For security it is desirable to control the manner and circumstances
under which messages are delivered to files. Beginning with V8.7
sendmail you can enhance the security of writing
to files with the
SafeFileEnvironment option. It
is used like this:
O SafeFileEnvironment=path ← configuration file (V8.7 and later) -OSafeFileEnvironment=path ← command line (V8.7 and later) define(`confSAFE_FILE_ENV',path)← mc configuration (V8.7 and later)
path is of type
string and, if present, must be the full
pathname of a directory. The default, if either
path or the entire option is missing, is
NULL, causing this feature to be ignored.
When preparing to save a message to a file, sendmail first obtains the permissions of that file, if the file exists, and saves them (Section 12.2.2). The sendmail program uses lstat(2) to obtain those permissions if it was compiled with HASLSTAT defined (HAS...). Otherwise, it uses stat(2).
path for this option is non-NULL
and nonempty, sendmail then precedes that
chroot(2) with a:
If the chroot(2) fails, sendmail prints the following error and bounces the mail message:
mailfile: Cannot chroot(path)
If the name of the file begins with
that prefix is stripped after the chroot(2) and
before the fopen(3).
For example, consider the need to safely store all mail archive files on the mail hub in a directory called /archives. You would first create this configuration declaration:
O SafeFileEnvironment=/archives ...