Majordomus installation into sendmail
Submitted by admin on Thu, 2000-01-06 13:52.
download rpm package, e.g. from http://ftp.ms.cuni.czinstall rpm -i majordomo-1.94.1-4.i386.rpm. Program is installed into
/usr/lib/majordomo/, /usr/man/majordomo/, /usr/doc/majordomo/create group "majordom", user "majordom" (adduser majordom) and
directories according to /etc/majordomo.cf (/var/lib/majordomo/archive,
file /var/log/majordomo/majordomo.log (touch /var/log/majordomo/majordomo.log)Change owner all of these files majordom/majordom.
chmod /usr/lib/majordomo (770), /var/lib/majordomo (750),
/var/lib/majordomo/lists (770!), /var/lib/majordomo/archive (770!),
/var/lib/majordomo/digest (770), /var/log/majordomo (774)change sendmail alias list in /etc/aliases
# common majordomo: |"usr/lib/majordomo/wrapper majordomo" owner-majordomo: majordomo-owner majordomo-owner: majordom majordom: joe # for each maillist make, here "news" news: "|/usr/lib/majordomo/wrapper resend -p bulk -M 10000 -l news -f news-owner -h your-domain.cz -s news-outgoing" news-owner: owner-news news-outgoing: :include:/var/lib/majordomo/lists/news, news-archive news-archive: /var/lib/majordomo/archive/news news-request: "|/usr/lib/majordomo/wrapper request-answer news" news-digest: news news-approval: news-owner owner-news-digest:news-owner owner-news-request: news-owner owner-news-digest-outgoing:news-owner owner-news: bill,Program processes mail sent to special address "email@example.com" and controls this way login, logout, subscriptions. Received mail is processed in /usr/lib/majordomo/wrapper, key words (subscribe, unsubscribe, lists,...) are caught and executed. Mail sent to "news-request" are sent to all maillist receipients in :include:/var/lib/majordomo/lists/news and saved in /var/lib/majordomo/archive/news. Requests (e.g. lists) are returned to news-request, news-approval is dedicated to moderator. Now access right and security problems arises. Sendmail is executed as "mail/mail" (set in etc/sendmail.cf O DefaultUser=UID:GID). This user must have enough rights to execute /usr/lib/majordomo/wrapper. This wrapper run as "majordom/majordom" (logging, access into /var/lib/majordomo/lists/news, locks /usr/lib/majordomo/, etc.). Test using pearl script ./wrapper config-test majordomo from /usr/lib/majordomo. The help advises do not execute as "root" or "majordom" but I tested it as "root". Better should execute as "mail". Eliminate mistakes (not all are correct) check aliases. Send mail to firstname.lastname@example.org and check what happened. Our system returns message: sh: wrapper not available for sendmail program 554 "|/usr/lib/majordomo/wrapper majordomo" ... service unavailable Sendmail uses secure shell "smrsh". All files allowed to execute must be references using symbolic links to usr/adm/sm.bin (or /etc/smrsh). Set link /etc/smrsh/@wrapper to usr/lib/majordomo/wrapper. Similar case when writing to archive /var/lib/majordomo/archive/news (make link /etc/smrsh/@archive-news->/var/lib/majordomo/archive/news). Now send command "subscribe news" and try send test message to "news". But now is returned error "Group writable directory" means - sendmail won't use from security reasons include, because chmod have group write access. Change owner and rights (or in /etc/sendmail.cf set "O UnsafeGroupWrites=False", "O DontBlameSendmail=groupwritabledirpathsafe,includefileinunsafedirpath, includefileinunsafedirpathsafe" and restart sendmail).