michael@fts1.UUCP (Michael Richardson) (11/17/89)
I am trying to put together a guest account that is chroot'ed to its own area, (and may also run a restricted shell, if a shell at all...). I'd like to make mail to and from the environment possible, and I thought I'd do it without daemons on the outside ... (or at least, no new daemons on the outside) Mail in isn't too hard, I build the /usr/guest account on the same partition as /usr/mail, and linked /usr/mail/guest and /usr/guest/usr/mail/guest (and chmod it so that mail (actually mush) wouldn't zap the file. Since fts1 runs a host based tcp and already has a sendmail in deamon mode hanging around, I thought fouling the chroot'ed sendmail into believing that all addresses (even unadorned ones) are remote addresses that need to be sent to the mailhost. (I admit that I took an indepth look at the the sendmail.subsidiary.cf configuration on a Sun) [fts1 is a 25MHZ AMI 386 with Interactive 2.0.2, a SVR3.2] It took a bit of figuring and mostly elimination to get /etc and /dev set up so that tcp could get out (I can rlogin and telnet to mailhost from inside the chroot), but sendmail doesn't seem to want to connect properly to the external host. Instead it bounces a message `back' (this stays in the queue too with the first message until I run the normal sendmail on the chroot'ed queue) that tells me this: ----- Transcript of session follows ----- michael... reply: read error 451 michael... reply: read error 554 smtpquit TCP: stat 69 ----- Unsent message follows ----- Return-Path: <restrict.fts1!guest> Received: by restrict.restrict.fts1.UUCP (5.51/SMI-4.0) id AA09657; Mon, 13 Nov 89 14:53:29 EST Message-Id: <8911131953.AA09657@restrict.restrict.fts1.UUCP> ... (Ignore the restrict.restrict --- I just realised why that happened, but I doubt that is it... --- no it isn't.) Dwrestrict Dmfts1.UUCP # my official hostname Dj$w.$m # major relay mailer DMether FE/etc/hosts.smtp %s # major relay host DRmailhost CRmailhost ... # Cc my postmaster on error replies I generate OPPostmaster # queue directory OQ/usr/spool/mqueue # read timeout for SMTP protocols Or15m # queue up everything before starting transmission, for safety Os I added this line to the end of S0: # add local part to names that don't have any host part: R$- $@$>3$1@$R user Which seemed to give me what I wanted, things like `michael' resovlved to michael@mailhost (i.e. <ether,mailhost,michael>) However, sendmail won't deliver things, but rather tells me about `deferred error: 101' Does something need to be done the external sendmail to get this to work? (adding my hostname to its /etc/hosts.smtp? But I'm me...) Or is this approach simply unworkable (or unworkable until I manage to recompile the sendmail from the bsd sources under system V)? I could just do a `/usr/lib/sendmail -q -oQ/usr/guest/usr/spool/mqueue' every now and then from cron, but I'm not sure about how to get the internal sendmail to queue but NEVER attempt delivery. Thanks. -- :!mcr!: Michael C. Richardson HOME: mcr@julie.UUCP SCHOOL: mcr@doe.carleton.ca WORK: ..uunet!mitel!sce!nrcaer!fts1!michael I never liked staying in one place too long, but this is getting silly...