Re: preserving sendmail configuration security hacks

To: Duncan Simpson <duncan@commercialuk.com>
Cc: debian-security@lists.debian.org
Subject: Re: preserving sendmail configuration security hacks
From: Richard A Nelson <cowboy@debian.org>
Date: Wed, 10 Nov 2004 12:01:46 -0800 (PST)
Message-id: <Pine.LNX.4.58.0411101148460.9214@hygvzn-guhyr.pnirva.bet>
In-reply-to: <1100102989.17727.236.camel@duncan>
References: <1100102989.17727.236.camel@duncan>

On Wed, 10 Nov 2004, Duncan Simpson wrote:

> I can put the rulesets Local_check_* rulesets in the LOCAL_RULESETS in
> sendmail.mc and delete the blank ones make sendmail.cf generates
> manually but this is suboptimal. Is there a way of writing the
> sendmail.mc file so the extra rules in the Local_check_* rulesets
> appear.

I do stuff like this all the time (in sendmail.mc, or include):
LOCAL_RULESETS
# Allow etrn,expn,vrfy from anyplace allowed to relay through us
SLocal_check_commands
...
# No pause for port 587(MSP) as authentication is required
SLocal_greet_pause
...

The last case does cause two occurances of Slocal_greet_pause... but
unlike the Bat book V2 (still gotta get V3), sendmail doesn't complain
- and does the right thing.

I'd be happy to look over you setup if you'd like...  If you've got
anything that might be generally applicable, I'd love to merge it into
what I'm putting together... a set of hacks to increase security and
simplify things as much as possible.

-- 
Rick Nelson
"What you end up with, after running an operating system concept through
these many marketing coffee filters, is something not unlike plain hot
water."
(By Matt Welsh)

Reply to:

References:
- preserving sendmail configuration security hacks
  - From: Duncan Simpson <duncan@commercialuk.com>

Prev by Date: preserving sendmail configuration security hacks
Next by Date: [Fwd: Firewall-easy setup difficulties]
Previous by thread: preserving sendmail configuration security hacks
Next by thread: [Fwd: Firewall-easy setup difficulties]
Index(es):
- Date
- Thread