Manualshelf

HP-UX Mailing Services Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX 11i v1 Networking Software
71727374757677787980
Configuring and Administering Sendmail
Security
Chapter 2 75
rmail, and AutoReply are placed in this directory. (You can also
specify hard links to the binaries.) Do not place shells such as ksh,
sh, csh, and perl in this directory because they have too many
security issues.
Turning Off Standard Security Checks
Sendmail has security checks that limit reading and writing to certain
files in a directory. These checks protect files that may reside in unsafe
directories or that may be tampered with by users other than the owner.
You can turn these safety checks off by editing the DontBlameSendmail
option in the configuration file.
In the sendmail.cf file, change DontBlameSendmail=
option value
,
where
option value
is any of the options listed in Table 2-2. The default
option value is
safe
. After you change
option value
, the new value
becomes the default value.
Table 2-2 Option Values for DontBlameSendmail
Option Value Description
safe Allows the files only in a safe directory. All
files accessed by Sendmail must be safe.
AssumeSafeChown Assumes that the chown system call is
restricted to root.
ClassFileInUnsafeDirPath Allows class files that are in unsafe
directories.
ErrorHeaderInUnsafeDirPath Allows the file named in the ErrorHeader
option to be in an unsafe directory.
ForwardFileInGroupWritableDirPath Allows .forward files in group-writable
directories.
GroupWrtableDirPathSafe Considers group-writable directories to be
safe. Sendmail will read messages from
group-writable directories.
GroupWritableIncludeFileSafe Accepts group-writable :include files
GroupWritableAliasFile Allows group-writable alias files.