/etc/mail/access was overwritten abnormally...

[Lolo]

Hi,

I have some RedHat Enterprise Linux servers (RHEL 5.1~5.7) running
Sendmail to handle mails. I suffered an abnormal event in the last
week. I created one file "/etc/mail/access.sh" in order to apply new
access rules easily and the content is as below:

# more access.sh
==================================================
#/bin/sh
cd /etc/mail
makemap hash /etc/mail/access < /etc/mail/access
makemap hash /etc/mail/virtusertable < /etc/mail/virtusertable
makemap hash /etc/mail/mailertable < /etc/mail/mailertable
newaliases
==================================================

# ls -l access*
==================================================
-rw-r--r-- 1 root root 292 May 5 14:05 access
-rw-r--r-- 1 root root 292 May 5 13:40 access.bak.20120505
-rw-r--r-- 1 root root 12288 May 5 14:05 access.db
-rwxr-xr-x 1 root root 196 May 5 14:05 access.sh
==================================================

In last week, I accessed the file "access.sh" but not changed the
content. That's, I just use vi to open "access.sh" and then write/quit
(:wq). Then I run "/etc/init.d/sendmail restart", "/etc/mail/access"
was overwritten by "/etc/mail/access.sh" and the control function was
gone. The script "/etc/init.d/sendmail" is the RedHat default sendmail
initial script. I have never modified it. Is anyone know the reason
why the abnormal event occurred?

I recorded a video for the issue. You can download the file at
http://dl.dropbox.com/u/12401106/tmp/MYPC_Movie002.mp4

Thank you in advnance.

[J.O. Aho]

Lolo wrote:
> Hi,
>
> I have some RedHat Enterprise Linux servers (RHEL 5.1~5.7) running
> Sendmail to handle mails. I suffered an abnormal event in the last
> week. I created one file "/etc/mail/access.sh" in order to apply new
> access rules easily and the content is as below:
>
> # more access.sh
> ==================================================
> #/bin/sh
> cd /etc/mail
> makemap hash /etc/mail/access< /etc/mail/access
> makemap hash /etc/mail/virtusertable< /etc/mail/virtusertable
> makemap hash /etc/mail/mailertable< /etc/mail/mailertable
> newaliases
> ==================================================

RedHat at leased used to have a Makefile which updated all files when you
typed make in the /etc/mail directory and I'm quite sure they still use it.

--- this is from RH7.3 ---
# These could be used by sendmail, but are not part of the default install.
# To use them you will have to generate your own sendmail.cf with
# FEATURE('whatever')
#
POSSIBLE += $(shell test -f bitdomain && echo bitdomain.db)
POSSIBLE += $(shell test -f uudomain && echo uudomain.db)
POSSIBLE += $(shell test -f genericstable && echo genericstable.db)
POSSIBLE += $(shell test -f userdb && echo userdb.db)
CFFILES = sendmail.cf submit.cf


all: ${CFFILES} ${POSSIBLE} virtusertable.db access.db domaintable.db
mailertable.db

userdb.db : userdb
@makemap btree $@ < $<

%.db : %
@makemap hash $@ < $<

%.cf : %.mc
@if test -f /usr/share/sendmail-cf/m4/cf.m4; then \
mv -f $@ $@.bak; \
m4 $< > $@; \
fi;

clean:
rm -f *.db *~
--- eof ---

> # ls -l access*
> ==================================================
> -rw-r--r-- 1 root root 292 May 5 14:05 access
> -rw-r--r-- 1 root root 292 May 5 13:40 access.bak.20120505
> -rw-r--r-- 1 root root 12288 May 5 14:05 access.db
> -rwxr-xr-x 1 root root 196 May 5 14:05 access.sh
> ==================================================
>
> In last week, I accessed the file "access.sh" but not changed the
> content. That's, I just use vi to open "access.sh" and then write/quit
> (:wq). Then I run "/etc/init.d/sendmail restart", "/etc/mail/access"
> was overwritten by "/etc/mail/access.sh" and the control function was
> gone. The script "/etc/init.d/sendmail" is the RedHat default sendmail
> initial script. I have never modified it. Is anyone know the reason
> why the abnormal event occurred?

No, but take a look at the sendmail init script that comes with RedHat and see
if it make some bad assumptions.



--

//Aho