Recipe 10.5 Disabling Delivery to Programs

Problem

By default, sendmail allows mail to be addressed to programs. Special configuration is required if you wish to disable this feature.

Solution

Check the flags set for the mailers used in the sendmail.cf configuration file. Here is an example of using grep and awk to display the mailer flags:

 #  grep '^M' sendmail.cf  awk '{ print   }'  Mlocal,F=lsDFMAw5:/@qSPfhn9, Mprog,F=lsDFMoqeu9, Msmtp,F=mDFMuX, Mesmtp,F=mDFMuXa, Msmtp8,F=mDFMuX8, Mdsmtp,F=mDFMuXa%, Mrelay,F=mDFMuXa8, Mcyrus,F=lsDFMnPqAh5@/:, Mcyrusbb,F=lsDFMnPu,

Add a MODIFY_MAILER_FLAGS macro to the sendmail configuration to remove the flag for each mailer that has that flag set. Given the listing of flags shown above, this system has the flag set for both the local mailer and the cyrus mailer. To remove the flag from these two mailers, add the following lines to the sendmail configuration:

 dnl Remove the  flag with the cyrus mailer MODIFY_MAILER_FLAGS(`CYRUS', `-') dnl Remove the  flag from the local mailer MODIFY_MAILER_FLAGS(`LOCAL', `-')

As described in Recipe 1.8, rebuild and reinstall sendmail.cf , and then restart sendmail.

Discussion

In certain circumstances, sendmail will deliver mail to a program when the email address begins with a vertical bar. sendmail only delivers to a program when the mailer used for that delivery has a in the flags defined by the mailer's F parameter. Disable delivery to programs by removing the flag from all sendmail.cf mailer definitions.

Flags can be added to or removed from a mailer definition using the MODIFY_MAILER_FLAGS macro. To add a flag to a mailer specify the flag with a plus sign ( + ). To remove a flag use a minus sign ( - ) with the flag. The MODIFY_MAILER_FLAGS macros used in Recipe 10.5.2 remove the flag from the local and the cyrus mailers because the flag on the macro command line is preceded by a minus sign. To replace the flags of a mailer, list the new flags without plus or minus signs. For example:

 dnl Define new flags for the local mailer MODIFY_MAILER_FLAGS(`LOCAL', `lsDFMAw5:/@qSPfhn9')

Note that this MODIFY_MAILER_FLAGS line has the same impact as the second one used in Recipe 10.5.2 because the new set of flags contains all of the flags from the default configuration except the flag. - was used in Recipe 10.5.2 because it shows more clearly exactly what is being modified, and it is less prone to a typographical error than is the full list of flags.

Most commonly, mail is sent to programs from the aliases database or the user 's .forward file. If your intention is to prevent users from forwarding mail to programs, eliminating the flag from sendmail mailers may not be enough. sendmail is often not the most powerful tool at a user's disposal. If users can login to the system providing mail service, they have the full power of a shell at their disposal. If the system uses procmail as the local mailer, as Linux does, users have full access to the power of procmail simply by creating a .procmailrc file. (Recipe 10.8 shows how to override the local_procmail feature on a Linux system.) Before you eliminate a sendmail feature or reset a mailer flag that may make sendmail less flexible and less powerful, evaluate the true security impact of the change.

Recipe 10.5 Disabling Delivery to Programs

Problem

Solution

Discussion

See Also