Sentrion Overview Sentrion Platform Sentrion REAC Sentrion Mimecast Hard Appliances Virtual Appliances
Overview Policy Compliance Secure Content Filtering Cloud Partner Enterprise Community
Overview Download Security Support News Documentation Tips & Tricks DKIM FAQ Misc Milters
Overview Directory Synchronization Messaging Architecture Review High Volume Mail HIPAA Policy QUICKStart Implementation Performance Tuning Training Services Overview Message Routing and
Configuration Message Policy
Management Connection Control /
Attack Prevention Directory Configuration
and Management
Overview Sendmail Partners Milter Community Industry Organizations System Integrators & Distributors
Overview Silver Support Gold Support Platinum Support Open Source Support Security Advisories Contact Support
Overview Customers Events Press Room Board & Investors Management Careers Contact Us
Overview Ask the Experts Security Chalk Talks Collateral Product Reviews & Awards IP Reputation Check Real-time Outbreak Monitor
Sendmail Inc.

HOME | CUSTOMER LOGIN
Follow Sendmail on Twitter
The Sendmail Blog
Sentrion Message Processors
Sentrion Application Store
Services
Partners
Support
Company
Resources
Open Source
 

Useful links

Table of Contents
home

Further Reading

secure-install
Sendmail Installation And Operation Guide, ch. 4.7

App Spotlight

Healthcare Policies

Security Notes

A lot of sendmail security comes down to you. Sendmail 8 is much more careful about checking for security problems than previous versions, but there are some things that you still need to watch for. In particular:

  • Make sure the aliases file is not writable except by trusted system personnel. This includes both the text and database version.
  • Make sure that other files that sendmail reads, such as the mailertable, are only writable by trusted system personnel.
  • The queue directory should not be world writable PARTICULARLY if your system allows "file giveaways" (that is, if a non-root user can chown any file they own to any other user).
  • If your system allows file giveaways, do not create a publically writable directory for forward files. This will allow anyone to steal anyone else's e-mail. Instead, create a script that copies the .forward file from users' home directories once a night (if you want the non-NFS-mounted forward directory).
  • If your system allows file giveaways, you'll find that sendmail is much less trusting of :include: files -- in particular, you'll have to have /SENDMAIL/ANY/SHELL/ in /etc/shells before they will be trusted (that is, before files and programs listed in them will be honored).

In general, file giveaways are a mistake -- if you can turn them off, do so.

Back to Table Of Contents cf/README for Sendmail 8.12.11 Eric Allman of the Sendmail Consortium Rev: 1.1.1.1, Updated 2006/10/11 Back to Top


Site Map | Privacy Policy | Terms & Conditions | Copyright © 1998-2013 Sendmail, Inc. All Rights Reserved.