Here at Indiana University we have a collection of 5 HP K series being
used as mail client only servers for between 10,000 and 15,000 users
per box.
User demand has declared that procmail should be installed on these
machines. Management fear and desire to not mess with the status
quo has declared that procmail will not be installed the local mailer.
Therefore we will have users that are calling procmail from their
.forward files.
In this situation it appears that mail that procmail delivers back
into the spool it is writing out with owner.group user.mail and
rights 600. To me this is reasonable.
These K boxes are running sendmail 8.7.1 owner root, group mail,
setuid, setgid and sticky. /bin/mail is owner root, group mail, setuid
and setgid. /var/mail is 1777
Mail delivered to the spool by /bin/mail is written out owner user,
group mail 660.
When procmail delivers mail 600 later attempts at delivery with
procmail removed from the .forward file fail: /bin/mail doesn't have
permissions (or refuses to uses its permissions).
Since we have fickly and unruly users who will be moving their
.forwards in and out of place this is a problem.
Is the correct solution to force procmail to write 660? If so, how is
this done? I assume in the section of config.h just below the warning
about only messing with a section if you think you know what you are
doing. I don't like feel like I know well enough what I'm doing to
walk into that territory without some guidance.
Or, is the correct solution to change something about the setup I
described above?
Thanks for any help, direction, pointers etc.
--
Chris Dent <cdent(_at_)indiana(_dot_)edu>
http://detritus.ucs.indiana.edu/~cdent/