HP-UX Mailing Services Administrator's Guide
Configuring and Administering Sendmail
Security
Chapter 274
Security
This section discusses administering Sendmail security options. It
discusses the following topics:
• “Using the Sendmail Restricted Shell Program” on page 74
• “Turning Off Standard Security Checks” on page 75
• “Enabling SMTP Authentication Based on RFC 2554” on page 77
• “Support for RFC 1413 (Identification Protocol)” on page 79
Using the Sendmail Restricted Shell Program
Sendmail allows the aliases file or a user’s .forward file to specify
programs to be run. These programs are by default invoked through
/usr/bin/sh -c. The Sendmail restricted shell (smrsh) program enables
you to restrict the programs that can be run through the aliases file or
through a .forward file; only programs that are linked to the
/var/adm/sm.bin directory can be invoked.
To use the smrsh program, complete the following steps:
1. In the /etc/mail/sendmail.cf file, comment the following lines by
inserting a pound sign (#) before each line:
# Mprog, P=/usr/bin/sh, F=lsDFMoeu, S=10/30, R=20/40, D=$z
:/,
# T=X-Unix,
#A=sh-c$u
2. In the /etc/mail/sendmail.cf file, uncomment the following lines
by deleting the pound sign (#) before each line:
Mprog, P=/usr/bin/smrsh, F=lsDFMoeu, S=10/30, R=20/40, D=$
z:/,
T=X-Unix,
A=smrsh -c $u
3. Create the directory /var/adm/sm.bin/ with root:bin ownership and
755 permissions. Place the binaries of the programs that you want to
allow into this directory. Typically, programs such as vacation,