Red Hat Bugzilla – Bug 9846
Normal user can change mqueue processing in sendmail
Last modified: 2008-05-01 11:37:54 EDT
At our server one of our users sent an undeliverable mail
with /bin/mail and with
added a daemon.
I was quite surprised when I saw in the mailog, that our server
tried 2000 times within one day to reach the unknown host. I was also
surprised a normal user can start sendmail as a daemon...
I don't have time right now to look at that closer. I set the permissions
of sendmail from rwsrwsr-x to rwxrwxr-x and changed the /var/spool/mqueue
from rwxrwxrwx (as linuxconf creates it) to rwx-wx-wx.
A normal user can yet still start a daemon, but sendmail doesn't process
the mails in mqueue any more. Yet you can still use mail.
Is sendmail supposed to work like that?
Assigning to a developer.This is an sendmail related issue and not a bugzilla related one so I am
refiling it under product: Red Hat Linux and component: sendmail. Then the
proper developer will be able to look at it.
This is normal behavior