- Log in to post comments
Instalation:
1 download rpm package, e.g. from http://ftp.ms.cuni.cz
2 install rpm -i majordomo-1.94.1-4.i386.rpm. Program is installed into
/usr/lib/majordomo/, /usr/man/majordomo/, /usr/doc/majordomo/
3 create group "majordom", user "majordom" (adduser majordom) and
directories according to /etc/majordomo.cf (/var/lib/majordomo/archive,
/var/lib/majordomo/digest, /var/lib/majordomo/lists,/var/log/majordomo),
file /var/log/majordomo/majordomo.log (touch /var/log/majordomo/majordomo.log)
4 Change owner all of these files majordom/majordom.
chmod /usr/lib/majordomo (770), /var/lib/majordomo (750),
/var/lib/majordomo/lists (770!), /var/lib/majordomo/archive (770!),
/var/lib/majordomo/digest (770), /var/log/majordomo (774)
5 change sendmail alias list in /etc/aliases
Example:
$$$
# common
majordomo: |"usr/lib/majordomo/wrapper majordomo"
owner-majordomo: majordomo-owner
majordomo-owner: majordom
majordom: joe
# for each maillist make, here "news"
news: "|/usr/lib/majordomo/wrapper resend -p bulk -M 10000 -l news -f news-owner -h your-domain.cz -s news-outgoing"
news-owner: owner-news
news-outgoing: :include:/var/lib/majordomo/lists/news, news-archive
news-archive: /var/lib/majordomo/archive/news
news-request: "|/usr/lib/majordomo/wrapper request-answer news"
news-digest: news
news-approval: news-owner
owner-news-digest:news-owner
owner-news-request: news-owner
owner-news-digest-outgoing:news-owner
owner-news: bill,
Program processes mail sent to special address "majordomo@your-address.cz" and
controls this way login, logout, subscriptions. Received mail is processed
in /usr/lib/majordomo/wrapper, key words (subscribe, unsubscribe, lists,...)
are caught and executed. Mail sent to "news-request" are sent to all
maillist receipients in :include:/var/lib/majordomo/lists/news and
saved in /var/lib/majordomo/archive/news. Requests (e.g. lists) are returned to
news-request, news-approval is dedicated to moderator.
Now access right and security problems arises. Sendmail is executed as "mail/mail"
(set in etc/sendmail.cf O DefaultUser=UID:GID). This user must have enough
rights to execute /usr/lib/majordomo/wrapper. This wrapper
run as "majordom/majordom" (logging, access into
/var/lib/majordomo/lists/news, locks /usr/lib/majordomo/, etc.).
Test using pearl script ./wrapper config-test majordomo from /usr/lib/majordomo.
The help advises do not execute as "root" or "majordom" but
I tested it as "root". Better should execute as "mail". Eliminate
mistakes (not all are correct) check aliases.
Send mail to majordomo@your-domain.cz and check what happened.
Our system returns message:
sh: wrapper not available for sendmail program
554 "|/usr/lib/majordomo/wrapper majordomo" ... service unavailable
Sendmail uses secure shell "smrsh". All files allowed to execute
must be references using symbolic links to usr/adm/sm.bin (or
/etc/smrsh). Set link /etc/smrsh/@wrapper to usr/lib/majordomo/wrapper.
Similar case when writing to archive /var/lib/majordomo/archive/news
(make link /etc/smrsh/@archive-news->/var/lib/majordomo/archive/news).
Now send command "subscribe news" and try send test message to "news".
But now is returned error "Group writable directory" means -
sendmail won't use from security reasons include, because chmod
have group write access. Change owner and rights (or in /etc/sendmail.cf
set "O UnsafeGroupWrites=False",
"O DontBlameSendmail=groupwritabledirpathsafe,includefileinunsafedirpath,
includefileinunsafedirpathsafe" and restart sendmail).