[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Problems after sendmail security upgrade


Sorry for the delay, I was abroad and off-line for a week.

So I just talked with the sysadmin in charge of the mailhost (he is in

We're going slightly out of topic for debian-security but I keep it
there for the record.

> > A file in /etc that was overwritten silently is a bug.  Please file one
> > with the bug tracking system if this is the case.
>   But please make sure first you didn't actually answer "Yes" to dpkg
>   asking whether to overwrite the file, and that you don't have
>   --force-confnew or similar in /etc/dpkg/dpkg.cfg.

No interactive questions was asked during the upgrade.

Richard A Nelson a écrit (Sun, Mar 26, 2006 at 11:47:29AM -0800) :
> Can you mail me more details... there is support in
> /etc/mail/sendmail.conf to automagically support the type of queue aging
> that you are doing...

After a look in the preinst scripts, there is something like :

<mesiog> /var/lib/dpkg/info# grep cron.d/sendmail sendmail*preinst
sendmail-base.preinst:          if [ -f /etc/cron.d/sendmail ]; then
sendmail-base.preinst:                  echo "#preinst" > /etc/cron.d/sendmail;
sendmail-bin.preinst:           if [ -f /etc/cron.d/sendmail ]; then
sendmail-bin.preinst:                   echo "#preinst" > /etc/cron.d/sendmail;

Indeed, in our configuration, the /etc/cron.d/sendmail has been hand
edited in spite of the warning :

  ##### This file is automagically generated -- edit at your own risk

For some reasons, the admins didn't configure sendmail "the Debian
way" and didn't use the queue aging feature in

- is it mandatory to use /etc/mail/sendmail.conf?

- is it OK to say "A file in /etc that was overwritten silently is a
  bug" as this was the case here?

- is there a way to manually configure sendmail the classical way
  without using the Debian configuration wrappers but cleanly against
  the package upgrade? (no offense, just for people accustomed to
  other OS like *BSD)


Emmanuel Halbwachs

Reply to: