Recipe 10.8 Bypassing User .forward Files

Problem

You want to control which users are allowed to define their own .forward files.

Solution

Create a directory that will list all users who are allowed to use their own .forward files:

 #  cd /etc/mail  #  mkdir forward  #  chmod 751 forward

Grant users the right to use their own .forward files by adding symbolic links to the /etc/mail/forward directory that point to the users' .forward files. For example, assume that the sendmail administrator trusts craig , alana , and david to build safe .forward files. The administrator can "activate" their files with the following commands:

 #  cd /etc/mail/forward  #  ln -s /home/craig/.forward craig  #  ln -s /home/alana/.forward alana  #  ln -s /home/david/.forward david

Add a confFORWARD_PATH define to the sendmail configuration that points to the directory created above. Here is an example:

 dnl Use a special ForwardPath define(`confFORWARD_PATH', `/etc/mail/forward/$u')

Build the new configuration file, copy it to /etc/mail/sendmail.cf , and restart sendmail, as described in Recipe 1.8.

Discussion

Security is improved when users are given only those privileges that they can use effectively. Many users have no interest in using the .forward file. A few lack the skill to create a safe and effective file. Only a subset of users want, need, and know how to use the .forward file. This recipe takes the approach of blocking access to every user's .forward file and then, on an exception basis, granting access to the .forward file to individual users who can effectively use it.

The first step is to build a directory that is only writable by root , and to populate that directory with links to the .forward files of users who are allowed to use .forward files. In the example, the directory is named /etc/mail/forward . Each symbolic link is given the username of a user allowed to use a .forward file.

The sendmail configuration is modified so that sendmail looks for the .forward file in the /etc/mail/forward directory. In this recipe, the path defined for the ForwardPath option is /etc/mail/forward/$u , where $u returns the local recipient's username. Therefore, if $u returns craig , sendmail looks for a file named /etc/mail/forward/craig . If it finds a file with that name , sendmail uses that file as the .forward file.

Any user can create a .forward file, but the file they create is ignored unless the system administrator adds a symbolic link for the user to the /etc/mail/forward directory. Recipe 10.7.2 shows the administrator adding symbolic links for craig , alana , and david . In this example, only those three users are allowed to use a .forward file.

Overriding the local_procmail feature

Most of the examples in this book were created on a Red Hat Linux system. Linux systems use procmail as the local mailer. When procmail is the local mailer, a user can forward to any address they wish without creating a .forward file. All they need to do is create a .procmailrc file to forward the mail. There is no point in implementing this recipe on a system that uses procmail as the local mailer.

If you're positive that you want to use this recipe on a Linux system, you need to make additional configuration changes. Linux uses procmail as the local mailer because the local_procmail feature is specified in the linux.m4 file loaded by the OSTYPE macro. Override the configuration changes made by the FEATURE(local_procmail) command by adding the following three lines to your sendmail configuration after the OSTYPE macro and before the MAILER(local) line:

 undefine(`LOCAL_MAILER_PATH') undefine(`LOCAL_MAILER_FLAGS') undefine(`LOCAL_MAILER_ARGS')

These three lines undefine the local mailer path, flags, and arguments defined by the local_procmail feature. These lines cause sendmail to use /bin/mail as the local mailer, and they set the correct flags and arguments for /bin/mail . This recipe can be implemented on a system using /bin/mail with no problems.

Recipe 10.8 Bypassing User .forward Files