[Mailman-Users] sendmail bounces

Brad Knowles brad at stop.mail-abuse.org
Wed Sep 8 18:21:31 CEST 2004 

At 11:53 PM +0800 2004-09-08, David Cake wrote:

>  	The only error I seem to be getting is
>  dangerous permissions=42755 on queue directory /var/spool/mqueue-client/
>  	which I can't seem how to turn off - I'm not even sure why its there
>  are all, given that dir is not group or world writable - or how to turn
>  off this warning with DontBlameSendmail

	The problem could be with a parent directory above this one.  Or, 
it could be with a parent directory of a symbolic link pointing to 
something in this path.  This can be a difficult one to debug.

>  (DontBlameSendmail? I want to go round to Eric Allmans house and slap him)

	Everyone was riding Eric's case because there were so many ways 
that people were finding to break into systems via weaknesses that 
were not directly the fault of sendmail, but through which sendmail 
gave them an attack vector.  He nearly killed himself tightening down 
the security for version 8 sendmail so that this sort of thing was no 
longer possible.


	Unfortunately, there are an infinite number of vendors who ship 
an infinite number of systems that are themselves broken in one way 
or another, and where the extremely strict security model insisted 
upon by sendmail will cause other things to break.

	That's why Eric came up with this option, so as to allow you to 
shoot yourself in the foot (or blow it off with thermonuclear 
weapons), if you so chose -- but he made sure that you would have to 
explicitly configure sendmail to do that, and he made sure that when 
the worst did happen as a result, you couldn't blame sendmail for 
your security breach.


	You do *NOT* even *joke* about slapping Eric without going 
through me first.

	If you want to tangle with me, I'll be glad to meet you in a dark 
alley at an upcoming LISA or SANE conference.  Just let me know when 
and where.

	But don't be too surprised if I bring along a few like-minded 
friends who will be there to make sure that things stay on the 
up-and-up.


	And if you don't like tangling with me, I can introduce you to a 
few other friends of Eric -- in your case, most likely including K. 
Robert Elz, a.k.a., "kre".

-- 
Brad Knowles, <brad at stop.mail-abuse.org>

"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."

     -- Benjamin Franklin (1706-1790), reply of the Pennsylvania
     Assembly to the Governor, November 11, 1755

   SAGE member since 1995.  See <http://www.sage.org/> for more info.

More information about the Mailman-Users mailing list