[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] RaQ4 md5sum for Sendmail & Odd Behavior
- Subject: [cobalt-security] RaQ4 md5sum for Sendmail & Odd Behavior
- From: Barbara <thebizworkers@xxxxxxxxx>
- Date: Mon, 2 Jun 2003 15:52:10 -0700 (PDT)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi Ian,
Thanks Ian and John for the md5sum values, that helped
out a lot..! Now that I know there's no little
critters running through my system, I'm still plexed
as to what's causing this sendmail problem.. Has
anyone with a fully patched RaQ4 had problems sending
mail from a form/script to the sendmail binary, though
sendmail works perfectly in every other regard..? The
system had the OS reloaded last week and doesn't have
any domains on it currently and it's fully patched
with no other software installed -except- Webalizer
from Pkgmaster and Qpopper 4.0.5 from Solarspeed and
Tripwire from tripwire.org (oh and logsentry and
portsentry and a firewall) -everything else is stock..
The firewall has port 25 open, portsentry isn't
blocking it either.. Mail can be sent to the server,
out from the server, checked off the server, with no
problem.. The only thing sendmail won't do is accept
mail from a form/script and handle it from there.. I
just keep getting script errors regarding sendmail
"pipe"..
root 27464 0.0 0.2 2600 1356 ? S Jun01
0:00 sendmail: accepting connections
When you try and execute a form-to-email script (I've
tried about a dozen of them) - nothing shows up in any
log except the Apache access log - which is just a
standard snip showing the script was accessed:
<snip>[02/Jun/2003:04:26:22 -0400] "POST
/cgi-bin/FormMail.pl HTTP/1.1" 200 497<snip>
There's no errors or complaints from Apache, other
scripts will execute without issue -but nothing gets
logged when you try and execute a form-to-email script
except the above.. There's nothing in the error log,
maillog, or messages log -just that one line in the
access log..
Ian tossed out the idea that he had a similar problem
with sendmail once where it was only listening on
localhost and given the above crazniess, maybe he's
onto something.. The fact that the BNB script will
work when used with the SMTP_SERVER="localhost" and
not with the other SEND_MAIL directive makes me
wonder, but I'm not sure where/what can I check..? :)
[root /]# netstat -nap | grep "sendmail"
(Not all processes could be identified, non-owned
process info
will not be shown, you would have to be root to see
it all.)
tcp 0 0 0.0.0.0:25 0.0.0.0:*
LISTEN 27464/sendmail: acc
unix 0 [ ] DGRAM
32186 27464/sendmail: acc
My other RaQ4 has Michael's (Solarspeed) sendmail
patch and works without any issue.. The RaQ4 with
Michaels' sendmail patch shows the same as above when
checking..
What's odd is that I've tried several form-to-email
scripts and they all fail except one, which offers the
option of calling the script using:
$SMTP_SERVER="localhost";
Which -works-
--OR-- You can all the script using:
$SEND_MAIL="/usr/sbin/sendmail -t";
Which doesn't work..
If I try and call the NMS FormMail.pl script from a
basic form - I get the following error in the browser
(when the script is set to debug):
-----------------------
Application Error
An error has occurred in the program
close sendmail pipe failed,
mailprog=[/usr/sbin/sendmail -oi -t] at (eval 6) line
108.
-----------------------
The FAQ section of the NMS site, it states:
http://nms-cgi.sourceforge.net/faq_prob.html
> I call the FormMail program and get Broken Pipe
errors?
> That error often indicates that $mail_prog is not
correctly set for your system.
If I use an older version of the NMS script it gives
me the FAQ right above this one (close mailprog:
$?=256,$!= at) which the FAQ says is the same issue..
The script is pointing to the location shown for
sendmail:
[root cgi-bin]# whereis sendmail
sendmail: /usr/sbin/sendmail
/usr/man/man8/sendmail.8.gz
Inside the NMS script,
$mailprog = '/usr/sbin/sendmail -oi -t'; -
Doesn't Work
Permissions are set correctly on the script:
-rwxr-xr-x 1 admin home 74336 Jun 2 03:54
FormMail.pl
But it's still no go.. It just returns the same error
(close sendmail pipe failed,
mailprog=[/usr/sbin/sendmail -oi -t] at (eval 6) line
108.) every time I try and call the script from a
form.. Nothing else gets logged..
The only script I've been able to get to work is the
Big Nose Bird form-to-email script -it offers the
following setup:
#SMTP_SERVER: indicates the name of the host acting as
the e-mail
# gateway. "localhost" should work on most
systems.
#
#$SMTP_SERVER="localhost";
#
#OR IF SMTP IS UNAVAILABLE TO YOU, USE SEND_MAIL-BUT
NOT BOTH!
#
#$SEND_MAIL="/usr/sbin/sendmail -t";
If I call it with this one, it works:
--Big Nose Bird--
$SMTP_SERVER="localhost"; - WORKS
But if I comment out the above and try and use the
/usr/sbin/sendmail directive below it again fails just
like the NMS script..
--Big Nose Bird--
$SEND_MAIL="/usr/sbin/sendmail -t"; - Doesn't Work
--NMS FormMail--
$mailprog = '/usr/sbin/sendmail -oi -t'; -
Doesn't Work
I'm at my wits end trying to think of where to look
and/or what in the world it could be that's causing
this.. There's not been one line of code tweak on this
newly reloaded server since it was brought online with
a fresh restore and fully patched.. I'm wondering if I
tried to uninstall the latest Cobalt sendmail patch
(RaQ4-All-Security-2.0.1-16429.pkg) -then reinstalled
it if that would take care of the problem.. That makes
me cringe though, esp given the issues and problems
with various sendmail config files and db's that were
reported by some users.. But it's strange that
sendmail works in every regard except with a
form-to-email script that calls sendmail via
"/usr/sbin/sendmail" - Has anyone ever seen anything
like this before..?
Barbara
__________________________________
Do you Yahoo!?
Yahoo! Calendar - Free online calendar with sync to Outlook(TM).
http://calendar.yahoo.com