ProblemYou want to limit which users can run the sendmail program with the -q , -bp , -v , and -bv options. SolutionAdd the confPRIVACY_FLAGS define to the sendmail configuration. Set the restrictexpand , restrictmailq and restrictqrun flags, as in this example: dnl Limit use of expand, mailq and qrun flags define(`confPRIVACY_FLAGS', `restrictexpand,restrictmailq,restrictqrun') Rebuild and install sendmail.cf , then restart sendmail as shown in Recipe 1.8. DiscussionThe PrivacyOptions flags restrictexpand , restrictmailq , and restrictqrun add to the restrictions on who can use certain sendmail command-line options. The flags and the options they affect are:
Most of the PrivacyOptions flags ”those discussed in Recipe 10.14 and Recipe 10.15 ”impact how sendmail interacts with remote systems. Those flags are used by sendmail when it is run as a daemon. The three flags used in this recipe affect sendmail when it is run from the command line. Because the default for sendmail 8.12 is to no longer run sendmail as set-user-ID root , these flags are most useful with earlier versions of sendmail. See AlsoRecipe 10.14 and Recipe 10.15 provide other examples of using PrivacyOptions . The sendmail book covers restrictexpand in Section 24.9.80.13, the restrictmailq flag in Section 24.9.80.14, and restrictqrun in Section 24.9.80.15. |