>Увеличивал безопасность FreeBSD,
>после чего sendmail начал выдавать сообщение в логе:
>
>sendmail[1050]: gethostbyaddr(195.5.50.166) failed: 1
>sendmail[1050]: gethostbyaddr(195.5.50.165) failed: 1
>sendmail[1050]: h1FDeit01050: forward /home/mailbot/.forward.art+: World writable directory
>sendmail[1050]: h1FDeit01050: forward /home/mailbot/.forward+: World writable directory
>sendmail[1050]: h1FDeit01050: forward /home/mailbot/.forward.art: World writable directory
>sendmail[1050]: h1FDeit01050: forward /home/mailbot/.forward: World writable directory
>помогите разобраться
хрена там разбираться в sendmail/README все описано:
+-----------------------+
| DIRECTORY PERMISSIONS |
+-----------------------+
Sendmail often gets blamed for many problems that are actually the
result of other problems, such as overly permissive modes on directories.
For this reason, sendmail checks the modes on system directories and
files to determine if they can be trusted. For sendmail to run without
complaining, you MUST execute the following command:
chmod go-w / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue
chown root / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue
You will probably have to tweak this for your environment (for example,
some systems put the spool directory into /usr/spool instead of
/var/spool). If you set the RunAsUser option in your sendmail.cf, the
/var/spool/mqueue directory will have to be owned by the RunAsUser user.
As a general rule, after you have compiled sendmail, run the command
sendmail -v -bi
to initialize the alias database. If it gives messages such as
WARNING: writable directory /etc
WARNING: writable directory /var/spool/mqueue
then the directories listed have inappropriate write permissions and
should be secured to avoid various possible security attacks.
Beginning with sendmail 8.9, these checks have become more strict to
prevent users from being able to access files they would normally not
be able to read. In particular, .forward and :include: files in unsafe
directory paths (directory paths which are group or world writable) will
no longer be allowed. This would mean that if user joe's home directory
was writable by group staff, sendmail would not use his .forward file.
This behavior can be altered, at the expense of system security, by
setting the DontBlameSendmail option. For example, to allow .forward
files in group writable directories:
O DontBlameSendmail=forwardfileingroupwritabledirpath
Or to allow them in both group and world writable directories:
O DontBlameSendmail=forwardfileinunsafedirpath
Items from these unsafe .forward and :include: files will be marked
as unsafe addresses -- the items can not be deliveries to files or
programs. This behavior can also be altered via DontBlameSendmail:
O DontBlameSendmail=forwardfileinunsafedirpath,
forwardfileinunsafedirpathsafe
и тд и тп, уж так давно это было и где только не обсасывалось:
для sendmail.mc:
define(`confDONT_BLAME_SENDMAIL',`какиегдекомуправаразрешать')
а уж в сообщении все конкретно написано про права