Name
/= (forward slash)
Synopsis
There are times when, for security reasons, you might wish to restrict delivery to a chroot(8) hierarchy. You might, for example, wish to restrict local spool delivery to a small subset of the total filesystem. One way to manage such a change is to set up that new directory hierarchy so that it looks something like this:
/secure/etc/passwd
/secure/etc/group
/secure/etc/mail/sendmail.cf
/secure/etc/mail/aliases.db
/secure/etc/mail/access.db
/secure/var/spool/mail
/secure/usr/sbin/sendmail
/secure/var/mqueue
/secure/var/clientmqueue
etc.If this /= delivery agent equate is declared for
the local delivery agent as
/=/secure, all local delivery will first cause
sendmail to chroot(8) into
the /secure hierarchy. If that
chroot(8) fails, sendmail
will log the failure and continue to chroot(8)
into the root directory.
One way to declare the /= delivery agent equate
and change the location of mail.local at the
same time is like this:
define(`LOCAL_MAILER_PATH', `/bin/mail.local, /=/secure')
Note that other files will have to appear in the /secure hierarchy. A /secure/dev/zero, for example, will be necessary for Solaris-based systems. A Bourne shell will also be necessary (e.g., /secure/bin/sh), as will a local delivery agent, such as /secure/bin/mail.local. Running delivery agents in a chroot(8) environment is not for the fainthearted, and much experimentation will doubtless be required to get it right for your system.
Note that this /= delivery agent equate ...
Get Sendmail, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
