9.86 on page 1065). For improved
security, we recommend this setting for the PrivacyOptions option:
O PrivacyOptions=novrfy,noexpn
V8.10 and above sendmail allow VRFY and EXPN services to be selectively accepted
or rejected on the basis of rules in the check_vrfy (?§19.9.3 on page 707) and check_
expn (?§19.9.3 on page 707) rule sets. If, for example, you wishto allow VRFY from
internal hosts, but wish to deny it for all outside hosts, you can do so by omitting a
definition of the PrivacyOptions option as explained earlier, and by designing appropriate
rules for the check_vrfy rule set.
4.4 The Configuration File
A number of security problems can be created by commands given carelessly in the
configuration file. Suchproblems can be serious because sendmail starts to run as
root, provided that it has not been given an unsafe command-line switch (such as -C;
see ?§6.7.17 on page 238) or an unsafe option (?§24.2.4 on page 951). It can continue
as root until it delivers mail, whereupon it generally changes its identity to that of an
ordinary user. When sendmail reads its configuration file, it can do so while it is still
root. Consequently, as we will illustrate, when sendmail is improperly configured, it
might be able to read and overwrite any file.
4.4.1 The F Command??”File Form
The file form of the F configuration command (?§22.
Pages:
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312