-
The
sendmail
program is only as secure as the system on which
it is running. Correcting permissions and the like is useful only
if such corrections are systemwide and apply to all critical system
files and programs.
-
Time spent tightening security at your site is best spent before
a break-in occurs. Never believe that your site is too small or
of too little consequence. Start out by being wary, and you
will be more prepared when the inevitable attack happens.
-
Get and set up
identd
(8) at your site.
When queried about who established a network connection, it returns
the login identity of the individual user.
Become a good network citizen.
-
Multimedia mail, such as MIME, is more difficult, but
not impossible, to forge.
-
Newer versions of
perl
(1) object to PATH environmental variables
that begin with a dot (such as
.:/bin:/usr/bin
). V8 clears
the PATH variable before executing programs in a user's
~/.forward
file. Some shells put it back with the dot first. Under such versions
of the Bourne shell, execute
perl
(1) scripts like this:
|"PATH=/bin:/usr/bin /home/usr/bin/script.pl"
-
There is no check in the
T
command that the names listed are names
of real users. That is, if you mistakenly enter
Tuupc
when you really meant
Tuucp
, pre-V8
sendmail
remained silent
and UUCP mail mysteriously failed. V8.7 and above
sendmail
logs warning messages.
-
Many fine books and papers are available that can help
you to improve the security at your site. A few are listed in
the bibliography at the end of this book.