SECURITY - OpenGrok cross reference for /freebsd-src/contrib/sendmail/src/SECURITY

Lines Matching +full:local +full:- +full:bd +full:- +full:address
1 # Copyright (c) 2000-2002 Proofpoint, Inc. and its suppliers.
8 #	$Id: SECURITY,v 1.52 2013-11-22 20:51:54 ca Exp $
20 sendmail without set-user-ID root, which avoids local exploits.
26 ** sendmail configuration without set-user-ID root **
31 - bind to port 25
32 - call the local delivery agent (LDA) as root (or other user) if the LDA
33   isn't set-user-ID root (unless some other method of storing e-mail in
34   local mailboxes is used).
35 - read .forward files
36 - write e-mail submitted via the command line to the queue directory.
38 Only the last item requires a set-user-ID/set-group-ID program to
39 avoid problems with a world-writable directory.  It is however
40 sufficient to have a set-group-ID program and a group-writable
44 the goal to have a sendmail binary that is not set-user-ID root,
52 sendmail must be a set-group-ID (default group: smmsp, recommended
53 gid: 25) program to allow for queueing mail in a group-writable
58 -r-xr-sr-x	root   smmsp	... /PATH/TO/sendmail
59 drwxrwx---	smmsp  smmsp	... /var/spool/clientmqueue
60 drwx------	root   wheel	... /var/spool/mqueue
61 -r--r--r--	root   wheel	... /etc/mail/sendmail.cf
62 -r--r--r--	root   wheel	... /etc/mail/submit.cf
68 the binary is set-group-ID.  The client mail queue is owned by
75 be used as-is, if you want to add more options, use cf/cf/submit.mc
79 The .cf file is chosen based on the operation mode.  For -bm (default),
80 -bs, and -t it is submit.cf (if it exists) for all others it is
81 sendmail.cf.  This selection can be changed by -Ac or -Am (alternative
86 /PATH/TO/sendmail -L sm-mta -bd -q1h
92 good idea), you must specify -Am in addition to -bs.
95 connections or if an address is temporarily not resolvable.  The
105 /PATH/TO/sendmail -L sm-msp-queue -Ac -q30m
117 -------
124 		/PATH/TO/sendmail -L sm-mta -bd -q1h
130 	The MSP is used to submit e-mails, hence it is invoked
135 		/PATH/TO/sendmail -L sm-msp-queue -Ac -q30m
139 -------------------------
157 	CLIENT_OPTIONS(`Family=inet, Address=0.0.0.0, M=S')
160 invoked with -bs as some MUAs do.
164 -------------------------
170 sendmail -bv may give misleading output for normal users since it
176 -----------
178 Instead of having one set-group-ID binary, it is possible to use
180 (set-group-ID), one acting as daemon etc, which is only executable
185 	sh ./Build install-sm-mta
188 sm-mta.
191 Set-User-Id
192 -----------
194 If you really have to install sendmail set-user-ID root, first build
201 	sh ./Build install-set-user-id
203 to install the package in the old (pre-8.12) way.  Make sure that