Manualshelf

HP-UX Mailing Services Administrator's Guide (B2355-91064)

ManualsBrandsHP ManualsSoftwareHP-UX 11i v3 ONC and NFS Software
71727374757677787980
Security
By default, Sendmail is a set-user-ID program. You can set it to a set-group-ID program
by creating a new user smmsp and by using the submit.cf configuration file. If
sendmail is called for initial delivery, you must use the submit.cf file with a fallback
of sendmail.cf as configuration file.
A Mail Submission Program (MSP) is another instance of Sendmail that is used for
initial mail submission. MSP uses the /etc/mail/submit.cf file as the configuration
file. Sendmail acts as an MSA or MTA depending on the operational mode.
The default configuration starting with Sendmail 8.13.3 uses one sendmail binary that
acts differently based on the operation mode and supplied options.
For security reasons, Sendmail must be a set-group-ID program to allow for queuing
mail in a group-writable directory. When Sendmail runs as a set-group-ID program,
the default group is smmsp and the group ID is 25.
The sendmail.cf configuration file is required for Sendmail to run as a server, and
submit.cf configuration file is required to run Sendmail as a mail submission program.
You must use the following permissions for the Sendmail configuration and default
queue files:
-r-xr-sr-x root smmsp ... /PATH/TO/sendmail
This entry denotes that the owner of Sendmail is root, the group is smmsp, and
the binary is set-group-ID.
drwxrwx--- smmsp smmsp ... /var/spool/clientmqueue
This denotes that the client mail queue is owned by smmsp with group smmsp and
is group writable. The client mail queue directory must be writable by smmsp. In
the submit.cf file, you also must set the UseMSP option, and you must set the
QueueFileMode option to 0660.
drwx------ root wheel ... /var/spool/mqueue
-r--r--r-- root wheel ... /etc/mail/sendmail.cf
-r--r--r-- root wheel ... /etc/mail/submit.cf
This section discusses administering Sendmail security options. It discusses the following
topics:
“Using the Sendmail Restricted Shell Program” (page 73)
“Turning Off Standard Security Checks” (page 73)
“Enabling SMTP Authentication Based on RFC 2554” (page 75)
“Support for RFC 1413 (Identification Protocol)” (page 77)
“Support for Secured Mail Transaction Using STARTTLS” (page 78)
“Cyrus SASL v2 Support” (page 80)
72 Configuring and Administering Sendmail