Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

22.11. The /etc/mail/aliases file

A poorly or carelessly administered aliases file can easily be used to gain privileged status. For example, many vendors ship systems with a decode alias in the /etc/mail/aliases file. The intention is to provide an easy way for users to transfer binary files using mail. At the sending site the user converts the binary to ASCII with uuencode, then mails the result to the decode alias at the receiving site. That alias pipes the mail message through the /usr/bin/uuencode program, which converts the ASCII back into the original binary file.

Remove the decode alias line from your /etc/mail/aliases file. Similarly, every alias that executes a program that you did not place there yourself and check completely should be questioned and probably removed. Edit the aliases file vi /etc/mail/aliases and remove the following lines:
         # Basic system aliases -- these MUST be present.
         MAILER-DAEMON:  postmaster
         postmaster:	root
         # General redirections for pseudo accounts.
         bin:			root
         daemon:		root
         games:		        root  (1)
         ingres:		root  (2)
         nobody:		root
         system:		root  (3)
         toor:			root  (4)
         uucp:		        root  (5)
         # Well-known aliases.
         manager:		root  (6)
         dumper:		root  (7)
         operator:		root  (8)
         # trap decode to catch security attacks
         decode:		root  (9)
         # Person who should get root's mail
         #root:		marc
         

(1)(2)(3)(4)(5)(6)(7)(8)(9)
Remove all these lines

For the changes to take effect you will need to run:
         [[email protected]] /# /usr/bin/newaliases
         

You need to prevent your Sendmail being abused by unauthorized users, Sendmail now includes powerful Anti-Spam features, which can help prevent your mail server from being abused by unauthorized users. To do this, make a change to the configuration file to block off spammers. Edit the sendmail.cf file, vi /etc/mail/sendmail.cf and change the line:
         O PrivacyOptions=authwarnings
         
To read:
         O PrivacyOptions=authwarnings,goaway
         
Setting the goaway option causes Sendmail to disallow all SMTP EXPN commands, it also causes it to reject all SMTP VERB commands and to disallow all SMTP VRFY commands. These changes prevent spammers from using the EXPN and VRFY commands in Sendmail.

You have to restrict who can examine the queues contents, ordinarily, anyone may examine the mail queue's contents by using the mailq command. To restrict who may examine the queues contents, you must specify the restrictmailq option in the /etc/mail/sendmail.cf file. With this option, Sendmail allows only users who are in the same group as the group ownership of the queue directory root to examine the contents. This allows the queue directory to be fully protected with mode 0700, while selected users are still able to see the contents.

Edit the sendmail.cf file, vi /etc/mail/sendmail.cf and change the line:
         O PrivacyOptions=authwarnings,goaway
         
To read:
         O PrivacyOptions=authwarnings,goaway,restrictmailq
         
Now we change the mode of our queue directory to be fully protected:
         [[email protected]] /# chmod 0700 /var/spool/mqueue
         

Now re-start the sendmail process manually for the change to take effect:
         [[email protected]] /# /etc/rc.d/init.d/sendmail restart
         

         Shutting down sendmail:                                    	[  OK  ]
         Starting sendmail:                                    		[  OK  ]
         

Tip: We have already added the goaway option to the line PrivacyOptions= in sendmail.cf file. Now we can just add the restrictmailq option to this line.

Any non-privileged user who attempts to examine the mail queue content will get this message:
         [[email protected] /]$ /usr/bin/mailq
         

         You are not permitted to see the queue
         

 
 
  Published under the terms of the Open Publication License Design by Interspire