php mail() function not working

serge_ss-rieW9WUcm8FFJ04o6PK0Fg at public.gmane.org serge_ss-rieW9WUcm8FFJ04o6PK0Fg at public.gmane.org
Tue Oct 7 16:01:52 UTC 2003 

Well, the security implications are understandable, but what's the solution if sendmail and other stuff are run under apache user, and su .... -c '/usr/sbin/sendmail -t -i' doesn't work. The only other solution I see, is to write a stub that would accept input from php and then send it to postfix under different privileges.  

Sergey


> 
> From: Fraser Campbell <fraser-Txk5XLRqZ6CsTnJN9+BGXg at public.gmane.org>
> Date: 2003/10/07 Tue AM 08:26:17 EST
> To: tlug-lxSQFCZeNF4 at public.gmane.org
> Subject: Re: [TLUG]: php mail() function not working
> 
> On Monday 06 October 2003 19:31, Keith Mastin wrote:
> 
> > As it turned out, it had nothing to do with the code. Postfix-2.0.15
> > wasn't accepting mail from apache, failing with a permission error to
> > write to the postdrop directory. We mucked around with it for a while, and
> > finally came to the conclusion that the only way for this to work now is
> > to add the user apache to the postfix and postdrop groups. I'm still
> > unsure of all the security implications here, but I'm sure there will be
> > something.
> 
> There's no way that apache should be a member of the postdrop group.  The 
> implication is that apache can write directly to the maildrop directory.  A 
> malicious apache process (CGI or whatever) could dump bogus data into the 
> postdrop directory possibly screwing up legitimate email delivery, if it 
> isn't a shared server then the risk is pretty small.  Postfix tries to be 
> smart about security, using multiple processes for each step in delivery, one 
> process not trusting the other so I doubt that the security implications are 
> more serious than a DoS.
> 
> If you read the postfix anatomy documents 
> (http://www.postfix.org/receiving.html) you'll see that /usr/sbin/sendmail 
> invokes postdrop to deliver mail into the maildrop directory.  I suspect that 
> the permissions on your postdrop program are incorrect, they look like this 
> on Debian:
> 
> -r-xr-sr-x    1 root     postdrop     7564 Jul 28 18:58 /usr/sbin/postdrop
> 
> -- 
> Fraser Campbell <fraser-Txk5XLRqZ6CsTnJN9+BGXg at public.gmane.org>                 http://www.wehave.net/
> Halton Hills, Ontario, Canada                       Debian GNU/Linux
> 
> --
> The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
> TLUG requests: Linux topics, No HTML, wrap text below 80 columns
> How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
> 

--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml

More information about the Legacy mailing list