O'Reilly logo

Sendmail, 3rd Edition by Bryan Costales

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Name

/= (forward slash)

Synopsis

There are times when, for security reasons, you might wish to restrict delivery to a chroot(8) hierarchy. You might, for example, wish to restrict local spool delivery to a small subset of the total filesystem. One way to manage such a change is to set up that new directory hierarchy so that it looks something like this:

/secure/etc/passwd
/secure/etc/group
/secure/etc/mail/sendmail.cf
/secure/etc/mail/aliases.db
/secure/etc/mail/access.db
/secure/var/spool/mail
/secure/usr/sbin/sendmail
/secure/var/mqueue
/secure/var/clientmqueue
etc.

If this /= delivery agent equate is declared for the local delivery agent as /=/secure, all local delivery will first cause sendmail to chroot(8) into the /secure hierarchy. If that chroot(8) fails, sendmail will log the failure and continue to chroot(8) into the root directory.

One way to declare the /= delivery agent equate and change the location of mail.local at the same time is like this:

define(`LOCAL_MAILER_PATH', `/bin/mail.local, /=/secure')

Note that other files will have to appear in the /secure hierarchy. A /secure/dev/zero, for example, will be necessary for Solaris-based systems. A Bourne shell will also be necessary (e.g., /secure/bin/sh), as will a local delivery agent, such as /secure/bin/mail.local. Running delivery agents in a chroot(8) environment is not for the fainthearted, and much experimentation will doubtless be required to get it right for your system.

Note that this /= delivery agent equate ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required