php mail() function not working

serge_ss-rieW9WUcm8FFJ04o6PK0Fg at public.gmane.org serge_ss-rieW9WUcm8FFJ04o6PK0Fg at public.gmane.org
Tue Oct 7 18:42:06 UTC 2003 

Well, the issue is that postfix's sendmail (stub) shoud be run either under postfix or root privileges, otherwise you will get "permission denied" error because of access rights set on 'postdrop' and other postfix's directories which are approximately dxrw-r---- (well, don't kill me for the small mistakes). And sendmail (stub) (at least the one Keith has installed) runs all other services (postdrop, .....) under the same privilege it was run (well, it's the fact). I mean if you are logged in with the name 'jdoe' and try to run (postfix's) /../sendmail -i -t from console you will get the "postdrop ....permission denied" error message. PHP itself runs a program defined in "sendmail_path" variable of its php.ini file using popen(...), which can end up running it like exec("...","sh","-c","$sendmail_path").

And another thing, is that you can't use /mail because PHP doesn't use \n.\n, but just closes the pipe, initiating the end of session.

Sergey


> 
> From: Fraser Campbell <fraser-Txk5XLRqZ6CsTnJN9+BGXg at public.gmane.org>
> Date: 2003/10/07 Tue PM 12:58:17 EST
> To: tlug-lxSQFCZeNF4 at public.gmane.org
> Subject: Re: [TLUG]: php mail() function not working
> 
> On Tuesday 07 October 2003 12:01, serge_ss-rieW9WUcm8FFJ04o6PK0Fg at public.gmane.org wrote:
> > Well, the security implications are understandable, but what's the solution
> > if sendmail and other stuff are run under apache user, and su .... -c
> > '/usr/sbin/sendmail -t -i' doesn't work. The only other solution I see, is
> > to write a stub that would accept input from php and then send it to
> > postfix under different privileges.  
> 
> /usb/sbin/sendmail can be run by any user on the system, no need to su, no 
> need for it to be suid/sgid (we're talking postfix systems here not 
> necessarily others).  Programs such as /bin/mail, pine, mutt, php, etc. all 
> use this program directly, users running those programs should not be members 
> of the postdrop group.
> 
> As I understand it, /usr/sbin/sendmail passes mail to a program called 
> postdrop for further processing.  Taking a stab at Keith's problem I guessed 
> that his postdrop binary is not setgid postdrop, if that is the case he will 
> definitely get a permission denied message when running /usr/sbin/sendmail 
> (and consequently postdrop).
> 
> On a redhat system you should probably have these permissions seem typical:
> 
>     /usr/sbin/sendmail.postfix, owner root:root, mode 555 (or 755)
>     /usr/sbin/postdrop, owner root:postdrop, mode 2555 (or 2775)
>     /var/spool/postfix/maildrop/, owner postfix:postdrop, mode 730
> 
> The only difference on my Debian systems is that /var/spool/postfix/maildrop/ 
> has the sticky bit set (mode 1730), this may not be necessary.
> 
> -- 
> Fraser Campbell <fraser-Txk5XLRqZ6CsTnJN9+BGXg at public.gmane.org>                 http://www.wehave.net/
> Halton Hills, Ontario, Canada                       Debian GNU/Linux
> 
> --
> The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
> TLUG requests: Linux topics, No HTML, wrap text below 80 columns
> How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
> 

--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml

More information about the Legacy mailing list