preserving sendmail configuration security hacks

To: debian-security@lists.debian.org
Subject: preserving sendmail configuration security hacks
From: Duncan Simpson <duncan@commercialuk.com>
Date: 10 Nov 2004 16:09:42 +0000
Message-id: <1100102989.17727.236.camel@duncan>

One of my mail servers runs sendmail and some extra security features
are implemented in the Local_check_relay ruleset---in particualr it only
allows a small list of IP addresses to connect.

There are also a few other Local_check_* rulesets which are non-standard
and do things like tweaking the relay restrictions and providing
additional resistance to thrid party relaying.

I can put the rulesets Local_check_* rulesets in the LOCAL_RULESETS in
sendmail.mc and delete the blank ones make sendmail.cf generates
manually but this is suboptimal. Is there a way of writing the
sendmail.mc file so the extra rules in the Local_check_* rulesets
appear.

I read the m4 source and saw items for handling LOCAL_RULE_0 and
LOCAL_RULE_3 (both of which I use for some special effects) but nothign
similar appears where the blank Local_check_* rulsets are defined. I
have my doubts about the ability of postfix and exim to handle
everythign required.

Reply to:

Follow-Ups:
- Re: preserving sendmail configuration security hacks
  - From: Richard A Nelson <cowboy@debian.org>

Prev by Date: Re: Fwd: dhcp-2 Security Announcement
Next by Date: Re: preserving sendmail configuration security hacks
Previous by thread: Re: Fwd: dhcp-2 Security Announcement
Next by thread: Re: preserving sendmail configuration security hacks
Index(es):
- Date
- Thread