10.12 Pitfalls

  • The sendmail program is only as secure as the system on which it is running. Correcting permissions and the like is useful only if such corrections are systemwide and apply to all critical system files and programs.

  • Time spent tightening security at your site is best spent before a break-in occurs. Never suppose that your site is too small or of too little consequence to be attacked. Start out by being wary, and you will be more prepared when the inevitable happens.

  • Newer versions of perl(1) object to PATH environment variables that begin with a dot (such as .:/bin:/usr/bin). V8 clears the PATH variable before executing programs in a user's ~/.forward file. Some shells put it back with the dot first. Under such versions of the Bourne shell, execute perl(1) scripts like this:

    |"PATH=/bin:/usr/bin /home/usr/bin/script.pl"
  • There is no check in the T command to determine that the names listed are the names of real users. That is, if you mistakenly enter Tuupc when you really meant Tuucp, pre-V8 sendmail remained silent and UUCP mail mysteriously failed. V8.7 and above sendmail log warning messages.



    Part I: Build and Install
    Part II: Administration
    Part III: The Configuration File