Sendmail Error: Address <user> unsafe for mailing to programs

I am using sendmail to forward e-mail into a perl script using procmail.
I have just up graded to a new machine running sendmail version 8 and get the error above and am struggling with the tightened security.
.forward file 
 
|exec /usr/bin/procmail
 
 
.procmailrc file
 
PATH=/bin:/usr/bin:/usr/local/bin
MAILDIR=/var/mail
LOGFILE=/home/sysadmin/procmail/procmail.log
# Take copies of all incoming mail into the archive file
:0 c
original-log
# This is the normal mail handler
:0
* ^From.*info@good-domain.com
| /home/sysadmin/procmail/rewrite forward
# This recipe forwards any mail to "alert" if it does not come from info@good-domain.com
:0
! alert

Open in new window

inscribble82Asked:
Who is Participating?
 
jar3817Connect With a Mentor Commented:
It seems like it should, but I'm not positive. But now you're able to send to non-root users and have it piped into procmail?
0
 
jar3817Commented:
You can't forward to any old program, it's a security hazard, and sendmail has a restricted shell. You have to put the program in the directory that this restricted shell allows.

Typically it's something like /etc/smrsh
0
 
jar3817Commented:
...additional thought:

check out the man page for smrsh it'll explain all of this and tell you where the scripts should go (default is /etc/smrsh)
0
Cloud Class® Course: C++ 11 Fundamentals

This course will introduce you to C++ 11 and teach you about syntax fundamentals.

 
inscribble82Author Commented:
there is a symbolic link from /etc/smrsh to /usr/bin/procmail.

I have duplicated the configuration for root and it works OK.
0
 
jar3817Commented:
Hmmm...how do the permissions look?
0
 
inscribble82Author Commented:
I have made some progress on this in that I can make it work for any user by adding
DontBlameSendmail=NonRootSafeAddr

While this works, shouldn't adding the user to TrustedUsers have the same effect?
0
 
inscribble82Author Commented:
Although I would like to understand what is actually causing the problem (presumably the permissions on one particular file). Needs must! and I must move on to the next crisis in my day!

Ho Hum!

Many thanks for your help.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.