Although sendmail is very security-conscious, there are times when a site might wish a more relaxed security posture. We don’t recommend any relaxation of security, and in fact recommend beefing up your security whenever possible. But for sites that prefer to reduce sendmail’s security checks, V8.9 and later offer the DontBlameSendmail option. It is declared like this:

O DontBlameSendmail=for,for,...                   configuration file (V8.9 and later) 
-ODontBlameSendmail=for,for,...                   command line (V8.9 and later) 
define(`confDONT_BLAME_SENDMAIL',``for,for,...'') mc configuration (V8.9 and later)

Here, for is one of the comma-separated items[23] listed in the lefthand column of Table 24-18 that are not case-sensitive. If the entire DontBlameSendmail is absent, or if nothing is listed after the equal sign, overall safety is unchanged. If an item is specified that is not listed in the table, sendmail prints the following error and ignores that option:

readcf: DontBlameSendmail option: bad item here unrecognized

The DontBlameSendmail option is not safe. If specified from the command line, it can cause sendmail to relinquish its special privileges.

Table 24-18. DontBlameSendmail change items





See this section

Assume chown(2) is safe.


See this section

Allow F class macro files in unsafe directory paths.


See this section

Omit warnings about forward files in unsafe directories. ...

Get Sendmail, 3rd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.