sendmail Cookbook by Craig Hunt

Security is essential. Security is so important that it is touched upon many times in this book. In fact, several earlier chapters are really about security, such as Chapter 7 and Chapter 8. But even the chapters on relaying and spam control are really chapters about security because theft of service is just as big of a security problem for sendmail as system and data integrity.

A sendmail server requires all of the security precautions used on any networked system, and then some. By its very nature, a sendmail server must accept connections and data from unknown remote hosts, while many other network servers offer their services to a limited set of clients. The system running sendmail must be secured against attack, and the sendmail service must be secured against exploitation. General system security is beyond the scope of this book. For that, use a good security reference, such as Practical UNIX and Internet Security, by Simson Garfinkel and Gene Spafford (O’Reilly), or Computer Security Basics, by Debbie Russell and G.T. Gangemi (O’Reilly). This book focuses on only those things that are specific to sendmail security.

sendmail’s file and directory permissions are one area of general system security that is specific to sendmail. All of the directories used for sendmail’s administrative files should only be writable by the TrustedUser (usually root), and all of the parents of those directories back to the root should only be writable ...