Also, I do run with DontBlameSendmail=GroupWritableDirPathSafe in my sendmail.cf. A choice I made even though I know it's less secure. Again, this was in existence prior to 10.1.5. I opted with this because I got tired of the perms on / changing with every install and also I was getting some behavior I didn't care for. Like some installers dying because they wanted group writable. I think I even had problems with mounting network drives. I can't remember exactly now.

I'll have to do more reading at work about all this. Gotta run.

macubergeek · 06-07-2002, 11:11 AM

1. my perms and ownerships are correct:
code:
------------------------------------------------------------------------
-r-sr-sr-x root smmsp ... /usr/sbin/sendmail
drwxrwx--- smmsp smmsp ... /var/spool/clientmqueue
drwx------ root wheel ... /var/spool/mqueue
-r--r--r-- root wheel ... /etc/mail/sendmail.cf
-r--r--r-- root wheel ... /etc/mail/submit.cf

2. /etc/hostconfig reads:
HOSTNAME=-mac.org-
MAILSERVER=-NO-

3. when I do mail -v myemail@domain.com<.reminder I get:
jamesk @ /Users/jamesk@HOME-->mail -v james.kelly@wap.org<.reminder
WARNING: local host name (localhost) is not qualified; fix $j in config file
james.kelly@wap.org... Connecting to localhost via relay...
james.kelly@wap.org... Deferred: Connection refused by localhost

06-06-2002, 01:12 PM	#1
robh Triple-A Player Join Date: Jan 2002 Location: Goolwa, South Australia Posts: 101	10.1.5 and sendmail, again Ok I've tried the various fixes to make sendmail happy in 10.1.5 but am left with this problem.. mail rob <.cshrc send-mail: setgroups: Operation not permitted /Users/rob/dead.letter... Saved message in /Users/rob/dead.letter Anyone else hit that and found the fix ? Incoming email is working via the daemon, but local mail from crontab and terminal fail. thanks

06-06-2002, 05:44 PM	#3
macubergeek Major Leaguer Join Date: Jan 2002 Location: Gaithersburg, MD Posts: 494	ok mail command rebroken with 10.1.5 update here are my permissions, I've set them to match these per macosxhints article/sendmail.org page: -r-xr-sr-x root smmsp ... /PATH/TO/sendmail drwxrwx--- smmsp smmsp ... /var/spool/clientmqueue drwx------ root wheel ... /var/spool/mqueue -r--r--r-- root wheel ... /etc/mail/sendmail.cf -r--r--r-- root wheel ... /etc/mail/submit.cf here is tail of mail.log: Jun 6 17:39:35 localhost sendmail[469]: g56LdZrI000469: to=james.kelly@wap.org, ctladdr=jamesk (501/20), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30025, relay=localhost [127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by localhost Jun 6 17:41:02 localhost sendmail[477]: My unqualified host name (localhost) unknown; sleeping for retry here is the output from the command: jamesk @ /Users/jamesk@HOME-->mail -v james.kelly@wap.org<.reminder WARNING: local host name (localhost) is not qualified; fix $j in config file james.kelly@wap.org... Connecting to localhost via relay... james.kelly@wap.org... Deferred: Connection refused by localhost now I did a sudo chmod g-w on / /etc and /etc/mail additionally I checked the DS macro in sendmail.cf and tried settiing it to the smpt server name for wap.org of DSicecube.wap.org, with no luck and yet the mail command stubbornly refuses to work. any insight would be appreciated.

06-07-2002, 03:56 AM	#10
enola Guest Posts: n/a	I have different perms on mqueue: Code: % ls -ld mqueue drwxr-x--- 2 root wheel 24 Jun 6 23:29 mqueue I did not change any perm or ownership for mqueue from what was there originally.

06-07-2002, 04:52 AM	#11
bakaDeshi Triple-A Player Join Date: Apr 2002 Location: Restaurant at the End of the Universe Posts: 171	Okay, I've been able to get it working through the instructions on the main site. (can't read, doh!) However, now I have 2 sendmail processes running all the time. enola, can you show your perms on clientmqueue? You mail works without having sendmail running all the time, correct? Another question, on the main hint, one of the chmods was to change the setuid from the user to group. Is this necessary? What does it do? Time to read some man pages... p.s. Thanks for fixing my previous post, merv __________________ —bakaDeshi Caution! Mac User at the Command Line.

06-07-2002, 11:11 AM	#17
macubergeek Major Leaguer Join Date: Jan 2002 Location: Gaithersburg, MD Posts: 494	STILL dosn't work 1. my perms and ownerships are correct: code: ------------------------------------------------------------------------ -r-sr-sr-x root smmsp ... /usr/sbin/sendmail drwxrwx--- smmsp smmsp ... /var/spool/clientmqueue drwx------ root wheel ... /var/spool/mqueue -r--r--r-- root wheel ... /etc/mail/sendmail.cf -r--r--r-- root wheel ... /etc/mail/submit.cf 2. /etc/hostconfig reads: HOSTNAME=-mac.org- MAILSERVER=-NO- 3. when I do mail -v myemail@domain.com<.reminder I get: jamesk @ /Users/jamesk@HOME-->mail -v james.kelly@wap.org<.reminder WARNING: local host name (localhost) is not qualified; fix $j in config file james.kelly@wap.org... Connecting to localhost via relay... james.kelly@wap.org... Deferred: Connection refused by localhost

06-06-2002, 04:16 PM	#2
mervTormel League Commissioner Join Date: Jan 2002 Posts: 5,536	permissions. on some queue. what does: % mailq -v say? and what are (if any, other than dead letter) the significant messages in /var/log/mail.log after you've tried your local mail send?

06-06-2002, 06:01 PM	#4
mervTormel League Commissioner Join Date: Jan 2002 Posts: 5,536	james, what is your hostname in /etc/hostconfig ? mine was an unqualified "gunther" i put a .net at the end of my hostname last nite and the "Deferred: Connection refused by localhost" messages went away. but, i've wrangled my sendmail config pretty good, so there may have been some other things that fixed that issue. there isn't really a FQDN of gunther.net that gets you to my domain, it's just an intranet apparition here. i am working on a series of commando operations to make sendmail config compliant with the new version dist'd (stomped) by apple. hopefully, to have something here later today. in the meantime, you could try to qualify your hostname with a .net and enable MAILSERVER=-YES- in hostconfig. that may relieve your pain for a while. my goal here (later today, perhaps) is to re-enable local mail relay without having to run the sendmail server, like it was before 10.1.5

06-07-2002, 01:43 AM	#5
enola Guest Posts: n/a	I pretty much followed the instructions in /etc/mail/README plus changed the ownership on /var/spool/clientmqueue. I have my local only mail abilities back. I did not need to set MAILSERVER=-YES- . Left it at NO and my cron jobs are sending me mail again.

06-07-2002, 02:18 AM	#6
mervTormel League Commissioner Join Date: Jan 2002 Posts: 5,536	from your account, does: % mail -s "subject" root work?

06-07-2002, 02:34 AM	#7
enola Guest Posts: n/a	Yes, most definitely! Be aware though, I did change root's .forward file to point to my user account. But this is stuff I did ages ago to get local mail working in the first place. Oh and I should add, no weird errors in mail.log either.

06-07-2002, 05:16 AM	#12
vonleigh All Star Join Date: Jan 2002 Posts: 579	Hello, What I want to know is if I should alter my /System/Library/StartupItems/Sendmail/Sendmail from: /usr/sbin/sendmail -bd -q1h & to /usr/sbin/sendmail -C /etc/mail/submit.cf -q1h and why? thanks, Vonleigh

06-07-2002, 05:27 AM	#13
robh Triple-A Player Join Date: Jan 2002 Location: Goolwa, South Australia Posts: 101	I made some progress. sendmail in 10.1.5 had these permissions: -r-sr-xr-x The various discussions (e.g Mac OSX Hints ) and fixes say to change this to: -r-xr-sr-x If I use both, -r-sr-sr-x then the permission problems go away. Looks like the official sendmail line is to use -r-xr-sr-x, but Apple have buggered up the permissions and need sendmail to always be run as root. Next problem was this: Domain of sender address rob@host.domain.net does not exist) which was solved by adding host.domain.net to /etc/hostconfig and /etc/hosts. All seems well now.