sendmailSearch this book
Previous: 15.1 Test the Configuration FileChapter 15
Install and Test the File
Next: 15.3 MX Records

15.2 The Real Queue Directory

In the current file, the queue directory is defined as /tmp. Because of its nature, the /tmp directory is always world-readable, -writable, and -searchable. Any file that is placed in /tmp can possibly be accessed, copied, or removed by any user. The use of /tmp clearly violates the need for confidentiality.

Another drawback to using /tmp is that /etc/rc files, which are executed when the system boots, often remove everything from /tmp. You certainly would not want queued mail messages removed just because the machine rebooted.

Instead of /tmp, you should use the existing mail queue directory to store queued messages. If you haven't already done so, find that location by looking for the QueueDirectory (Q) option in your existing file:

% egrep "^OQ|QueueDirectory" /etc/

Here, we look for lines in the /etc/ file that begin with the letters OQ (an old-style declaration) or that use the new option name QueueDirectory. Remember that your file may not be in /etc. Replace the location used above with one that is suitable for your situation.

Edit the file and replace /tmp with what you found. At the same time, remove the comment that was left there reminding you to do just that:

O QueueDirectory=/tmp  # BEWARE: use /var/spool/mqueue upon release  <- change this
O QueueDirectory=/var/spool/mqueue                                   <- to this

This change causes sendmail to use the correct queue directory, but it has an unfortunate side effect. Recall that sendmail runs as the root unless an unsafe command-line switch causes it to give up that privilege. The -C switch that you've been using all along to run sendmail is just such an unsafe switch. Consequently, if you were to now run sendmail as:

% ./sendmail you

the -C would cause sendmail to run as an ordinary user. For confidentiality the queue directory is usually protected by making it accessible only to root. Ordinary users, such as we've been assuming you are, lack permission to access the queue directory. Running the above command now will likely result in a error similar to the following:

queuename: Cannot create "qfIAA12390" in "/var/spool/mqueue" (euid=4010): 
Permission denied

You need to install the file in place of the system file so that you can successfully run sendmail. With the file installed, you no longer need to use the -C switch to tell sendmail where to find its configuration file. Unfortunately, before you can make that change, you need to first make sure other machines know about it.

Previous: 15.1 Test the Configuration FilesendmailNext: 15.3 MX Records
15.1 Test the Configuration FileBook Index15.3 MX Records