/= (forward slash)
There are times when, for security reasons, you might wish to restrict delivery to a chroot(8) hierarchy. You might, for example, wish to restrict local spool delivery to a small subset of the total filesystem. One way to manage such a change is to set up that new directory hierarchy so that it looks something like this:
/secure/etc/passwd /secure/etc/group /secure/etc/mail/sendmail.cf /secure/etc/mail/aliases.db /secure/etc/mail/access.db /secure/var/spool/mail /secure/usr/sbin/sendmail /secure/var/mqueue /secure/var/clientmqueue etc.
/= delivery agent equate is declared for
local delivery agent as
/=/secure, all local delivery will first cause
sendmail to chroot(8) into
the /secure hierarchy. If that
chroot(8) fails, sendmail
will log the failure and continue to chroot(8)
into the root directory.
One way to declare the
/= delivery agent equate
and change the location of mail.local at the
same time is like this:
define(`LOCAL_MAILER_PATH', `/bin/mail.local, /=/secure')
Note that other files will have to appear in the /secure hierarchy. A /secure/dev/zero, for example, will be necessary for Solaris-based systems. A Bourne shell will also be necessary (e.g., /secure/bin/sh), as will a local delivery agent, such as /secure/bin/mail.local. Running delivery agents in a chroot(8) environment is not for the fainthearted, and much experimentation will doubtless be required to get it right for your system.
Note that this
/= delivery agent equate ...