Recipe 10.14 Limiting the SMTP Command Set

Previous page
Table of content
Next page

Problem

You want to disable certain SMTP commands.

Solution

Add the confPRIVACY_FLAGS define to the sendmail configuration to set PrivacyOptions that disable unwanted, optional SMTP commands. This sample define disables the EXPN , VRFY , VERB , and ETRN commands: 

 dnl Disable EXPN, VRFY, VERB and ETRN define(`confPRIVACY_FLAGS', `noexpn,novrfy,noverb,noetrn')

Build the sendmail.cf file, copy it to /etc/mail/sendmail.cf , and restart sendmail, as described in Recipe 1.8.

Discussion

The confPRIVACY_FLAGS define sets PrivacyOptions flags in the sendmail.cf file. One of the things that these flags can do is disable unwanted, optional SMTP commands. By default, sendmail supports the full array of SMTP commands, as this simple test shows: 

 #  sendmail -bs -Cgeneric-linux.cf  220 chef.wrotethebook.com ESMTP Sendmail 8.12.9/8.12.9; Mon, 10 Mar 2003 14:39:47 -0500  EHLO localhost  250-chef.wrotethebook.com Hello root@localhost, pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-EXPN 250-VERB 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-AUTH DIGEST-MD5 CRAM-MD5 250-DELIVERBY 250 HELP  EXPN <admin>  250-2.1.5 <anna@crab.wrotethebook.com> 250-2.1.5 <andy@rodent.wrotethebook.com> 250 2.1.5 <jane@rodent.wrotethebook.com>  VRFY <alana>  250 2.1.5 Alana Henson <alana@chef.wrotethebook.com>  QUIT  221 2.0.0 chef.wrotethebook.com closing connection

In response to the EHLO command, the SMTP server lists the SMTP extensions it supports, including optional commands. Some of these commands, VRFY , EXPN , and VERB , provide information that a security-conscious site might not wish to provide:

  • The VERB command places the SMTP protocol exchange into verbose mode, which provides debugging help but might also reveal information about your site that you would rather not advertise.

  • The VRFY command verifies an email address and provides additional information about the user at that address. In the example just shown, the system provides the user 's real name and the user's full email address.

  • The EXPN command expands a mailing list and displays the email address of each member of the list, as the test above shows. Intruders and spammers might collect this information and use it against your system.

After reconfiguring sendmail with the confPRIVACY_FLAGS define shown in Recipe 10.14.2, rerunning the test produces very different results: 

 #  sendmail -bs  220 chef.wrotethebook.com ESMTP Sendmail 8.12.9/8.12.9; Mon, 10 Mar 2003 14:47:35 -0500  EHLO localhost  250-chef.wrotethebook.com Hello root@localhost, pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-AUTH DIGEST-MD5 CRAM-MD5 250-DELIVERBY 250 HELP  EXPN <admin>  502 5.7.0 Sorry, we do not allow this operation  VRFY <alana>  252 2.5.2 Cannot VRFY user; try RCPT to attempt delivery (or try finger)  QUIT  221 2.0.0 chef.wrotethebook.com closing connection

Now the server advertises a smaller set of features, and returns errors when the EXPN and VRFY commands are entered.

In addition to the noexpn , novrfy , and noverb flags, the sample define in Recipe 10.14.2 uses the noetrn flag. In the first test, the system advertised the ETRN command. After this recipe is applied, the server no longer advertises or supports that command. ETRN is used by remote systems to cause the server to run the queue. ETRN is an important command for supporting dial-in clients that need to have the queue run while they are online. Our sample system does not support dial-in SMTP clients , so we have disabled the ETRN command to prevent remote sites from forcing the server to run the queue.

The noexpn , novrfy , and noverb flags could all have been set using the goaway flag. The goaway flag sets several flags at once. In addition to the noexpn , novrfy , and noverb flags, the goaway flag sets:


authwarnings

authwarnings tells sendmail to insert X-Authentication-Warnings : headers into the mail whenever it suspects that the message is not authentic . authwarnings is the default PrivacyOptions flag used when the sendmail.cf file is built by m4 . If the system administrator directly edits the sendmail.cf file and inserts a PrivacyOptions statement that has no flags set, public becomes the default. public tells sendmail that it should not do any special security checks or SMTP syntax checks.


nobodyreturn

The nobodyreturn flag tells sendmail not to return the original message body when it bounces a message, even if the return is specifically requested with the RET=FULL DSN extension on the MAIL From : SMTP command. noreceipts is a related flag that is not used by goaway . noreceipts causes sendmail to ignore the NOTIFY=SUCCESS DSN extension of the RCPT To : command and to ignore Return-Receipt-To : headers. When noreceipts is used, sendmail does not advertise or support DSN. For this reason, goaway does not set noreceipts , and it is not recommended that you use it either. nobodyreturn only affects the RET=FULL DSN extension; the other DSN features are still available.


needmailhelo , needvrfyhelo , and needexpnhelo

These three flags cause sendmail to require a valid HELO / EHLO command from the client before accepting certain other commands. needmailhelo , needvrfyhelo , and needexpnhelo are used and discussed in Recipe 10.15.

The goaway flag does not set the noetrn flag used in this recipe, nor does it set the public and noreceipts flags described above. Additionally, it does not set the restrictexpand , restrictmailq , and restrictqrun flags. noetrn and noreceipts are not used because they disable features that are, in certain circumstances, very useful. The goaway flag does not use public because it lessens security. restrictexpand , restrictmailq , and restrictqrun are not used because those flags affect who can use certain options on the sendmail command line; they do not affect the SMTP protocol or security interactions with remote systems that are the target of the goaway flag. [8] goaway is a good choice for enhanced sendmail security. However, this recipe shows that individual flags can also be selected to create a custom security configuration.

[8] Recipe 10.16 covers the restrictexpand , restrictmailq, and restrictqrun flags.

Even more custom control is available through creating custom rulesets. The rulesets check_vrfy , check_expn , and check_etrn can be used to define custom controls for the VRFY , EXPN , and ETRN commands, respectively. This recipe disables these commands completely.

See Also

Recipe 10.15 and Recipe 10.16 provide related material. The sendmail book covers the PrivacyOptions in Section 24.9.80.


Previous page
Table of content
Next page
Sendmail Cookbook
sendmail Cookbook
ISBN: 0596004710
EAN: 2147483647
Year: 2005
Pages: 178
Authors: Craig Hunt
BUY ON AMAZON
Cisco CallManager Fundamentals (2nd Edition)
The New Solution Selling: The Revolutionary Sales Process That Is Changing the Way People Sell [NEW SOLUTION SELLING 2/E]
Programming Microsoft ASP.NET 3.5
Wireless Hacks: Tips & Tools for Building, Extending, and Securing Your Network
Persuasive Technology: Using Computers to Change What We Think and Do (Interactive Technologies)
.NET System Management Services
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy