Next Previous Contents

6. The local mailer daemon

6.1 Overview

We need to create a local e-mail address for the remailer to mail to. This address will be configured to run a program (to post the newsgroup) every time an e-mail arrives. Unfortunately, (for us) this feature (called "pipe to program") is not usually enabled for security reasons.

This HOWTO only describes modifying sendmail. qmail is another excellent option, but not yet covered here.

6.2 Creating a mail alias

Instead of creating a new user account, we will only create an alias. For sendmail these are kept in /etc/aliases. The syntax is defined in the man page...

man aliases

In our example the username of the mail address is confctrl which posts to the local newsgroup ietf.confctrl, so we add a line like ...

confctrl:   |" /usr/local/bin/mail2news.pl ietf.confctrl "

The double quotes are required. There cannot be a space between the first double quotes and the | (pipe) character, or sendmail will complain "User unknown". Huh?

Whenever you modify the /etc/aliases file you need to notify sendmail.

sendmail -bi

6.3 Did it work?

After you send an e-mail, check the /var/log/maillog to see if it worked. The log may contain a useful error message. I found it convenient to open up another terminal window to follow the log with

tail -f /var/log/maillog

6.4 Enabling "pipe to program"

"Pipe to program" is the CGI of mail. When an e-mail arrives, instead of appending to a file, sendmail runs a program (or script) and feeds the mail to its standard input.

Actually, with RedHat-6.0 sendmail comes with "pipe to program" enabled, but essentially only a limited number of programs are runnable. User security was not an issue on my machine, so I found it easiest to enable running of everything. Besides, there was no man page for smrsh.

To liberalize "pipe to program" we need to modify sendmail.cf (by modifying sendmail.mc) so that the restricted shell is not used. Strangely, uncommenting the smrsh feature didn't work, I needed to change the shell from /usr/sbin/smrsh to /bin/bash. Without this change I kept getting a "Service unavailable" error message in the /var/log/maillog file.

The header of /etc/senmail.mc of RedHat-6 has a bug. The proper command line is...

m4 /etc/sendmail.mc >/etc/sendmail.cf

You need to do this when you change sendmail.mc. Hopefully, RedHat will extend the super cool Makefile idea in /etc/mail so you only have to type make. You will need to install sendmail-cf.something.rpm first. e.g. ...

rpm -i sendmail-cf-8.9.3-10.i386.rpm

Whenever you modify the sendmail.cf file, you should restart sendmail...

/etc/rc.d/init.d/sendmail restart

From: Jeppe Sorensen of maxiom.se ...
One can solve the security issue by simply putting the mail2news.pl script in the /etc/smrsh directory and chown and chmod the file accordingly.

6.5 Documentation

With RedHat, sendmail documentation does not install by default. I comes in a separate RPM with a name like sendmail-doc-8.9.3-10.i386.rpm. This will create /usr/doc/sendmail

rpm -i sendmail-doc-*

http://www.sendmail.org/ ca/email/doc/op-sh-5.html describes the syntax of sendmail.cf. I hope you don't have to use it.

This is a description of the features you are modifying in sendmail.mc http://www.sendmail.org/m4/features.html

Sendmail has a man page...

man sendmail

6.6 Unprivledged

If you are having trouble, and create an e-mail alias with a different (simpler) target script to test it, remember that sendmail runs the program as an unprivledged user, who probably doesn't have privledges to write anywhere except globally writable directories such as /tmp.


Next Previous Contents