/=(forward slash)
Set a chroot directory V8.10 and later
There are times when, for security reasons, you might wish to restrict delivery to a chroot(8) hierarchy. You might, for example, wish to restrict local spool delivery to a small subset of the total filesystem. One way to manage such a change is to set up that new directory hierarchy so that it looks something like this:
/secure/etc/passwd
/secure/etc/group
/secure/etc/mail/sendmail.cf
/secure/etc/mail/aliases.db
/secure/etc/mail/access.db
/secure/var/spool/mail
/secure/usr/sbin/sendmail
/secure/var/mqueue
/secure/var/clientmqueue
etc.
If this /=
delivery
agent equate is declared for the local
delivery agent as
/=/secure
, all
local delivery will first cause
sendmail to
chroot(8) into the
/secure hierarchy. If that
chroot(8) fails,
sendmail will log the failure
and continue to chroot(8) into
the root directory.
One way to declare the /=
delivery agent equate and change the
location of mail.local at the
same time is like this:
define(`LOCAL_MAILER_PATH', `/bin/mail.local, /=/secure')
Note that other files will have to appear in the /secure hierarchy. A /secure/dev/zero, for example, will be necessary for Solaris-based systems. A Bourne shell will also be necessary (e.g., /secure/bin/sh), as will a local delivery agent, such as /secure/bin/mail.local. Running delivery agents in a chroot(8) environment is not for the fainthearted, and much experimentation will doubtless be required to get it right for your system.
Note that this /=
Get sendmail, 4th Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.