# New sendmail errors about /var/spool/clientmqueue

## volumen1

I recently started getting the following errors in my logs.

```

NOQUEUE: SYSERR(username): can not chdir(/var/spool/clientmqueue/): Permission denied
```

Where username is a valid user on my system.  I recently got a little more information when one of these errors appeared for a user who I know only uses squirrelmail.  

I can't seem to force the error to happen, though.  I just logged onto squirrelmail and sent a message and no error appeared.  I'm not even sure if the users are seeing the errors.

Anyone got an idea of what this might be?

----------

## adaptr

The permissions for clientmqueue should be

```
drwxrwx--- mail.mail
```

Check those out.

Oh - and [url=http://www.google.com/search?q=can+not+chdir(%2Fvar%2Fspool%2Fclientmqueue%2F)%3A+Permission+denied]Google[/url]; that's where I got this from.

----------

## Telamon

Try doing an 

```
ls -ald /var/spool/clientmqueue
```

 to see if the permissions on the dir are right.  It should come back with something like this:

```
drwxrwx---    2 smmsp    smmsp         104 Mar  4 15:10 clientmqueue
```

Also, you may want to check the permissions of /etc/mail/submit.cf to make sure it's world readable.

----------

## volumen1

adaptr, google was wrong, my friend.  The permissions should be 

```

drwxrwxr--    2 smmsp    smmsp         136 Mar  4 12:00 /var/spool/clientmqueue/

```

Mine are currently set that way.  My /etc/mail/submit.cf is also world readable.  I can't figure out what is causing this to happen.

----------

## adaptr

Actually, it was my bad.

All the hits I looked at had smmsp.smmsp as owner, but since I figured that was for a sendmail install on another distro - and Gentoo just creates a mail user to handle all mail processing - I assumed that's what they meant.

Bad boy, bad !

----------

## volumen1

Hmm... I can now consistently get this error if I try to have a php script send mail.  For some reason sendmail (or something else?) is trying to write to /var/spool/clientmqueue with the uid of the user, instead of ssmp or mail.

I chmod'd /var/spool/clientmqueue to 777 and this fixes it, but I obviously want to fix this.

I've been meaning to migrate to postfix, so if all else fails then I can go that route.

----------

## adaptr

Postfix, yeah - I've used that for about a year, and was quite satisfied.

Still, the config can get quite complicated - after making numerous changes I couldn't make heads nor tails of it anymore.

It's also quite secure - much more secure than sendmail.

But then I dumped RH and installed Debian - and with it came Exim.

I decided what the hell, why not, and configured it.

It's been running for nigh on two years now, with hardly a squeak.

It's very very secure, very simple (didn't need to make more than 5 or 6 edits in the config file), and more than enough for a simple domain like mine - with about a dozen addresses max.

Unless you absolutely need sendmails' insane configuration possibilities, or run 50K+ users on multiple domains - I'd say go with Postfix or Exim, they're much easier to admin.

And even then Postfix is a good choice - they've alledgedly benchmarked it on a single machine with up to a million emails a day, and its config is very extendable - you can define your own transports, backends and authentication if you want.

----------

## volumen1

Nods to that.  I recently migrated a server that was relaying mail for roughly 12k users from sendmail to postfix.  The load under postfix was 1/3 of what it was under sendmail.  Additionally, I really dig how well postfix manages the queue (especially deferred messages).  Under sendmail, thousands of queue files would get orphaned and clog up /var/mail/queue for months and months.  We had to manually clean them out.  Postfix, on the same box, is neatly handling a queue of 44k messages.  Whew.

I hear what you're saying about the config, though.  There a certainly not a lack of configurable options in there.  But, I've found that many of those options are really helpfull in blocking SPAM.

Example:

```
smtpd_recipient_restrictions =

            permit_mynetworks,

            permit_sasl_authenticated,

            reject_unauth_destination,

            check_helo_access regexp:/etc/postfix/helo_access

            reject_rbl_client sbl-xbl.spamhaus.org,

            reject_invalid_hostname,

            reject_non_fqdn_hostname,

            reject_unknown_hostname,

            reject_non_fqdn_sender,

            reject_unknown_sender_domain,

            reject_non_fqdn_recipient,

            reject_unknown_recipient_domain,

            reject_unauth_pipelining,

            reject_unknown_client

```

----------

## zeek

 *volumen1 wrote:*   

> I recently started getting the following errors in my logs.
> 
> ```
> 
> NOQUEUE: SYSERR(username): can not chdir(/var/spool/clientmqueue/): Permission denied
> ...

 

This is a program on the commandline trying to send mail, ie:

```
# mail yoyo@example.com
```

As a side effect of making sendmail more secure, user accounts on the machine were no longer able to put messages directly in the mailqueue (due to the sendmail binary not being setuid).  The sendmail binary must be setgid smmsp for this scheme to work, ie:

sock root # ls -ld /usr/sbin/sendmail

-r-xr-sr-x    1 root     smmsp      644392 Sep 18 18:58 /usr/sbin/sendmail

----------

## volumen1

Ahh... that makes perfect sense.  I thought I had read some things in the -dev mailing-list about yanking a bunch of setgid and setuid programs.  I should have thought of that.  Anyway, that was my problem.  Thanks much.

----------

## hdias

Solution:

```
$ ls -ld /usr/sbin/sendmail

-r-xr-xr-x    1 root     smmsp      672976 Feb 23 20:03 /usr/sbin/sendmail

$ chmod 2755 ls -ld /usr/sbin/sendmail

$ ls -ld /usr/sbin/sendmail

-rwxr-sr-x    1 root     smmsp      633248 Apr  4 20:31 /usr/sbin/sendmail
```

Now, every thing work...

----------

