UNIX System Administration Handbook - Evi Nemeth [347]
smrsh is a restricted shell provided with the sendmail distribution as a replacement for the traditional program mailer, /bin/sh. It improves the ability of the local system administrator to control what commands can be run by email. Only programs that are in the smrsh binaries directory, /usr/adm/sm.bin (configurable when smrsh is being compiled), can be run. smrsh also checks for suspicious characters (such as output redirection symbols) in a command and aborts the delivery if any are found.
We recommend that you install both smrsh and mail.local and that you turn on the features that use them:
FEATURE('local_lmtp', '/usr/libexec/mail.local')
FEATURE('smrsh', '/usr/libexec/smrsh')
See page 610 for a more detailed discussion of smrsh.
The local_procmail feature
You can use Stephen van den Berg’s procmail as your local mailer by enabling the local_procmail feature. It takes a single argument: the path to the procmail binary.
procmail can do fancier things for the user than plain /bin/mail or mail.local. In addition to delivering mail to users’ mailboxes, it can sort messages into folders, save them in files, run programs, and filter spam. procmail is not distributed with sendmail; get it from www.procmail.org if it is not installed by your vendor. You can also use other mail processing programs with this feature just by lying to sendmail and saying that you are just showing it the local copy of procmail:
FEATURE('local_procmail', '/usr/local/bin/mymailer')
The LOCAL_* macros
If you really need to get your hands dirty and write some exotic new rules to deal with special local situations, you use a set of macros prefaced by LOCAL_. The section on spam, later in this chapter, has some examples of this low-level construct.
Configuration options
Config file options and macros (the O and D commands in the raw config language) can be set with the define m4 command. A complete list of options accessible as m4 variables and their default values is given in the cf/README file. The default values are OK for most sites.
Some examples:
define('confTO_QUEUERETURN', '7d')
define('confTO_QUEUEWARN', '4h')
define('confPRIVACY_FLAGS', 'noexpn')
The queue return option determines how long a message will remain in the mail queue if it cannot be delivered. The queue warn option determines how long it will sit before the sender is notified that there might problems with delivery. The first two lines set these to 7 days and 4 hours, respectively.
See page 610 for more information about privacy options.
The next line sets the privacy flags to disallow the SMTP EXPN (expand address) command. The confPRIVACY_FLAGS option takes a comma-separated list of values. Some versions of m4 require two sets of quotes to protect the commas:
define('confPRIVACY_FLAGS', ''noexpn, novrfy'')
The default values for most options are about right for a typical small to medium-sized site that is not too paranoid about security or too concerned with performance. With the defaults, you may become a spam target; you must adjust several options to be a good citizen relative to spam. If your mail hub machine is very busy and services lots of mailing lists, you may need to tweak some of the performance values.
Table 19.13 lists some options that you might need to adjust (about 15% of the almost 150 configuration options), along with their default values. To save space, the option names are shown without their conf prefix; for example, the FALLBACK_MX option is really named confFALLBACK_MX. We divided the table into subsections that identify the kind of issue the variable addresses: generic, resources, performance, security and spam abatement, and miscellaneous. Some options clearly fit in more