15.2 The Real Queue Directory

In the current client.cf file, the queue directory is defined as /tmp . Because of its nature, the /tmp directory is always world-readable, -writable, and -searchable. Any file that is placed in /tmp can possibly be accessed, copied, or removed by any user. The use of /tmp clearly violates the need for confidentiality.

Another drawback to using /tmp is that /etc/rc files, which are executed when the system boots, often remove everything from /tmp . You certainly would not want queued mail messages removed just because the machine rebooted.

Instead of /tmp , you should use the existing mail queue directory to store queued messages. If you haven't already done so, find that location by looking for the QueueDirectory ( Q ) option in your existing sendmail.cf file:

% 

egrep "^OQ|QueueDirectory" /etc/sendmail.cf

 OQ/usr/spool/mqueue

Here, we look for lines in the /etc/sendmail.cf file that begin with the letters OQ (an old-style declaration) or that use the new option name QueueDirectory . Remember that your sendmail.cf file may not be in /etc . Replace the location used above with one that is suitable for your situation.

Edit the client.cf file and replace /tmp with what you found. At the same time, remove the comment that was left there reminding you to do just that:

O QueueDirectory=/tmp  # BEWARE: use /var/spool/mqueue upon release  
 change this
 O QueueDirectory=/var/spool/mqueue                                   
 to this

This change causes sendmail to use the correct queue directory, but it has an unfortunate side effect. Recall that sendmail runs as the root unless an unsafe command-line switch causes it to give up that privilege. The -C switch that you've been using all along to run sendmail is just such an unsafe switch. Consequently, if you were to now run sendmail as:

% 

./sendmail -Cclient.cf 



you

the -C would cause sendmail to run as an ordinary user. For confidentiality the queue directory is usually protected by making it accessible only to root . Ordinary users, such as we've been assuming you are, lack permission to access the queue directory. Running the above command now will likely result in a error similar to the following:

queuename: Cannot create "qfIAA12390" in "/var/spool/mqueue" (euid=4010):  Permission denied

You need to install the client.cf file in place of the system sendmail.cf file so that you can successfully run sendmail . With the client.cf file installed, you no longer need to use the -C switch to tell sendmail where to find its configuration file. Unfortunately, before you can make that change, you need to first make sure other machines know about it.