DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH PRINT BOOK
 
sendmail administration

Turning off security checks

sendmail is very particular about the modes of files that it reads or writes. For example, by default it will refuse to read most files that are group writable on the grounds that they might have been tampered with by someone other than the owner; it will even refuse to read files in group writable directories.

If you are certain that your configuration is safe and you want sendmail to avoid these security checks, you can turn off certain checks using the DontBlameSendmail option. This option takes one or more names that disable checks. In the descriptions that follow, unsafe directory means a directory that is writable by anyone other than the owner. The values are:


Safe
No special handling.

AssumeSafeChown
Assume that the chown(S) system call is restricted to root. Since some versions of Unix permit regular users to give away their files to other users on some filesystems, sendmail often cannot assume that a given file was created by the owner, particularly when it is in a writable directory. You can set this flag if you know that file giveaway is restricted on your system.

ClassFileInUnsafeDirPath
When reading class files (using the F line in the configuration file), allow files that are in unsafe directories.

DontWarnForwardFileInUnsafeDirPath
Prevent logging of unsafe directory path warnings for non-existent forward files.

ErrorHeaderInUnsafeDirPath
Allow the file named in the ErrorHeader option to be in an unsafe directory.

GroupWritableDirPathSafe
Change the definition of unsafe directory to consider group-writable directories to be safe. World-writable directories are always unsafe.

GroupWritableForwardFileSafe
Accept group-writable .forward files.

GroupWritableIncludeFileSafe
Accept group-writable :include: files.

GroupWritableAliasFile
Allow group-writable alias files.

HelpFileInUnsafeDirPath
Allow the file named in the HelpFile option to be in an unsafe directory.

WorldWritableAliasFile
Accept world-writable alias files.

ForwardFileInGroupWritableDirPath
Allow .forward files in group writable directories.

IncludeFileInGroupWritableDirPath
Allow :include: files in group writable directories.

ForwardFileInUnsafeDirPath
Allow .forward files in unsafe directories.

IncludeFileInUnsafeDirPath
Allow :include: files in unsafe directories.

ForwardFileInUnsafeDirPathSafe
Allow a .forward file that is in an unsafe directory to include references to program and files.

IncludeFileInUnsafeDirPathSafe
Allow an :include: file that is in an unsafe directory to include references to program and files.

InsufficientEntropy
Try to use STARTTLS even if the PRNG for OpenSSL is not properly seeded despite the security problems.

MapInUnsafeDirPath
Allow maps (such as hash, btree, and dbm files) in unsafe directories.

LinkedAliasFileInWritableDir
Allow an alias file that is a link in a writable directory.

LinkedClassFileInWritableDir
Allow class files that are links in writable directories.

LinkedForwardFileInWritableDir
Allow .forward files that are links in writable directories.

LinkedIncludeFileInWritableDir
Allow :include: files that are links in writable directories.

LinkedMapInWritableDir
Allow map files that are links in writable directories.

LinkedServiceSwitchFileInWritableDir
Allow the service switch file to be a link even if the directory is writable.

FileDeliveryToHardLink
Allow delivery to files that are hard links.

FileDeliveryToSymLink
Allow delivery to files that are symbolic links.

RunProgramInUnsafeDirPath
Go ahead and run programs that are in writable directories.

RunWritableProgram
Go ahead and run programs that are group- or world-writable.

WriteMapToHardLink
Allow writes to maps that are hard links.

WriteMapToSymLink
Allow writes to maps that are symbolic links.

WriteStatsToHardLink
Allow the status file to be a hard link.

WriteStatsToSymLink
Allow the status file to be a symbolic link.

TrustStickyBit
Allow group or world writable directories if the sticky bit is set on the directory. Do not set this on systems which do not honor the sticky bit on directories.

NonRootSafeAddr
Do not mark file and program deliveries as unsafe if sendmail is not running with root privileges.

Next topic: Setting connection caching parameters
Previous topic: suid root options

© 2003 Caldera International, Inc. All rights reserved.
SCO OpenServer Release 5.0.7 -- 11 February 2003