I came across a very interesting sendmail issue the other day. I found that I was able to send emails, both as root and also as apache. However, whenever I ran a particular email script as root which simply opened up sendmail and passed it commands to generate an email, I would get the following error:
Aug 31 11:19:10 myserver sendmail[30588]: l7UNJAOD030588: SYSERR (apache): collect: Cannot write ./dfl7UNJAOD030588 (bfcommit, uid=48, gid=51): Permission denied Aug 31 11:19:10 myserver sendmail[30588]: l7UNJAOD030588: from=apache, size=903,, nrcpts=1, relay=apache@localhost Aug 31 11:19:10 myserver sendmail[30588]: l7UNJAOD030588: 0: fl=0x0, mode=10600: FIFO: dev=0/6, ino=2075297, nlink=1, u/gid=48/48, size=0 Aug 31 11:19:10 myserver sendmail[30588]: l7UNJAOD030588: 1: fl=0x1, mode=10600: FIFO: dev=0/6, ino=2075290, nlink=1, u/gid=48/48, size=0 Aug 31 11:19:10 myserver sendmail[30588]: l7UNJAOD030588: 2: fl=0x1, mode=10600: FIFO: dev=0/6, ino=2075291, nlink=1, u/gid=48/48, size=0 Aug 31 11:19:10 myserver sendmail[30588]: l7UNJAOD030588: 3: fl=0x2, mode=140777: SOCK localhost->[[UNIX: /dev/log]] Aug 31 11:19:10 myserver sendmail[30588]: l7UNJAOD030588: 4: fl=0x1, mode=20666: CHR: dev=0/16, ino=1271, nlink=1, u/gid=0/0, size=0 Aug 31 11:19:10 myserver sendmail[30588]: l7UNJAOD030588: SYSERR (apache): queueup: cannot create queue file ./qfl7UNJAOD030588, euid=48, fd=-1, fp=0x0: Permission denied
This problem really had me puzzled because:
1) I could email without a problem as both apache and root with other scripts and manual commands.
2) I was running the script as the root user – apache wasn’t involved, and I could find no reference to apache in the script itself.
3) Permissions on /var/spool/mqueue were correct.
I eventually discovered that the problem was being caused by incorrect permissions on /var/spool/clientmqueue. After changing it from 740 to 770, the problem was resolved, and the permissions now look like this:
drwxrwx--- 2 smmsp smmsp 4096 Sep 9 01:10 clientmqueue
I still don’t know where the apache reference in the errors came from, but at least I found the fix. :-)
Sendmail Technical Lesson
Before this problem occured, I did not know what the purpose of the clientmqueue directory was, so here’s a few notes about what it’s actually doing.
Sendmail stores all the mail in it’s queue in 2 files per email, with names of qf* (header) and df* (content).
By default, there are 2 parts to sendmail. The first is a non-root daemon, which sometime queues emails in /var/spool/meueue, and receives emails from programs on the local system. The second part is the main damon which comes and reads in the emails found at the clientmqueue location, and sends them off, sometimes using /var/spool/mqueue to store unprocessed mail.
Sendmail works this way because it means that sendmail doesn’t need to run as suid root, which is bad from a security perspective.
