Sentrion Overview Sentrion Platform Sentrion C3E Suite Hard Appliances Virtual Appliances
Overview Policy Compliance Secure Content Filtering Outbound Delivery Partner Enterprise Community
Overview Download Security Support News Documentation Tips & Tricks DKIM FAQ
Overview Directory Synchronization Messaging Architecture Review High Volume Mail HIPAA Policy QUICKStart Implementation Performance Tuning Training Services Overview Message Routing and
Configuration Message Policy
Management Connection Control /
Attack Prevention Directory Configuration
and Management
Overview Sendmail Partners Milter Community Industry Organizations System Integrators & Distributors
Overview Silver Support Gold Support Platinum Support Open Source Support Security Advisories Contact Support
Overview Customers Events Press Room Board & Investors Management Careers Contact Us
Overview Ask the Experts Security Chalk Talks Collateral Product Reviews & Awards IP Reputation Check Real-time Outbreak Monitor
Sendmail Inc.

HOME | CUSTOMER LOGIN
Sentrion Message Processors
Sentrion Application Store
Services
Partners
Support
Company
Resources
Open Source

Useful links

Table of Contents
home

Further Reading

secure-install
Sendmail Installation And Operation Guide, ch. 4.7

Security Notes

A lot of sendmail security comes down to you. Sendmail 8 is much more careful about checking for security problems than previous versions, but there are some things that you still need to watch for. In particular:

  • Make sure the aliases file is not writable except by trusted system personnel. This includes both the text and database version.
  • Make sure that other files that sendmail reads, such as the mailertable, are only writable by trusted system personnel.
  • The queue directory should not be world writable PARTICULARLY if your system allows "file giveaways" (that is, if a non-root user can chown any file they own to any other user).
  • If your system allows file giveaways, do not create a publically writable directory for forward files. This will allow anyone to steal anyone else's e-mail. Instead, create a script that copies the .forward file from users' home directories once a night (if you want the non-NFS-mounted forward directory).
  • If your system allows file giveaways, you'll find that sendmail is much less trusting of :include: files -- in particular, you'll have to have /SENDMAIL/ANY/SHELL/ in /etc/shells before they will be trusted (that is, before files and programs listed in them will be honored).

In general, file giveaways are a mistake -- if you can turn them off, do so.

Back to Table Of Contents cf/README for Sendmail 8.12.11 Eric Allman of the Sendmail Consortium Rev: 1.1.1.1, Updated 2006/10/11 Back to Top


Site Map | Privacy Policy | Terms & Conditions | Copyright © 1998-2012 Sendmail, Inc. All Rights Reserved.