(forward slash)

There are times when, for security reasons, you might wish to restrict delivery to a chroot (8) hierarchy. You might, for example, wish to restrict local spool delivery to a small subset of the total filesystem. One way to manage such a change is to set up that new directory hierarchy so that it looks something like this:

 /secure/etc/passwd /secure/etc/group /secure/etc/mail/sendmail.cf /secure/etc/mail/aliases.db /secure/etc/mail/access.db /secure/var/spool/mail /secure/usr/sbin/sendmail /secure/var/mqueue /secure/var/clientmqueue  etc.  

If this /= delivery agent equate is declared for the local delivery agent as /=/secure , all local delivery will first cause sendmail to chroot (8) into the /secure hierarchy. If that chroot (8) fails, sendmail will log the failure and continue to chroot (8) into the root directory.

One way to declare the /= delivery agent equate and change the location of mail.local at the same time is like this:

 define(`LOCAL_MAILER_PATH', `/bin/mail.local, /=/secure') 

Note that other files will have to appear in the /secure hierarchy. A /secure/dev/zero , for example, will be necessary for Solaris-based systems. A Bourne shell will also be necessary (e.g., /secure/bin/sh ), as will a local delivery agent, such as /secure/bin/mail.local . Running delivery agents in a chroot (8) environment is not for the fainthearted, and much experimentation will doubtless be required to get it right for your system.

Note that this /= delivery agent equate is intended to run sendmail 's delivery agents in a chroot (8) environment. It is not intended to run sendmail .