SECURITY - OpenGrok cross reference for /freebsd/contrib/sendmail/src/SECURITY

Lines Matching +full:- +full:cf
1 # Copyright (c) 2000-2002 Proofpoint, Inc. and its suppliers.
8 #	$Id: SECURITY,v 1.52 2013-11-22 20:51:54 ca Exp $
20 sendmail without set-user-ID root, which avoids local exploits.
26 ** sendmail configuration without set-user-ID root **
31 - bind to port 25
32 - call the local delivery agent (LDA) as root (or other user) if the LDA
33   isn't set-user-ID root (unless some other method of storing e-mail in
35 - read .forward files
36 - write e-mail submitted via the command line to the queue directory.
38 Only the last item requires a set-user-ID/set-group-ID program to
39 avoid problems with a world-writable directory.  It is however
40 sufficient to have a set-group-ID program and a group-writable
44 the goal to have a sendmail binary that is not set-user-ID root,
52 sendmail must be a set-group-ID (default group: smmsp, recommended
53 gid: 25) program to allow for queueing mail in a group-writable
54 directory.  Two .cf files are required:  sendmail.cf for the daemon
55 and submit.cf for the submission program.  The following permissions
58 -r-xr-sr-x	root   smmsp	... /PATH/TO/sendmail
59 drwxrwx---	smmsp  smmsp	... /var/spool/clientmqueue
60 drwx------	root   wheel	... /var/spool/mqueue
61 -r--r--r--	root   wheel	... /etc/mail/sendmail.cf
62 -r--r--r--	root   wheel	... /etc/mail/submit.cf
68 the binary is set-group-ID.  The client mail queue is owned by
72 permissions.  In submit.cf the option UseMSP must be set, and
73 QueueFileMode must be set to 0660.  submit.cf is available in
74 cf/cf/, which has been built from cf/cf/submit.mc.  The file can
75 be used as-is, if you want to add more options, use cf/cf/submit.mc
76 as starting point and read cf/README:  MESSAGE SUBMISSION PROGRAM
79 The .cf file is chosen based on the operation mode.  For -bm (default),
80 -bs, and -t it is submit.cf (if it exists) for all others it is
81 sendmail.cf.  This selection can be changed by -Ac or -Am (alternative
82 .cf file: client or mta).
86 /PATH/TO/sendmail -L sm-mta -bd -q1h
92 good idea), you must specify -Am in addition to -bs.
101 which, however, may have undesired side effects.  See cf/README for
105 /PATH/TO/sendmail -L sm-msp-queue -Ac -q30m
117 -------
121 sendmail.cf	For the MTA (mail transmission agent)
124 		/PATH/TO/sendmail -L sm-mta -bd -q1h
129 submit.cf	For the MSP (mail submission program)
130 	The MSP is used to submit e-mails, hence it is invoked
135 		/PATH/TO/sendmail -L sm-msp-queue -Ac -q30m
139 -------------------------
160 invoked with -bs as some MUAs do.
164 -------------------------
170 sendmail -bv may give misleading output for normal users since it
176 -----------
178 Instead of having one set-group-ID binary, it is possible to use
180 (set-group-ID), one acting as daemon etc, which is only executable
185 	sh ./Build install-sm-mta
188 sm-mta.
191 Set-User-Id
192 -----------
194 If you really have to install sendmail set-user-ID root, first build
201 	sh ./Build install-set-user-id
203 to install the package in the old (pre-8.12) way.  Make sure that
204 no submit.cf file is installed.  See devtools/README about