Chapter 10. Maintain Security with sendmail

When the administrator is not careful, the misuse or misconfiguration of sendmail can lead to an insecure and possibly compromised system. Since pre-V8.12 sendmail is often installed to run as a set-user-id root process, it is a prime target for intrusion.^[1] The "Internet worm," for example, used a flaw in old versions of sendmail as one way to gain entry to thousands of machines.^[2] If sendmail is not properly installed, improper file permissions can be used to trick the system into giving away root privilege.

^[1] The default beginning with V8.12 is to install sendmail as a non-set-user-id program that operates as root only if it is run by root.

^[2] That flaw has been eliminated—wrongly by some vendors who turned all debugging completely off, correctly by most who simply disabled SMTP debugging.

In this chapter we present several ways to protect your site from intrusion via sendmail. Most of these are just good common sense, and the experienced system administrator might be offended that we state the obvious. But not all system administrators are experienced, and not all who administer systems are system administrators. If you fall into the latter category, you might wish to keep a good, general Unix reference by your side to better appreciate our suggestions.