|
Chapter 22 Security |
|
|
|
Chapter 22 Security |
|
The sendmail program is only as secure as the system on which it is running. Correcting permissions and the like is useful only if such corrections are systemwide and apply to all critical system files and programs.
Time spent tightening security at your site is best spent before a break-in occurs. Never believe that your site is too small or of too little consequence. Start out by being wary, and you will be more prepared when the inevitable attack happens.
Get and set up identd (8) at your site. When queried about who established a network connection, it returns the login identity of the individual user. Become a good network citizen.
Multimedia mail, such as MIME, is more difficult, but not impossible, to forge.
Newer versions of
perl
(1) object to PATH environmental variables that begin with a dot (such as
.:/bin:/usr/bin
). V8 clears the PATH variable before executing programs in a user's
~/.forward
file. Some shells put it back with the dot first. Under such versions of the Bourne shell, execute
perl
(1) scripts like this:
|"PATH=/bin:/usr/bin /home/usr/bin/script.pl"
There is no check in the
T
command that the names listed are names of real users. That is, if you mistakenly enter
Tuupc
when you really meant
Tuucp
, pre-V8
sendmail
remained silent and UUCP mail mysteriously failed. V8.7 and above
sendmail
logs warning messages.
Many fine books and papers are available that can help you to improve the security at your site. A few are listed in the bibliography at the end of this book.
|
|
|
|
| 22.8 Security Features |
|
23. The Queue |