For security it is desirable to control the manner and circumstances under which messages are delivered to files. Beginning with V8.7 sendmail you can enhance the security of writing to files with the SafeFileEnvironment option. It is used like this:

O SafeFileEnvironment=path           configuration file (V8.7 and later) 
-OSafeFileEnvironment=path           command line (V8.7 and later) 
define(`confSAFE_FILE_ENV',path) mc configuration (V8.7 and later) 

The path is of type string and, if present, must be the full pathname of a directory. The default, if either path or the entire option is missing, is NULL, causing this feature to be ignored.

When preparing to save a message to a file, sendmail first obtains the permissions of that file, if the file exists, and saves them (Section 12.2.2). The sendmail program uses lstat(2) to obtain those permissions if it was compiled with HASLSTAT defined (HAS...). Otherwise, it uses stat(2).

If the path for this option is non-NULL and nonempty, sendmail then precedes that chroot(2) with a:


If the chroot(2) fails, sendmail prints the following error and bounces the mail message:

mailfile: Cannot chroot(path)

If the name of the file begins with path, that prefix is stripped after the chroot(2) and before the fopen(3).

For example, consider the need to safely store all mail archive files on the mail hub in a directory called /archives. You would first create this configuration declaration:

O SafeFileEnvironment=/archives ...

Get Sendmail, 3rd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.