Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 586
  • Last Modified:

Sendmail Error: Address <user> unsafe for mailing to programs

I am using sendmail to forward e-mail into a perl script using procmail.
I have just up graded to a new machine running sendmail version 8 and get the error above and am struggling with the tightened security.
.forward file 
 
|exec /usr/bin/procmail
 
 
.procmailrc file
 
PATH=/bin:/usr/bin:/usr/local/bin
MAILDIR=/var/mail
LOGFILE=/home/sysadmin/procmail/procmail.log
# Take copies of all incoming mail into the archive file
:0 c
original-log
# This is the normal mail handler
:0
* ^From.*info@good-domain.com
| /home/sysadmin/procmail/rewrite forward
# This recipe forwards any mail to "alert" if it does not come from info@good-domain.com
:0
! alert

Open in new window

0
inscribble82
Asked:
inscribble82
  • 4
  • 3
1 Solution
 
jar3817Commented:
You can't forward to any old program, it's a security hazard, and sendmail has a restricted shell. You have to put the program in the directory that this restricted shell allows.

Typically it's something like /etc/smrsh
0
 
jar3817Commented:
...additional thought:

check out the man page for smrsh it'll explain all of this and tell you where the scripts should go (default is /etc/smrsh)
0
 
inscribble82Author Commented:
there is a symbolic link from /etc/smrsh to /usr/bin/procmail.

I have duplicated the configuration for root and it works OK.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
jar3817Commented:
Hmmm...how do the permissions look?
0
 
inscribble82Author Commented:
I have made some progress on this in that I can make it work for any user by adding
DontBlameSendmail=NonRootSafeAddr

While this works, shouldn't adding the user to TrustedUsers have the same effect?
0
 
jar3817Commented:
It seems like it should, but I'm not positive. But now you're able to send to non-root users and have it piped into procmail?
0
 
inscribble82Author Commented:
Although I would like to understand what is actually causing the problem (presumably the permissions on one particular file). Needs must! and I must move on to the next crisis in my day!

Ho Hum!

Many thanks for your help.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now