ProblemYou want to limit the files and devices to which sendmail writes mail messages. SolutionCreate a directory to contain all of the files to which users can deliver mail. In this example, we create a directory for this purpose that we name /var/mail/archives : # cd /var/mail # mkdir archives # chmod 700 archives Add a confSAFE_FILE_ENV define to the sendmail configuration to point the SafeFileEnvironment option to the newly created directory. The following provides an example of the confSAFE_FILE_ENV define: dnl Limit delivery to files to the /var/mail/archives directory define(`confSAFE_FILE_ENV', `/var/mail/archives') Build the configuration, copy it to /etc/mail/sendmail.cf , and restart sendmail, as described in Recipe 1.8. DiscussionRecipe 2.11 shows examples of users writing to files via their .forward files. When the delivery address for a piece of mail contains a / and no @ host part, sendmail assumes that the address is the name of a file and appends the mail message to that file. By default, sendmail will append the mail to any device or file that does not have execute permissions set. Specify the SafeFileEnvironment option to tell sendmail that it should only append to ordinary files or /dev/null . To limit the ordinary files sendmail may write, add a path to the confSAFE_FILE_ENV define. When a path is used, sendmail only writes to files located in that path. This recipe limits this form of mail delivery to either /dev/null or to nonexecutable, ordinary files located in the /var/mail/archives path. See AlsoRecipe 10.8 shows how delivery to files can be completely disabled. Delivery to files normally takes place through aliases defined in the aliases database or the user 's .forward file. For more information on the aliases database and the .forward file, see Chapter 2. The sendmail book covers delivery to files in sections 10.8.2.8, 12.2.2, and 24.9.95. |