Hi,
Problem:
using procmail as local mailer sets the wrong permissions in /var/mail.
Scenario:
I am using OpenBSD 3.7 with sendmail Version 8.13.3:
Compiled with: DNSMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7
NAMED_BIND NETINET NETINET6 NETUNIX NEWDB NIS PIPELINING
SASLv2 SCANF STARTTLS TCPWRAPPERS USERDB XDEBUG
and by using FEATURE(`local_procmail') Mlocal in sendmail.cf is:
Mlocal, P=/usr/local/bin/procmail, F=lsDFMAw5:/|@qSPfhn9,
S=EnvFromL/HdrFromL, R=EnvToL/HdrToL,
T=DNS/RFC822/X-Unix,
A=procmail -Y -a $h -d $u
Now I create a new user (adduser) e.g bob and send him from root an
email.
Looking at /var/mail/ shows me:
-rw-rw---- 1 bob wheel 853 Jul 2 00:30 bob
So after running /etc/security I receive:
Checking mailbox ownership.
user bob mailbox is -rw-rw----, group wheel
Disabling/not using FEATURE(`local_procmail') with sendmail.cf Mlocal:
Mlocal, P=/usr/libexec/mail.local, F=lsDFMAw5:/|@qrmn9S,
S=EnvFromL/HdrFromL, R=EnvToL/HdrToL,
T=DNS/RFC822/X-Unix,
A=mail -d $u
and sending the new user an email from root /var/mail gives me:
-rw------- 1 bob wheel 853 Jul 2 00:30 bob
So /etc/security is not moaning anymore.
Question:
So my issue is that using procmail as local mailer sets the wrong
permissions.
Is this now less important and known or is it a security
risk?
And is the only way to avoid setting this permissions to change them in
/var/mail by hand?
Oliver
--
... don't touch the bang bang fruit
