sendmail的正确权限配置是什么 [英] What is the proper permission configuration of sendmail

问题描述

这个问题来自一个与此非常相似的问题https://serverfault.com/questions/320607/ubuntu-jaunty-sendmail-php-mail-premission-errors

This question comes from a problem much similar to this https://serverfault.com/questions/320607/ubuntu-jaunty-sendmail-php-mail-premission-errors

但这些答案并不能解决我的问题

But those answers don't solve my problem

我有一个使用 PHPMailer 发送电子邮件的 php 应用程序.

I have a php application which is using PHPMailer to send emails.

我在 ubuntu 12.04 LTS 上安装了 sendmail

I installed sendmail on my ubuntu 12.04 LTS with

sudo apt-get install sendmail
sudo sendmailconfig

但应用程序无法发送任何邮件.在 mail.err 它说:

But the application failed to send any mail. In the mail.err it says:

Apr 14 00:31:42 AY sendmail[32241]: NOQUEUE: SYSERR(www-data): can not chdir(/var/spool/mqueue-client/): Permission denied

www-data 是 apache2 的用户名.

while www-data is the username of apache2.

然后我按照互联网上的一些指南，将 www-data 添加到 smmsp 组:

Then I followed some guides from internet, add www-data to smmsp group:

sudo usermod -a -G smmsp www-data

现在当我

groups www-data

我明白

www-data : www-data smmsp

/etc/group 中的行是:

and the line in the /etc/group is:

smmsp:x:114:www-data

另外我确保访问/var/spool/mqueue-client/是 770

Also I made sure of access to /var/spool/mqueue-client/ is 770

/var/spool]$ ls -la
total 28
drwxr-xr-x  7 root   root  4096 Apr  2 00:21 .
drwxr-xr-x 11 root   root  4096 Apr 14 03:30 ..
drwxr-xr-x  5 root   root  4096 Aug  6  2012 cron
lrwxrwxrwx  1 root   root     7 Aug  6  2012 mail -> ../mail
drwxr-s---  2 smmta  smmsp 4096 Apr 14 06:25 mqueue
drwxrws---  2 smmsp  smmsp 4096 Apr 14 06:25 mqueue-client
drwxr-xr-x  2 root   root  4096 Apr 13  2012 plymouth
drwxr-xr-x  2 syslog adm   4096 Mar 31  2012 rsyslog

/]$ ls -ld /var/spool/mqueue-client/ /usr/sbin/sendmail
lrwxrwxrwx 1 root  root    26 Apr  2 00:21 /usr/sbin/sendmail -> /etc/alternatives/sendmail
drwxrws--- 2 smmsp smmsp 4096 Apr 14 06:25 /var/spool/mqueue-client/

但是当我尝试发送邮件时仍然出错

But I still get error when I try to send mail

Apr 14 03:26:57 AY sendmail[6131]: NOQUEUE: SYSERR(www-data): can not write to queue directory /var/spool/mqueue-client/ (RunAsGid=33, required=114): Permission denied

而 33 是​​ www-data 的 gid

while 33 is gid of www-data

www-data:x:33:

我应该怎么做才能使 sendmail 正常工作，但要保持安全?此外，在生产环境中，sendmail 的正确权限配置(用户、组和目录访问等)是什么?

What should I do to get sendmail work but keep the security? Further, What is the proper permission configuration (user, group, and directories access etc) of sendmail in a production environment ?

推荐答案

sendmail-8.12+ 的标准安装需要按照 set group id 安装 sendmail 二进制文件.
(/usr/sbin/sendmail -> ... ->/usr/lib/sm.bin/sendmail 在你的情况下)

Standard installation of sendmail-8.12+ requires to install sendmail binary as set group id.
(/usr/sbin/sendmail -> ... -> /usr/lib/sm.bin/sendmail in you case)

-rwxr-sr-x 1 根 smmsp ...

-rwxr-sr-x 1 root smmsp ...

如果您的软链接链尝试:

In case of your softlinks chain try:

 chown root:smmsp /usr/lib/sm.bin/sendmail
 chmod 2555 /usr/lib/sm.bin/sendmail

<小时>

推荐的权限在 sendmail 分发的 SECURITY 文件中描述.在我的 debian 上，该文件通过 sendmail-doc 包安装为 /usr/share/doc/sendmail-doc/sendmail/SECURITY.gz.

---

Recommended permissions are described in SECURITY file in sendmail distribution. On my debian the file is installed as /usr/share/doc/sendmail-doc/sendmail/SECURITY.gz by sendmail-doc package.

这篇关于sendmail的正确权限配置是什么的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！