sendmail dropping outgoing email on the floor

Thomas Woerner twoerner at redhat.com
Tue Nov 2 13:42:07 UTC 2004 

Carlos Puchol wrote:
> self follow up ...
> 
> carlos puchol <cpg at users.sourceforge.net> wrote:
> 
>>[22:27:55](3)rome:cpg# ll -L /usr/sbin/sendmail*
>>-rwxr-sr-x  1 root smmsp  748296 Sep  1 03:20 /usr/sbin/sendmail
>>-rwsr-xr-x  1 root root  2089729 Sep 13 09:20 /usr/sbin/sendmail.exim
>>-rwxr-xr-x  1 root root   141344 Aug  5 08:03 /usr/sbin/sendmail.postfix
>>-rwxr-sr-x  1 root smmsp  748296 Sep  1 03:20 /usr/sbin/sendmail.sendmail
>>[22:28:01](3)rome:cpg#
>>
>>i can't. so -- i am baffled as to how the user/group and
>>the setuid was changed. i am 100% certain i did not change the
>>permissions or user/group by hand.
> 
> 
> after rebooting a couple of times
> i got the clientmqueue error again today and mail got dropped!
> admittedly i didn't notice before because i did not try
> sending email from the machine subject to this bug.
> 
> the permissions to /usr/sbin/sendmail.sendmail have
> gone _again_ to a user (my user - cpg)!!!
> 
> [15:02:38](1)rome:cpg# ll -L /usr/sbin/sendmail*
> -rwxr-xr-x  1 root root   141344 Aug  5 08:03 /usr/sbin/sendmail
> -rwsr-xr-x  1 root root  2089729 Sep 13 09:20 /usr/sbin/sendmail.exim
> -rwxr-xr-x  1 root root   141344 Aug  5 08:03 /usr/sbin/sendmail.postfix
> -rwxr-xr-x  1 cpg  users  748296 Sep  1 03:20 /usr/sbin/sendmail.sendmail
> [15:02:40](1)rome:cpg#
> 

First of all: Why is /usr/sbin/sendmail a copy and not a soft-link? 
alternatives generates soft-links. Have you made this change by hand?

And at the moment you are using a copy of postfix and not sendmail.


> i don't know how this can happen. this seems quite dangerous!
> thankfully the setuid is no longer there, but this seems awfully
> "close" to a security issue - some process is (incorrectly) changing
> permissions of sensitive system files.
> 
> more later when i have a chance to debug this ...
> 

This is really strange. I have not seen this before.

> -c
> 


-- 
Thomas Woerner
Software Engineer            Phone: +49-711-96437-310
Red Hat GmbH                 Fax  : +49-711-96437-111
Hauptstaetterstr. 58         Email: Thomas Woerner <twoerner at redhat.com>
D-70178 Stuttgart            Web  : http://www.redhat.de/

More information about the test mailing list