smstart - an utility to run sendmail as non-root

0. What is smstart?"

smstart consists of a patch against the given sendmail source and the smstart program itself.

It was written to run the sendmail daemon as non-root, standalone (not from inetd). The following releases can be downloaded:

Please note! I abandoned this project and use exclusively Postfix instead of sendmail.

1. How does it work?

The idea came from inndstart of the INN package. INN is about the same as sendmail from one point of view: a complex server program, which listens on a privileged port but othervise it doesn't really need to run as root. Therefore a little, easily understandable program inndstart is used to create the apropriate socket, bind to the privileged port. Then inndstart changes the uid and gid of the process to the news user by setuid, setgid and execs the real innd process.

smstarts performs almost the same steps:

Initializes the process by checking the file descriptors, setting the limits on the process.
Starts a loop, in which
- it forks off a child process, which
  1. creates the SMTP socket, binds it to the privileged port
  2. changes the gid, uid of the process to the given mail user
  3. execs sendmail passing the appropriate socket descriptor to the sendmail by the new -w option.
- the parent smstart process waits for the termination of the child sendmail process. If it dies with the status EX_TEMPFAIL, it goes to the beginning of the loop, otherwise it exits.

This approach is needed because sendmail sometimes closes the SMTP socket. Fortunately these cases occur (assumedly) rarely: too high load average on the machine, sendmail cannot listen on the socket for some reasons or there was an unexpected interrupt during accept.

Therefore the sendmail patch contains three types of modifications:

sendmail now accepts the -w option, by which smstart passes the already opened socket descriptor to sendmail - sendmail then will use it instead of trying to open it.
If sendmail closes the SMTP socket because of one of the above reasons and it was called with the -w option, sendmail exits with the exit status EX_TEMPFAIL.
small modifications here and there in order that sendmail could run as non-root with all features enabled.

2. How to install smstart?

2.1 First make sure you can use it at all!

smstart uses the waitpid(2) system call. If your system doesn't support it, then either forget about smstart - or figure out how to substitute waitpid with another proper system call on your system.

2.2 Create a group and user for sendmail

Choose an user and group id for sendmail (as an example, I'll use uid=25, sendmail, gid=25, sendmail in this README). Create the group if it is missing from your system and make sure nobody's in the group. Create the user with the specified uid as well. Define the home directory of the sendmail user as /dev/null and the shell as /bin/ffalse. If your system supports it, then lock the account as well!

2.3 Patch the sendmail source with the patch-file.

gunzip and untar the smstart package in the sendmail source directory. It will create an smstart subdirectory with the source files of smstart and the smstart.patch file. Apply the patch file; it will modify the files Makefile and (in the src directory) Makefile.m4, daemon.c, main.c, queue.c, readcf.c, sendmail.h, srvrsmtp.c.

2.4 Compile the sources

According to site.config.m4 in the smstart directory, modify your site.config.m4 file in BuildTools/Site/. Then you can compile the whole sendmail/smstart package simply by 'make'.

2.5 Install the binaries

First stop your original running sendmail process and backup the old sendmail binary. Then 'make install'.

2.6 Change the ownership/mode some files/directories for the new sendmail

The location of these files vary from system to system.

You must have to make sure the sendmail user can write

the mail spool directory and the files in it (e.g. /var/spool/mqueue)
the files in the mailbox directory (e.g. /var/spool/mail/*), if you don't run procmail (but you should...)
the pid-file of sendmail (e.g. /var/run/sendmail.pid)
the db files (aliases.db or aliases.pag and aliases.dir) and the directory, in which the aliases file can be found.

Therefore you should consider to create an /etc/mail directory for the aliases file of sendmail and make writable by the sendmail user. Do not forget to change the

O AliasFile=/etc/aliases

setting in sendmail.cf.

3. Start the new sendmail as daemon via smstart

In the startup script of your system simply start smstart with the same arguments you used with sendmail, e.g. change

	/usr/sbin/sendmail -bd -q 15m

	/usr/sbin/smstart -bd -q -15m

Please note, that smstart behaves as daemon and doesn't remain in foreground whatever arguments you use! Also, smstart will pass all of its arguments to sendmail!

If you want to twiddle with the listening port options, you can do it by defining the DaemonPortOptions environment variable for smstart. The variable accepts the same syntax as the same option in sendmail.cf. For example in order to make sendmail listen on one interface (i.e to make smstart to open the port for sendmail on that interface only), you can type:

        DaemonPortOptions="Address=xxx.yyy.zzz.www"
        export DaemonPortOptions
        /usr/sbin/smstart -bd -q -15m

That's all!

4. The .forward files of users and prog mailers

Because sendmail now runs as non-root, the program mailer doesn't work as expected from the .forward files of your users (and possibly from your aliases file).

I suggest you to install therefore procmail as local mailer. You and your users really will enjoy its features and you can forget the .forward files & prog mailers problem.

Enjoy it!
József Kadlecsik

History:

24.08.98		1.2-8.9.1 Fixed bug in patch: sending a SIGHUP to sendmail didn't worked properly (Thanks to Greg Mortensen) smstart now accepts the DaemonPortOptions environment variable with the same syntax as sendmail itself. (Suggestion from laurens van alphen)
03.08.98		1.1-8.9.1 Upgrade to sendmail - no changes in smstart
29.05.98		1.1-8.9.0 Upgrade to sendmail - no changes in smstart
16.03.98		1.1-8.8.8 Upgrade to sendmail - no changes in smstart
08.14.97		1.1-8.8.7 smstart inits the group list to contain only the group that sendmail should run as. sendmail is started with empty environment. (Thanks to Steinar Haug )
08.05.97		1.0-8.8.7 Upgrade to sendmail - no changes in smstart
07.10.97		1.0-8.8.6 Fixed bug which prevented the patched sendmail to run in debug mode. smstart logs when it receives a fatal exit status from sendmail sendmail warns when it is started in daemon mode without the wrapper (Thanks to Mitchell Blank Jr )
03.04.97		0.9 The version for sendmail 8.8.5 publicly released