We now turn our attention from security problems to security features. Many security features are discussed in the various README files supplied with the sendmail source distribution. Others are discussed in brief in a security tutorial by Greg Shapiro (http://www.sendmail.org/~gshapiro/).
In this section we discuss the most common security features:
T configuration command (class
t) defines which users are allowed to use the
-f command-line switch to override the sender
address with one of their own, and which users are allowed to rebuild
the aliases database.
The smrsh program replaces
/bin/sh as the program run by the
prog delivery agent to execute programs. The
smrsh program is simple yet immensely valuable.
We recommend that it be routinely installed on all your machines. The
smrsh program is described in detail in Section 5.8.
Several options can be used to tighten security and to provide reports of security violations.
The /etc/shells file prevents ordinary users from running programs on your mail server.
sendmail, trusted users are those who are
allowed to use the
-f command-line switch
(-f) to override the sender address with
one of their own. V8.1 sendmail eliminated this
configuration command. V8.7 restored it, but as a class, and uses
that class only to suppress warning headers. V8.11 and above allow
only users in that class to rebuild the aliases
Trusted users are necessary for certain kinds of mail to flow properly. ...