DontBlameSendmail
Relax file security checks V8.9 and later
Although sendmail is very
security-conscious, there are times when a site
might wish for a more relaxed security posture. We
don’t recommend any relaxation of security, and in
fact recommend beefing up your security whenever
possible. But for sites that prefer to reduce
sendmail’s security checks,
V8.9 and later offer the DontBlameSendmail option. It is
declared like this:
O DontBlameSendmail=for,for,... ← configuration file (V8.9 and later) -ODontBlameSendmail=for,for,... ← command line (V8.9 and later) define(`confDONT_BLAME_SENDMAIL',``for,for,...'') ← mc configuration (V8.9 and later)
Here, for is one of the
comma-separated items[379] listed in the lefthand column of Table 24-18 that
are not case-sensitive. If the entire DontBlameSendmail is
absent, or if nothing is listed after the equals
sign, overall safety is unchanged. If an item is
specified that is not listed in the table,
sendmail prints the following
error and ignores that option:
readcf: DontBlameSendmail option: bad item here unrecognizedThe DontBlameSendmail option is not safe.
If specified from the command line, it can cause
sendmail to relinquish its
special privileges.
Table 24-18. DontBlameSendmail change items
|
Item |
§ |
Meaning |
|---|---|---|
|
|
DontBlameSendmail=AssumeSafeChown on page 1011 |
Assume chown(2) is safe. |
|
|
DontBlameSendmail=ClassFileInUnsafeDirPath on page 1011 |
Allow F class macro files in unsafe directory paths. |
Get sendmail, 4th Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
