By default, the makemap program produces mode 0640 db files, owner root, group root. This is appropriate for db files which will be utilized only by the SMTP daemon. However, if the FEATURE(`genericstable') is being used, the MSP daemon needs to be able to access the genericstable.db file. That means genericstable.db needs to be either group smmsp or world readable. (Granted, since makemap writes a new db file by truncating the existing file (instead of creating a new temporary file and then linking it to the correct filename), if one manually adjusts the genericstable.db so that the MSP daemon can read it, it resolves the problem as long as the genericstable.db file is never deleted. But relying on manual correction is a bug. Sendmail should get the permissions correct automatically.) The way I resolved this was to edit /etc/mail/Makefile and add another step to the %.db target: %.db : % @makemap hash $@ < $< @if test "$@" = genericstable.db; then \ chgrp smmsp genericstable.db; \ fi What I'm pondering now is if any other db files need to be readable by the MSP daemon. (I don't *think* so, but so far, I haven't put Red Hat 8.0 on any "real" mail servers, and my development box doesn't do any complicated sendmail stuff.) Anyway, do you have a better idea how to resolve the problem of ensuring that the MSP daemon has access to the db files it needs to consult?
I should have been more general: this not only affects the MSP daemon (i.e., the queue runner for /var/spool/clientmqueue), but /usr/sbin/sendmail itself, whenever it's being invoked locally as mail submission program.
Seems TrustedUser is not set correctly as option. Florian La Roche
I was considering doing that, but I wanted to figure out why Red Hat didn't already do that in the provided sendmail.mc file. (Despite what the Installation and Operating Guide states, I can't see how TrustedUser affects "starting the daemon". Setting TrustedUser to smmsp does make it so that the database files are owned by the smmsp user, though.)
Placing the following line: define(`confTRUSTED_USER', `smmsp') ...into sendmail.mc seems to work, without any side-effects. IMHO, this line should be in Red Hat Linux's /etc/mail/sendmail.mc file out-of-the-box; users shouldn't have to add it themselves. I've updated the Summary info for this bug accordingly
Seems submit.cf gets this right, but .mc needs this extra line added. This is now fixed in 8.12.7-5 and newer. Thanks a lot, Florian La Roche