From owner-freebsd-security Wed Nov 3 1:51: 4 1999 Delivered-To: freebsd-security@freebsd.org Received: from ns.fintec.com (ns.fintec.com [212.153.43.10]) by hub.freebsd.org (Postfix) with ESMTP id 6D50E15530 for ; Wed, 3 Nov 1999 01:50:59 -0800 (PST) (envelope-from matt@sevenone.com) Received: from sevenone.com (matt.information-innovation.com [192.168.31.51]) by ns.fintec.com (8.9.3/8.9.3) with ESMTP id KAA11536 for ; Wed, 3 Nov 1999 10:49:44 +0100 (MET) Message-ID: <3820051F.B2BAAF89@sevenone.com> Date: Wed, 03 Nov 1999 10:49:42 +0100 From: matt baker Reply-To: matt@sevenone.com Organization: SevenOne Pty Ltd X-Mailer: Mozilla 4.7 (Macintosh; I; PPC) MIME-Version: 1.0 To: freebsd-security@freebsd.org Subject: Sendmail options, what's more secure? Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello, I'm currently setting up a firewall that's using FreeBSD 3.x, and sendmail 8.9.3. The machine itself doesn't need to receive any mail, but will be passing it onto several other machines internal to the firewall (2 nic card design). Given this setup, I was wondering about the merits of either: 1. Using the RunAsUser option, setting the mqueue directory to be owned by this user, and also setting /etc/mail/aliases and similar files to be also owned by this user or group writable. It's this later part that I'm not keen on. 2. Running sendmail as root, but chrooted to a certain area using the SafeFileEnvironment option. Does this mean I have to place the mqueue and other config files in this area also? thanks for any thoughts, Matt Baker ---- matt@sevenone.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message