Re: sendmail without root privs cannot bind.
- In reply to: Arthur Chance : "Re: sendmail without root privs cannot bind."
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 30 Nov 2021 12:39:09 UTC
On 30/11/2021 7:53 pm, Arthur Chance wrote: > On 30/11/2021 08:42, Dewayne Geraghty wrote: >> Today I decided that it was time to move sendmail from root to an >> unprivileged user. >> >> Unfortunately I was blocked by >> Nov 30 16:48:19 b3 sm-mta[91296]: NOQUEUE: --- 451 4.0.0 >> opendaemonsocket: daemon ExtSSL4: cannot bind: Permission denied (hold) >> Nov 30 16:48:19 b3 sm-mta[91296]: NOQUEUE: SYSERR(smmsp): >> opendaemonsocket: daemon ExtSSL4: cannot bind: Permission denied >> Nov 30 16:48:19 b3 sm-mta[91296]: daemon ExtSSL4: problem creating SMTP >> socket >> Nov 30 16:48:19 b3 sm-mta[91296]: NOQUEUE: --- 421 4.0.0 >> opendaemonsocket: daemon ExtSSL4: >> server SMTP socket wedged: exiting (hold) >> Nov 30 16:48:19 b3 sm-mta[91296]: NOQUEUE: SYSERR(smmsp): >> opendaemonsocket: daemon ExtSSL4: server SMTP socket wedged: exiting >> >> which was disappointing. It almost appears as though the >> security.mac.portacl.rules isn't being processed, but it is because we >> also have named and apache running with unpriv'ed accounts. >> >> Does anyone have sendmail running without root? My magical >> rubber-chicken doesn't seem to be working... >> >> How did I get here... >> 1. Added define(`confTRUSTED_USER', `smmsp')dnl tos endmail.mc >> 2. changed permissions on /etc/mail /var/spool/mqueue ... to the same user >> 3. added uid:25:tcp:25,uid:25:tcp:465,uid:25:tcp:587 to >> security.mac.portacl.rules >> 4. rebooted the box > It's probably me misunderstanding, but how did you ensure > security.mac.portacl.rules had those settings after the reboot? > Thanks Arthur. I'm unsure, but I manually stopped sendmail and set security.mac.portacl.rules, then restarted. Though I did verify security.mac.portacl.port_high which needed to be increased to catch 587. The problem remains elusive and I'm out of ideas. :(