The
sendmail program is only as secure as the system
on which it is running. Correcting permissions and the like is useful
only if such corrections are systemwide and apply to all critical
system files and programs.
Time spent tightening security at your site is best spent before a
break-in occurs. Never suppose that your site is too small or of too
little consequence to be attacked. Start out by being wary, and you
will be more prepared when the inevitable happens.
Newer versions of perl(1) object to PATH
environment variables that begin with a dot (such as
.:/bin:/usr/bin). V8 clears the PATH variable
before executing programs in a user's
~/.forward file. Some shells put it back with
the dot first. Under such versions of the Bourne shell, execute
perl(1) scripts like this:
|"PATH=/bin:/usr/bin /home/usr/bin/script.pl"
There is no check in the T command to determine
that the names listed are the names of real users. That is, if you
mistakenly enter Tuupc when you really meant
Tuucp, pre-V8 sendmail
remained silent and UUCP mail mysteriously failed. V8.7 and above
sendmail log warning
messages.
