sendmail Security Options - 4.8.2.3 The TrustedUser option (V8.10 and above)
(Page 2 of 6 )
The TrustedUser option (§24.9.122 on page 1112) defines the user that can administer sendmail. If set, this user will own database map files (such as aliases), and will also own the control socket (§24.9.25 on page 990). Even though only root can start sendmail, this user can stop and restart the sendmail daemon.
By setting this option, you can employ a user other than root to administer sendmail. But if you have been administering sendmail as root, you cannot simply set this option and be done. Instead, you need to shut down sendmail, make a few changes and then restart.
The first change is needed to ensure that this trusted user can edit the source files for database files created by sendmail (the aliases database).
The second change is needed to remove the control socket (if you use one) so that sendmail can create it with the proper ownerships.
With these simple changes in place, you can add the following line to your mc configuration file, and build and install a new configuration file from it:
define(`confTRUSTED_USER´,`user´)
Here, user is a user login name, or a user ID number.
When you restart sendmail with this new trusted user in place, you can thereafter routinely employ that user to administer sendmail.
4.8.2.4 The ForwardPath option
The ForwardPath option (§24.9.52 on page 1034) lists a series of directories that sendmail will search for user ~/.forward files. At most sites, there are users who are savvy and able to correctly administer their own ~/.forward files, but there are others who are untrained or careless. You can allow experienced users to use the ~/.forward facility, while denying this ability to the others with the ForwardPath option:
O ForwardPath=/usr/local/etc/forwards/$u.forward:$z/.forward
Here, sendmail will first search the /usr/local/etc/forwards directory to find a file that begins with the user’s login name (the$u, §21.9.96 on page 848) followed by a .forward. If you set up such a file for the untrained user—say, bob:
-rw-r--r-- 1 root system 0 Dec 13 2002 /usr/local/etc/forwards/bob.forward
and if that file is empty, bob’s mail will always be delivered locally, regardless of what bob puts in his ~/.forward file. For experienced users, you can omit their files from the /usr/local/etc/forwards directory, thus enabling them to use their own ~/.forward files.
4.8.2.5 The LogLevel option
The sendmail program normally logs a great deal of useful information via syslog (§14.3.1 on page 514). There will be times, however, when the normal amount of information is insufficient. Consider, for example, that some outsider is using your site to forge mail. Because this is done over an SMTP connection, it would be handy to have both sides of all SMTP conversations logged. You can do this with the LogLevel option (§24.9.61 on page 1040):
O LogLevel=12 ←V8.8 and above configuration file
define(`confLOG_LEVEL´, 12) ←V8.8 and above mc configuration
Beginning with V8.8 sendmail, a level of 12 causes both sides of every SMTP conversation to be logged. That logging looks very similar to the logging produced by verbose mode (§1.7.6 on page 24).
Note that after changing the log level in your configuration file, you will need to restart the daemon. With V8.7 and above sendmail you restart the daemon like this:
# kill -HUP `head -1 /etc/sendmail.pid`
Be aware that a log level of 12 produces a huge amount of output. Be prepared to prune your logfiles more often than usual while running at this higher logging level.
