O'Reilly logo

Sendmail, 3rd Edition by Bryan Costales

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 10. Maintain Security with sendmail

When the administrator is not careful, the misuse or misconfiguration of sendmail can lead to an insecure and possibly compromised system. Since pre-V8.12 sendmail is often installed to run as a set-user-id root process, it is a prime target for intrusion.[1] The “Internet worm,” for example, used a flaw in old versions of sendmail as one way to gain entry to thousands of machines.[2] If sendmail is not properly installed, improper file permissions can be used to trick the system into giving away root privilege.

In this chapter we present several ways to protect your site from intrusion via sendmail. Most of these are just good common sense, and the experienced system administrator might be offended that we state the obvious. But not all system administrators are experienced, and not all who administer systems are system administrators. If you fall into the latter category, you might wish to keep a good, general Unix reference by your side to better appreciate our suggestions.

[1] The default beginning with V8.12 is to install sendmail as a non-set-user-id program that operates as root only if it is run by root.

[2] That flaw has been eliminated—wrongly by some vendors who turned all debugging completely off, correctly by most who simply disabled SMTP debugging.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required