Q & A

554_qq_permanent_problem_(#5.3.0)
root@um:/var/log# tail -f /var/log/qmail/qmail-smtpd/current
@4000000053e0c6b81bd07db4 CHKUSER accepted rcpt: from  remote  rcpt  : found existing recipient
@4000000053e0c6b81e896fac YOU HAVEN'T DISABLED SET-ID SCRIPTS IN THE KERNEL YET!
@4000000053e0c6b81e89777c FIX YOUR KERNEL, PUT A C WRAPPER AROUND THIS SCRIPT, OR USE -u AND UNDUMP!
@4000000053e0c6b8352cf01c tcpserver: end 36154 status 0
  1. YOU HAVEN’T DISABLED SET-ID SCRIPTS IN THE KERNEL YET: some perl distributions have decided that running suid perl scripts is BAD, and they specifically don’t support it. For these systems, you have no option but to either:
    1. install setuid perl components – e.g. for Redhat there is a separate perl-suidperl RPM you have to install
    2. install perl from source – compiling in setuid support, or
    3. install a compiled setuid „wrapper” – which then calls qmail-scanner-queue.pl. In the contrib directory there is an example C program, taken straight out of the perlsec manual. Check the Makefile and „make ; make install” as root. You must then remove the setuid setting on qmail-scanner-queue.pl: 
      chmod 0755 /var/qmail/bin/qmail-scanner-queue.pl

      as the binary does that bit instead, and stop running perl as suidperl (i.e. „#!/usr/bin/perl” instead of „#!/usr/bin/suidperl„).