From owner-freebsd-security Wed Nov 3 3:44:34 1999 Delivered-To: freebsd-security@freebsd.org Received: from eastwood.aldigital.algroup.co.uk (eastwood.aldigital.algroup.co.uk [194.128.162.193]) by hub.freebsd.org (Postfix) with ESMTP id BD0F914D86 for ; Wed, 3 Nov 1999 03:44:27 -0800 (PST) (envelope-from adam@algroup.co.uk) Received: from algroup.co.uk ([193.195.56.225]) by eastwood.aldigital.algroup.co.uk (8.8.8/8.6.12) with ESMTP id LAA02343; Wed, 3 Nov 1999 11:43:17 GMT Message-ID: <38201FD5.89EAAD09@algroup.co.uk> Date: Wed, 03 Nov 1999 11:43:17 +0000 From: Adam Laurie Organization: A.L. Group plc X-Mailer: Mozilla 4.07 [en] (Win95; I) MIME-Version: 1.0 To: matt@sevenone.com Cc: freebsd-security@FreeBSD.ORG Subject: Re: Sendmail options, what's more secure? References: <3820051F.B2BAAF89@sevenone.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org matt baker wrote: > > Hello, > > I'm currently setting up a firewall that's using FreeBSD 3.x, and > sendmail 8.9.3. > The machine itself doesn't need to receive any mail, but will be passing > it onto several other machines internal to the firewall (2 nic card design). > > Given this setup, I was wondering about the merits of either: > > 1. Using the RunAsUser option, setting the mqueue directory to be owned > by this user, and also setting /etc/mail/aliases and similar files to be > also owned by this user or group writable. It's this later part that > I'm not keen on. > > 2. Running sendmail as root, but chrooted to a certain area using the > SafeFileEnvironment option. Does this mean I have to place the mqueue > and other config files in this area also? A popular alternative is qmail... http://www.qmail.org/ cheers, Adam -- Adam Laurie Tel: +44 (181) 742 0755 A.L. Digital Ltd. Fax: +44 (181) 742 5995 Voysey House Barley Mow Passage http://www.aldigital.co.uk London W4 4GB mailto:adam@algroup.co.uk UNITED KINGDOM PGP key on keyservers To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message