[TriLUG] Sendmail doesn't send mail on first attempt?...
Brian Henning
brian at strutmasters.com
Tue Dec 12 16:56:18 EST 2006
Well, at any rate, that doesn't seem to be the problem, either.
However, this does reveal that smmsp does not have read permissions to
/var/spool/mqueue
Could this be one of those inaccurate error-message situations?
Right now,
rwx------ root mail /var/spool/mqueue
would it be safe and/or recommended to add g+rx to /var/spool/mqueue and
put smmsp in the mail group?
~Brian
Daniel Sterling wrote:
> Brian Henning wrote:
>> iptables doesn't have per-user ability, does it? I thought it only
>> examined packet headers, which I didn't think had any info about local
>> user in them..
>
> iptables has access to any information the kernel has about the packet,
> and can indeed route packets based on user id. For example, to set up a
> transparent proxy, I've got the following rule:
> $ sudo /sbin/iptables -t nat -L
> ...
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
> REDIRECT tcp -- anywhere anywhere ! OWNER UID
> match proxy tcp dpt:www redir ports 3128
>
> Which redirects port 80 to port 3128 for all packets except packets
> generated by the proxy user.
>
>> I can't access a shell from that account (which is sensible)
>
> You should be able to with e.g.
>
> sudo su smmsp -s /bin/bash
>
> -- Dan
>
>> I can, however, telnet to strutmasters.net:25 from a
>> standard unprivileged account.
>
> cool, does this work? another thing you can do is fire up your favorite
> packet sniffer and see what's going out on the wire.
>
> -- Dan
>
--
----------------
Brian A. Henning
strutmasters.com
336.597.2397x238
----------------
More information about the TriLUG
mailing list