Issues with sendmail (nosmdmail) explained

Troubleshooting

Problem

Permission denied when users try to send mail from command line due sendmail issue

Symptom

Users were unable to send mail at the command line, they were receiving the following error when they ran the mail command:

can not chdir(/var/spool/mqueue/): Permission denied

Cause

Program mode requires special privileges, e.g., root or TrustedUser.

Diagnosing The Problem

The problem described is a feature of sendmail, in an effort to close system security gaps through sendmail. We should not modify this behavior. In previous version of sendmail, any user used to be able to send outbound mail by calling sendmail directly without sendmail daemon running. This no longer is the case. Please also note, that previous way of stopping sendmail daemon from running (implemented for NPS systems running LAS2.1) no longer works in LAS4.0 based systems. This is not an OS problem. This is an evolution of sendmail behavior toward higher security affecting all systems with new sendmail installed.

In new LAS4.0 based systems smtpd is shutdown by default. nosmdmail was installed latter to allow system jobs to send mail when smtpd is not up while not requiring changes in existing system applications.

Resolving The Problem

If the user requests to allow many users to log-in to NPS hosts and send mail from there, the best practice is to re-enable sendmail daemon. Enabling the daemon is a security risk, especially if they configure it incorrectly. Sendmail is much more secure now in its default configuration.
Steps to re-enable sendmail daemon:

1. Make sure /bin/mail is a link, remove the link by “rm /bin/mail”
2. mv /bin/mail.org /bin/mail” – restore original mail program
3.chkconfig –level 345 sendmail on” – enable sendmail during system boot time
4. service sendmail start” – start sendmail now (without reboot)

Additional Technical Information

nosmdmail is a front-end of /bin/mail for sending mail messages when sendmail v8 daemon is shutdown. nosmdmail will handle sending mail using sendmail -Am -it options. If message content comes directly from STDIN and only -v, -s, -c and/or -b options are used.

Control is passed to original /bin/mail if nosmdmail encounters options it does not handle. Such conditions include mail reading and full interactive message composition.

Note: If sendmail v8 daemon is not started, /bin/mail will deposit emails in /var/mail/clientqueue and the mail will stay there until sendmail daemon runs.

To install nosmdmail in /usr/bin/nosmdmail (or /bin/nosmdmail), do the following:

1. Run the following to backup original mail program:

mv /bin/mail /bin/mail.org

2. Run the following to create a symbolic link:

ln -s /usr/bin/nosmdmail /bin/mail

Usage:
1. direct call: /usr/bin/nosmdmail [-v] [-s subject] [-c cc-addr] [-b bcc-addr] to-addr.. < messege_file
2. As /bin/mail front-end: mail (any valid /bin/mail call options)

[{"Product":{"code":"SSULQD","label":"IBM PureData System"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":null,"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"1.0.0","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}]

Historical Number

NZ966088

Was this topic helpful?

Document Information

Modified date:
17 October 2019

UID

swg21569260

Tips