[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Is sendmail trusted-user feature broken?

Well, I had already fooled around with submit.mc, but
on your suggestion I tried it again--but with no success.
I added the following line to submit.mc:

define(`confTRUSTED_USER', `johnsig')dnl

then did make, and from my johnsig shell, did the following:

/usr/sbin/sendmail -fjohnsig@somewhere.com johnsig <msg

but alas! I {still} get the X-Authentication-Warning message
saying that johnsig used -f.

Maybe there's some kind of PAM issue lurking here?

Anyway, to solve the immediate problem, I just installed
sudo, added "apache" to the list of sudoers, giving it
NOPASSWD:/usr/sbin/sendmail permission, and then
edited the CGI script, adding sudo before the
sendmail command. It is admittedly less secure,
but my CGI can only be run by users who have been
authenticated over SSL. But if you think this is a
really bad idea, please let me know.

--John Sigerson

Hash: SHA1

John Sigerson <johnsig@larouchepub.com> wrote:

 X-Authentication-Warning: eirweb2.chvlva.adelphia.net: apache set
 sender to johnsig@larouchepub.com using -f

 The docs indicate that "apache" needs to be added as a "trusted
 user", and so I added "apache" to /etc/mail/trusted-users; added
 FEATURE(`use_ct_file')dnl to /etc/mail/sendmail.mc, did make,
 and restarted sendmail. (For testing, I also did not include
 authwarnings as one of the privacy flags.)

 But still, this pesky X-Authentication-Warning will not go away!

You also need to edit submit.mc to add the trusted user feature.

Yours sincerely,

- -- Mark Suter <mark.suter@miju.com.au> | I have often regretted my
Miju Systems - http://www.miju.com.au/ | speech, never my silence.
mobile 0411 262 316 gnupg key 2C71D63D | Xenocrates (396-314 B.C.)

| John Sigerson                                             |
| EIR News Service, Inc. E-mail: johnsig@larouchepub.com    |
| 60 Sycolin Road        Voice:  703-777-9451 x543          |
| Leesburg, VA 20175     Fax:    703-771-3099 or 771-9492   |
| USA Web: http://www.larouchepub.com | +-----------------------------------------------------------+

Reply to: