cf/README for sendmail 8.12.3

Eric Allman of the Sendmail Consortium

Security Notes

A lot of sendmail security comes down to you. Sendmail 8 is much more careful about checking for security problems than previous versions, but there are some things that you still need to watch for. In particular:

  • Make sure the aliases file isn't writable except by trusted system personnel. This includes both the text and database version.
  • Make sure that other files that sendmail reads, such as the mailertable, are only writable by trusted system personnel.
  • The queue directory should not be world writable PARTICULARLY if your system allows "file giveaways" (that is, if a non-root user can chown any file they own to any other user).
  • If your system allows file giveaways, do not create a publically writable directory for forward files. This will allow anyone to steal anyone else's e-mail. Instead, create a script that copies the .forward file from users' home directories once a night (if you want the non-NFS-mounted forward directory).
  • If your system allows file giveaways, you'll find that sendmail is much less trusting of :include: files -- in particular, you'll have to have /SENDMAIL/ANY/SHELL/ in /etc/shells before they will be trusted (that is, before files and programs listed in them will be honored).

In general, file giveaways are a mistake -- if you can turn them off, do so.