Security Options

The sendmail program offers several options that can help you to improve the security at your site. Some we have discussed already. We touch on a few more in this section, and provide a recommended setting where appropriate. For a full description of each, see the sections referenced.

The DefaultUser option

The DefaultUser option (DefaultUser on page 1000) can be used to ensure that the default identity (when it is not running as root) is a safe one. CERT recommends that you create a pseudouser whose uid and gid are used nowhere on your system, and then define the DefaultUser option to be that pseudouser. As an additional precaution, make sure that pseudouser lacks a valid shell and has no valid home directory:

mailnull:*:32765:32765:Sendmail Default User:/no/such/directory:/bin/false

At the same time, set up a group entry for this user’s group:

mailnull:*:32765:

This is necessary if you want to refer to this group symbolically at some later time. This is also recommended to avoid the risk of someone else reusing that group ID for another purpose in the future.

Avoid using the name nobody, because root is mapped to nobody over NFS. If root were to create a file over NFS that it thought was safe because root owned it and because it was readable only by root, that root user would be surprised to find that file owned by nobody. Consequently, we recommend that in an NFS environment, you set the default user to one less than nobody.[78] For example, if nobody has the uid 65534, ...

Get sendmail, 4th Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.