October 12, 2001, 1:59 PM — This is the final installment of my three-part series on secure sendmail installations. There's plenty more to say, of course, but I don't want to turn this column into the Wizard's Guide to Sendmail.
To paraphrase an old saying, an example is worth a thousand words.
This month, I'll elaborate on some optional features of sendmail and
provide an example of a configuration I've used. While this example worked for me, I am by no means stating that it is the best or only
solution to the problem. It's merely a solution that I successfully
implemented. Hopefully, you can learn something from it. If you have
a better way of solving the same problem, just send me mail and I'll
post it. I'm always interested in learning something new. I'll also
cover some testing and debugging techniques that might be useful.
Putting it into production
Several years ago, a friend of mine built a sendmail
configuration for a firewall, but left the company before it was put
into production. The administrator who took over the system didn't
realize that the intention was to run sendmail in a restricted
chrooted) environment with no root privileges. When the firewall was put into production, it was quickly hacked because sendmail wasn't installed properly.
Where to install
I like to use
chroot to create a restricted padded cell to isolate sendmail from the rest of the system. Using
chroot is no guarantee of security, but it does limit exposures. If it's used in combination with tight permissions, it provides an effective security barrier.
For the sake of argument, let's say that the root of the cell is a
/sendmail_cell that is mounted
nosuid. Normally, on Solaris, the sendmail binary is installed in
and the configuration file is in
/etc/mail/sendmail. Since the configuration file used to be in
/etc, I put in a symbolic link
/etc/mail/sendmail.cf. Because we're using a padded cell here, it will be in
/sendmail_cell/etc/mail/sendmail.cf. The startup script (
/etc/rc2.d/S88sendmail on Solaris) is modified to start sendmail with
At the beginning of the startup file, define a variable for the
padded cell directory: