SLUG Mailing List Archives
RE: [SLUG] Getting Sendmail to work in 7.1
- Subject: RE: [SLUG] Getting Sendmail to work in 7.1
- From: tom burkart <tom@xxxxxxxxxxxxxxxxx>
- Date: Mon Aug 13 11:01:01 2001
- Cc: Linux Sydney <slug@xxxxxxxxxxx>
Today, David wrote:
> > > just added
> > > FEATURE('relay_entire_domain')
> > Just watch out, some of these features do compromise security.
> they do? any further information? how?
There is a "dontblamesendmail" feature or define or whatever that can
really compromise security. It's use is when you have nfs mounted
partitions on the mail server and similar scenarios. I don't use these as
there are other ways of doing the same thing (such as multiple servers
with virtusertables, etc).
A few others are likely to make your mail server become an open relay such
as FEATURE(`accept_unresolvable_domains') which is actually useful for
laptops who don't have 24x7 DNS and want to send mail...
The other really useful one that enhances security by not allowing certain
commands is define(`confPrivacy_Flags', `goaway'). This disallows any
command that could potentially be used to find out user information (such
as vrfy, etc).
What you really should do is go through your mc file and read up on all
the defines, FEATURES, etc that are in there to make sure you really want
them there. I have found that a lot of distributions leave the door wide
open in this regard.
AUSSEC Phone: 61 4 1768 2202
339 Blaxland Rd., Ryde NSW 2112