Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com
Answertopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

22.12. Limit queue processing to root

Ordinarily, anyone may process the queue with the -q switch. To limit queue processing to root and the owner of the queue directory, you must specify the restrictqrun option in the /etc/mail/sendmail.cf file.

Edit the sendmail.cf file, vi /etc/mail/sendmail.cf and change the line:
         O PrivacyOptions=authwarnings,goaway,restrictmailq
         
To read:
         O PrivacyOptions=authwarnings,goaway,restrictmailq,restrictqrun
         

Now re-start the sendmail process manually for the change to take effect:
         [root@deep] /# /etc/rc.d/init.d/sendmail restart
         

         Shutting down sendmail:                                    	[  OK  ]
         Starting sendmail:                                    		[  OK  ]
         
Any non-privileged user who attempts to process the queue will get this message:
         [user@deep /]$ /usr/sbin/sendmail -q
         

         You do not have permission to process the queue
         

22.12.1. The SMTP greeting message

When Sendmail accepts an incoming SMTP connection it sends a greeting message to the other host. This message identifies the local machine and is the first thing it sends to say it is ready.

Edit the sendmail.cf file, vi /etc/mail/sendmail.cf and change the line:
         O SmtpGreetingMessage=$j Sendmail $v/$Z; $b
         
To read:
         O SmtpGreetingMessage=$j
         
Now re-start the sendmail process manually for the change to take effect:
         [root@deep] /# /etc/rc.d/init.d/sendmail restart
         
         Shutting down sendmail:                                    	[  OK  ]
         Starting sendmail:                                    		[  OK  ]
         

Tip: This change doesn't actually affect anything, but was recommended by folks in the news.admin.net-abuse.email newsgroup as a legal precaution. It modifies the banner, which Sendmail displays upon receiving a connection.

Do set the immutable bit on important Sendmail files, important Sendmail files can be set immutable for better security with the chattr command of Linux. A file with the +i attribute cannot be modified, deleted or renamed. No link can be created to this file, and no data can be written to the file. Only the super-user can set or clear this attribute.

  1. Set the immutable bit on the sendmail.cf file:
             [root@deep] /# chattr  +i /etc/mail/sendmail.cf
             

  2. Set the immutable bit on the local-host-names file:
             [root@deep] /# chattr  +i /etc/mail/local-host-names
             

  3. Set the immutable bit on the aliases file:
             [root@deep] /# chattr  +i /etc/mail/aliases
             

  4. Set the immutable bit on the access file:
             [root@deep] /# chattr  +i /etc/mail/access
             

Further documentation and for more details, there are several man pages you can read:

aliases(5)

- aliases file for sendmail

makemap(8)

- create database maps for sendmail

sendmail(8)

- an electronic mail transport agent

mailq(1)

- print the mail queue

newaliases(1)

- rebuild the data base for the mail aliases file

mailstats(8)

- display mail statistics

praliases(8)

- display system mail aliases

 
 
  Published under the terms of the Open Publication License Design by Interspire