HPlogo Installing and Administering Internet Services: HP 9000 Networking > Chapter 4 Installing and Administering sendmail

Security
» 

Technical documentation

Complete book in PDF

 » Table of Contents

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

sendmail on HP-UX 10.30 and later allows the aliases file or a user's .forward file to specify programs to be run. These programs are by default invoked through /usr/bin/sh -c. The sendmail restricted shell (smrsh) program allows you to restrict the programs that can be run through the aliases file or through a .forward file; only programs that are linked to the /var/adm/sm.bin directory can be invoked.

To use the smrsh program:

  1. In the /etc/mail/sendmail.cf file, comment out the following lines (by inserting a pound sign [#] before each line):

    #Mprog, P=/usr/bin/sh, F=lsDFMoeu, S=10/30, R=20/40, D=$z:/,
    #       T=X-Unix,
    #       A=sh -c $u

  2. In the /etc/mail/sendmail.cf file, uncomment the following lines (by deleting the pound sign [#] before each line):

    Mprog, P=/usr/bin/smrsh, F=lsDFMoeu, S=10/30, R=20/40, D=$z:/,
           T=X-Unix,
           A=smrsh -c $u

  3. Create the directory /var/adm/sm.bin/ with root:bin ownership and 755 permissions. Place the binaries of the programs that you want to allow into this directory. Typically, programs such as vacation, rmail, and AutoReply are placed in this directory. (You can also specify hard links to the binaries.) You should not place shells such as ksh, sh, csh, and perl in this directory because they have too many security issues.

Turning Off Standard Security Checks

Sendmail has security checks that limit reading and writing to certain files in a directory. These checks protect files that may reside in unsafe directories or that may be tampered with by users other than the owner. You can turn these safety checks off by editing the " DontBlameSendmail" option in the configuration file.

In the sendmail.cf file, change the DontBlameSendmail=option_value, where option_value is any of the options listed in the table below. The default option value is "safe." Once you change the value option, that value (the new value you just specified) becomes the default value.

Table 4-3 option_values for DontBlameSendmail

Option Value

Description

safe

Allows the files only in safe directory. All files accessed by sendmail must be safe.
AssumeSafeChownAssumes that the chown system call is restricted to root.
ClassFileInUnsafeDirPathAllows class files that are in unsafe directories.
ErrorHeaderInUnsafeDirPathAllows the file named in the ErrorHeader option to be in an unsafe directory.

GroupWrtableDirPathSafe

Consider group-writable directories to be safe. Sendmail will read messages from group writable directories.
GroupWritableIncludeFileSafe

Accepts group-writable :include files

GroupWritableAliasFile

Allows group-writable alias files.
ForwardFileInGroupWritableDirPathAllows .forward files in group writable directories.
IncludeFileInGroupWritableDirPathAllows :include: files in group-writable directories.
ForwardFileInUnsafeDirPath

Allows a .forward file that is in an unsafe directory to include references to program and files.

IncludeFileInUnsafedirPathSafe

Allows an :include: file that is in an unsafe directory to include references to program and files.

MapInUnsafeDirPath

Allows maps (e.g., hash, btree, and dbm files) in unsafe directories.
LinkedAliasFileInWritableDirAllows an alias file that is a link in a writable directory.

LinkedClassFileInWritableDir

Allows class files that are links in writable directories.
LinkedForwardFileInWritableDirAllows .forward files that are links in writable directories.
LinkedIncludeFileInWritableDirAllows :include: files that are links
LinkedMapInWritableDirAllows map files that are links in writable directories.
LinkedServiceSwitchFileInWritableDirAllows the service switch file to be a link even if the directory is writable.

FileDeliveryToHardLink

Allows delivery to files that are hard links.

FileDeliveryToSymLink

Allows delivery to files that are symbolic links.

WriteMapToHardLink

Allows writes to maps that are hard links.

WriteMapToSymLink

Allows writes to maps that are symbolic links.

WriteStatsToHardLink

Allows the status file to be a hard link.

WritesStatsToSymLink

Allows the status file to be a symbolic link.

RunProgramInUnsafeDirPath

Allows sendmail to run programs that are in writable directories.

RunWritableProgram

Allows sendmail to run programs that are group- or world-writable.

 

Disabling Privacy Options

You can now disable the ETRN and VERB privacy options by using the noetrn and noverb flags:

  • PrivacyOptions=noetrn

    The noetrn flag will disable the SMTP ETRN command, enabling sendmail to process its queue in a synchronous mode.

  • PrivacyOptions=noverb

    The noverb flag will disable the SMTP VERB command, turning off verbose mode.



Migrating the sendmail Configuration File
  		 


Configuring sendmail to Reject Unsolicited Mail  
© 2000 Hewlett-Packard Development Company, L.P.