Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com
Answertopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

Securing and Optimizing Linux: RedHat Edition -A Hands on Guide
PrevChapter 22. Software -Server/Mail NetworkNext

22.12. Limit queue processing to root

Ordinarily, anyone may process the queue with the -q switch. To limit queue processing to root and the owner of the queue directory, you must specify the restrictqrun option in the /etc/mail/sendmail.cf file.

Edit the sendmail.cf file, vi /etc/mail/sendmail.cf and change the line: 
         O PrivacyOptions=authwarnings,goaway,restrictmailq
To read: 
         O PrivacyOptions=authwarnings,goaway,restrictmailq,restrictqrun

Now re-start the sendmail process manually for the change to take effect: 
         [root@deep] /# /etc/rc.d/init.d/sendmail restart
         

         Shutting down sendmail:                                    	[  OK  ]
         Starting sendmail:                                    		[  OK  ]
Any non-privileged user who attempts to process the queue will get this message: 
         [user@deep /]$ /usr/sbin/sendmail -q
         

         You do not have permission to process the queue

22.12.1. The SMTP greeting message

When Sendmail accepts an incoming SMTP connection it sends a greeting message to the other host. This message identifies the local machine and is the first thing it sends to say it is ready.

Edit the sendmail.cf file, vi /etc/mail/sendmail.cf and change the line: 
         O SmtpGreetingMessage=$j Sendmail $v/$Z; $b
To read: 
         O SmtpGreetingMessage=$j
Now re-start the sendmail process manually for the change to take effect: 
         [root@deep] /# /etc/rc.d/init.d/sendmail restart
         
         Shutting down sendmail:                                    	[  OK  ]
         Starting sendmail:                                    		[  OK  ]

Tip: This change doesn't actually affect anything, but was recommended by folks in the news.admin.net-abuse.email newsgroup as a legal precaution. It modifies the banner, which Sendmail displays upon receiving a connection.

Do set the immutable bit on important Sendmail files, important Sendmail files can be set immutable for better security with the chattr command of Linux. A file with the +i attribute cannot be modified, deleted or renamed. No link can be created to this file, and no data can be written to the file. Only the super-user can set or clear this attribute.

  1. Set the immutable bit on the sendmail.cf file: 
             [root@deep] /# chattr  +i /etc/mail/sendmail.cf

  2. Set the immutable bit on the local-host-names file: 
             [root@deep] /# chattr  +i /etc/mail/local-host-names

  3. Set the immutable bit on the aliases file: 
             [root@deep] /# chattr  +i /etc/mail/aliases

  4. Set the immutable bit on the access file: 
             [root@deep] /# chattr  +i /etc/mail/access

Further documentation and for more details, there are several man pages you can read:

aliases(5)

- aliases file for sendmail

makemap(8)

- create database maps for sendmail

sendmail(8)

- an electronic mail transport agent

mailq(1)

- print the mail queue

newaliases(1)

- rebuild the data base for the mail aliases file

mailstats(8)

- display mail statistics

praliases(8)

- display system mail aliases

PrevHomeNext
The /etc/mail/aliases fileUpSendmail Administrative Tools
  
 
  Published under the terms of the Open Publication License Design by Interspire