On Thu, 6 Jul 2006, Dominique Feyer wrote:
Just add (for the archives :-) this problematic binary reported is not "sendmail", but the sendmail-wrapper of postfix :-)
there is this sentence in one of the mails: (the postfix comptatibility command, not sure for the orginal sendmail binary).
Real sendmail is setgid and uses its own smmsp group in Debian Sarge. (No setuid).
If the deliver is setuid/setgid, the sendmail binary must be setuid/setgid too. Without this sendmail try to check limits.conf (pam) for the virtual user. For the system the virtual user doesn't exist and sendmail crash with a segfault (signal 11)
Before that, I try to do a wrapper in bash to lauch sendmail with sudo (more configurable than setgid), but a virtual user can't use sudo. You must configure pam to have this virtual user in linux too.
Sendmail as setgid binary is not a really good solution for security, but it's the only solution I found.
On a lots of system sendmail is setgid, but not on debian.
Le jeudi 06 juillet 2006 à 19:48 +0800, Timothy White a écrit :
On 7/6/06, Dominique Feyer dfeyer@net4all.ch wrote:
After many new test, i solve thi problem ;-)
This was a setuid and pam problem, so no bug from LDA or Dovecot.
Just for the archives, and encase someone else hits this problem, would you care to share the solution?
Thanks
Tim
-- Steffen Kaiser