SecurityCertified

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Thursday, November 18, 2010

FreeBSD Sendmail Problem

Posted on 7:32 AM by Unknown
Thanks for the help with my script issue recently. I was wondering if anyone has seen this problem with Sendmail? I aliased root to "taosecurity at gmail dot com" as shown below. (I used the real email address on the computer.) This is a fresh install of FreeBSD 8.1.

$ uname -a
FreeBSD vm.taosecurity.com 8.1-RELEASE FreeBSD 8.1-RELEASE #0: \
Mon Jul 19 02:55:53 UTC 2010    \
 root@almeida.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  i386

vm# diff -u /etc/aliases /etc/aliases.orig 
--- /etc/aliases 2010-11-18 10:30:37.000000000 -0500
+++ /etc/aliases.orig 2010-11-18 10:30:26.000000000 -0500
@@ -18,7 +18,6 @@
 # root's email from here.
 
 # root: me@my.domain
-root: taosecurity at gmail dot com
 
 # Basic system aliases -- these MUST be present
 MAILER-DAEMON: postmaster
vm# newaliases 
/etc/mail/aliases: 28 aliases, longest 21 bytes, 300 bytes total

My /etc/mail and /var/spool directories are pristine from the factory"

vm# ls -al /etc/mail
total 300
drwxr-xr-x   2 root  wheel    512 Oct 31 11:28 .
drwxr-xr-x  20 root  wheel   2048 Nov 18 10:30 ..
-rw-r--r--   1 root  wheel   6818 Jul 18 22:25 Makefile
-rw-r--r--   1 root  wheel   2905 Jul 18 22:25 README
-rw-r--r--   1 root  wheel    634 Jul 18 22:25 access.sample
-rw-r--r--   1 root  wheel   1695 Nov 18 10:30 aliases
-rw-r-----   1 root  wheel  65536 Nov 18 10:30 aliases.db
-rw-r--r--   1 root  wheel  58276 Jul 18 22:25 freebsd.cf
-rw-r--r--   1 root  wheel   4118 Jul 18 22:25 freebsd.mc
-r--r--r--   1 root  wheel  40751 Jul 18 22:25 freebsd.submit.cf
-r--r--r--   1 root  wheel    901 Jul 18 22:25 freebsd.submit.mc
-r--r--r--   1 root  wheel   5657 Jul 18 22:25 helpfile
-rw-r--r--   1 root  wheel    409 Jul 18 22:25 mailer.conf
-rw-r--r--   1 root  wheel    253 Jul 18 22:25 mailertable.sample
-rw-r--r--   1 root  wheel  58276 Jul 18 22:25 sendmail.cf
-r--r--r--   1 root  wheel  40751 Jul 18 22:25 submit.cf
-rw-r--r--   1 root  wheel    582 Jul 18 22:25 virtusertable.sample

vm# ls -al /var/spool
total 16
drwxr-xr-x   8 root   wheel   512 Jul 18 22:23 .
drwxr-xr-x  23 root   wheel   512 Nov 12 11:45 ..
drwxrwx---   2 smmsp  smmsp   512 Nov 18 10:00 clientmqueue
drwxrwxr-x   2 uucp   dialer  512 Nov 12 16:45 lock
drwxr-xr-x   2 root   daemon  512 Jul 18 22:23 lpd
drwxr-xr-x   2 root   daemon  512 Nov 18 10:31 mqueue
drwx------   2 root   daemon  512 Jul 18 22:23 opielocks
drwxr-xr-x   3 root   daemon  512 Jul 18 22:23 output

I can send email when testing as root (email addr "obfuscated"):

vm# date | sendmail -v -Am postmaster
postmaster... aliased to root
root... aliased to taosecurity at gmail dot com
taosecurity at gmail dot com... Connecting to gmail-smtp-in.l.google.com. via esmtp...
220 mx.google.com ESMTP n10si1312258qcu.1
>>> EHLO vm.taosecurity.com
250-mx.google.com at your service, [98.218.35.11]
250-SIZE 35651584
250-8BITMIME
250-ENHANCEDSTATUSCODES
250 PIPELINING
>>> MAIL From: SIZE=29
250 2.1.0 OK n10si1312258qcu.1
>>> RCPT To:
>>> DATA
250 2.1.5 OK n10si1312258qcu.1
354  Go ahead n10si1312258qcu.1
>>> .
250 2.0.0 OK 1290094272 n10si1312258qcu.1
taosecurity at gmail dot com... Sent (OK 1290094272 n10si1312258qcu.1)
Closing connection to gmail-smtp-in.l.google.com.
>>> QUIT
221 2.0.0 closing connection n10si1312258qcu.1

That worked. However, I cannot send email as a user:

$ date | sendmail -v -Am postmaster
postmaster... aliased to root
root... aliased to taosecurity at gmail.com
collect: Cannot write ./dfoAIFVDIG019327 (bfcommit, uid=1001, gid=25): Permission denied
queueup: cannot create queue file ./qfoAIFVDIG019327, euid=1001, fd=-1, fp=0x0: Permission denied

Behavior is the same on FreeBSD 7.3 with a fresh install.

I did a ton of research and usually found references to incorrect permissions, etc. In fact, in this post I got the idea to check directories using mtree:

r200a# mtree -p /var -e -U -f /etc/mtree/BSD.var.dist 
run changed
 permissions expected 0755 found 0777 modified
r200a# mtree -p /var -e -U -f /etc/mtree/BSD.sendmail.dist
./var missing (created)
./var/spool missing (created)
./var/spool/clientmqueue missing (created)

Computer r200a was another FreeBSD system where I tried to fix this problem. However, these changes made no difference.

Any ideas? Thank you.

Update: The reason I investigated this activity was I found errors like this in /var/log/messages on another FreeBSD system, r200b:

Nov 13 03:01:11 r200b sm-mta[40505]: oAD81AUR040505: Losing ./qfoAD81AUR040505: savemail panic
Nov 13 03:01:11 r200b sm-mta[40505]: oAD81AUR040505: SYSERR(root): savemail: cannot save rejected email anywhere

As you can see, whatever was trying to send email using sm-mta was failing.
Tweet
Email ThisBlogThis!Share to XShare to Facebook
Posted in freebsd | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • Review of Intelligence, 4th Ed Posted
    Amazon.com just posted my five star review of Intelligence: From Secrets to Policy, 4th Ed by Mark Lowenthall . From the review : I was a...
  • Practice of Network Security Monitoring Table of Contents
    Since many of you have asked, I wanted to provide an updated Table of Contents for my upcoming book, The Practice of Network Security Monito...
  • SQL Injection Challenge and Time-Based Security
    Thanks to this Tweet by @ryancbarnett, I learned of the lessons learned of the Level II component of the ModSecurity SQL Injection Challen...
  • A Book for the Korean Cyber Armies
    I've got a book for the Korean cyber armies, North and South. That's right, it's my first book , The Tao of Network Security Mo...
  • Bejtlich Teaching at Black Hat West Coast Trainings
    I'm pleased to announce that I will be teaching at  Black Hat West Coast Trainings  9-10 December 2013 in Seattle, Washington. This is a...
  • C-SPAN Posts Video of Tuesday Hearing
    You can now access video of Tuesday's House Select Committee on Intelligence Hearing on Cybersecurity at C-SPAN . Some people are alread...
  • Bejtlich's Thoughts on "Why Our Best Officers Are Leaving"
    Twenty-two years ago today I flew to Colorado Springs, CO and reported for Basic Cadet Training with the class of 1994 at the United States ...
  • Tort Law on Negligence
    If any lawyers want to contribute to this, please do. In my post Shodan: Another Step Towards Intrusion as a Service , some comments claim ...
  • Mandiant APT1 Report: 25 Best Commentaries of the Last 12 Days
    Two weeks ago today our team at Mandiant was feverishly preparing the release of our APT1 report . In the twelve days that followed public...
  • Three Free Issues of BSD Magazine in .pdf Format
    Karolina at BSD Magazine wanted me to let you know that she has posted three free .pdf issues online. The three cover FreeBSD, OpenBSD, a...

Categories

  • afcert
  • Air Force
  • analysis
  • announcement
  • apt
  • attribution
  • bestbook
  • blackhat
  • books
  • breakers
  • bro
  • bruins
  • certification
  • china
  • cisco
  • cissp
  • cloud
  • clowns
  • commodore
  • conferences
  • controls
  • correlation
  • counterintelligence
  • cybercommand
  • cyberwar
  • dfm
  • education
  • engineering
  • feds
  • fisma
  • freebsd
  • GE
  • ge-cirt
  • hakin9
  • history
  • impressions
  • information warfare
  • ipv6
  • law
  • leadership
  • malware
  • mandiant
  • microsoft
  • mssp
  • nsm
  • offense
  • oisf
  • packetstash
  • philosophy
  • pirates
  • powerpoint
  • press
  • psirt
  • reading
  • redteam
  • reviews
  • russia
  • sans
  • sec
  • sguil
  • snorby
  • spying
  • threat model
  • threats
  • Traffic Talk
  • training
  • tufte
  • tv
  • ubuntu
  • usenix
  • verizon
  • vulnerabilities
  • wisdom
  • writing

Blog Archive

  • ►  2013 (16)
    • ►  September (1)
    • ►  August (1)
    • ►  June (2)
    • ►  April (2)
    • ►  March (1)
    • ►  February (3)
    • ►  January (6)
  • ►  2012 (60)
    • ►  December (4)
    • ►  November (5)
    • ►  October (3)
    • ►  September (10)
    • ►  August (2)
    • ►  July (6)
    • ►  June (6)
    • ►  May (4)
    • ►  April (2)
    • ►  March (9)
    • ►  February (6)
    • ►  January (3)
  • ►  2011 (108)
    • ►  December (3)
    • ►  November (7)
    • ►  October (11)
    • ►  September (9)
    • ►  August (18)
    • ►  July (10)
    • ►  June (5)
    • ►  May (4)
    • ►  April (13)
    • ►  March (17)
    • ►  February (2)
    • ►  January (9)
  • ▼  2010 (193)
    • ►  December (14)
    • ▼  November (11)
      • Trying Ubuntu 10.10 in AWS Free Usage Tier
      • 60 Free Minutes with Ubuntu 10.10 in Amazon EC2
      • Stop Killing Innovation
      • The Problem Is with Gmail
      • FreeBSD Sendmail Problem
      • Thanks for Help with Startup Scripts
      • Calling FreeBSD Startup Script Experts
      • Two New Tools in Snort
      • Using Git with FreeBSD Sguil Scripts
      • Updates to Sguil on FreeBSD Scripts
      • Collage: Defeating Censorship [aka Security] with ...
    • ►  October (6)
    • ►  September (16)
    • ►  August (15)
    • ►  July (26)
    • ►  June (15)
    • ►  May (15)
    • ►  April (15)
    • ►  March (16)
    • ►  February (19)
    • ►  January (25)
  • ►  2009 (123)
    • ►  December (10)
    • ►  November (17)
    • ►  October (21)
    • ►  September (13)
    • ►  August (20)
    • ►  July (21)
    • ►  June (21)
Powered by Blogger.

About Me

Unknown
View my complete profile