In article <sxkmzu3n0z3.fsf@crichardson.nexthop.com>,
	cwr@nexthop.com (Christopher W. Richardson) writes:
> Frederick Bruckman <fredb@immanent.net> writes:
>> 
>> > cwr@achilles$sendmail -Ac -bp
>> > /var/spool/clientmqueue is empty
>> >                 Total requests: 0
>> > 
>> > which is baffling to me, given
>> > 
>> > cwr@achilles$ls /var/spool/clientmqueue/
>> > Qfj1D8F04B016585    Qfj1H18xMR023287    dfj1E8F1GH009587 sm-client.pid
>> 
>> Do you have an "/etc/mail/submit.cf"? "etcupdate" should have
>> installed that for you.  Did you run "etcupdate" after upgrading?
> 
> Yep, I ran etcupdate, and do have a submit.cf.  Rebuilt submit.cf
> with a DS rule so that mail could leave the machine and added
> smmsp=YES to rc.conf (some of the mail in clientmqueue was sent
> by me before I figured those out);

It sounds as if you're running the setgid "smmsp" submission
daemon as if it were the network daemon. If you only want to
run the one "sendmail", set sendmail_suidroot=YES, then make
it so, but *not* running the network listener suid root
avoids a whole class of security issues.

"submit.cf" should have "DS" with a null argument, so that it
connects to the local sendmail daemon (which is why you needed
the "sendmail: localhost." in "hosts.allow"). It goes without
saying that you also have "sendmail=YES" in "/etc/rc.conf"? You
don't even really need "smmsp=YES", since the submission daemon
will connect immediately to the sendmail on the localhost; the
client daemon just sweeps the client queue periodically, in
case the network daemon was down at submission time.

Also, please verify that all the files in "clientmqueue" are
chmod 770 group "smmsp", and that you have a group "smmsp".

Regardless of how or whether the submission daemon is set up,
it should be possible to start a queue runner on any queue
directory whatsoever (as root). Something like
"sendmail -q -OQueueDirectory=/var/spool/clientmqueue".


Frederick