This minimizes your risk from
the beginning and allows you to cautiously ease restrictions at a comfortable rate.
Beginning with loose restrictions can force you to tighten restrictions in a panic when
it is least convenient to do so.
* Actually, goaway also includes needexpnhelo and needvrfyhelo, but these are superseded by noexpn and
novrfy, respectively.
This is the Title of the Book, eMatter Edition
Copyright ?© 2007 O??™Reilly & Associates, Inc. All rights reserved.
4.8 Security Features | 179
4.8.2.8 The SafeFileEnvironment option
Beginning withV8.7 sendmail, th eSafeFileEnvironment option (?§24.9.103 on page
1084) determines how delivery will be made to files. Ordinarily, sendmail will deliver
to anything, provided that it has permission to do so (?§12.2.2 on page 466). It can, for
example, deliver by appending to ordinary files or by writing to a device suchas /dev/
log.
If the SafeFileEnvironment option is declared, sendmail will deliver only to ordinary
files. This improves security by preventing anyone from scribbling over sensitive
things, such as directories and devices. (Beginning with V8.8 sendmail, it is still OK
to write to /dev/null even though this option is set.)
The SafeFileEnvironment option can also be used to define a directory under which
all files that will be appended to must exist. This might inconvenience some users
but will generally improve the security of your site.
Pages:
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346