sendmail
is very particular about the modes of files that it reads or writes.
For example, by default it will refuse to read most files
that are group writable
on the grounds that they might have been tampered with
by someone other than the owner;
it will even refuse to read files in group writable directories.
If you are
certain that your configuration is safe and you want
sendmail
to avoid these security checks,
you can turn off certain checks using the
DontBlameSendmail
option.
This option takes one or more names that disable checks.
In the descriptions that follow,
unsafe directory
means a directory that is writable by anyone other than the owner.
The values are:
Safe
No special handling.
AssumeSafeChown
Assume that the
chown(S)
system call is restricted to root.
Since some versions of Unix permit regular users
to give away their files to other users on some filesystems,
sendmail
often cannot assume that a given file was created by the owner,
particularly when it is in a writable directory.
You can set this flag if you know that file giveaway is restricted
on your system.
ClassFileInUnsafeDirPath
When reading class files (using the F
line in the configuration file),
allow files that are in unsafe directories.
DontWarnForwardFileInUnsafeDirPath
Prevent logging of
unsafe directory path warnings
for non-existent forward files.
ErrorHeaderInUnsafeDirPath
Allow the file named in the
ErrorHeader
option to be in an unsafe directory.
GroupWritableDirPathSafe
Change the definition of
unsafe directory
to consider group-writable directories to be safe.
World-writable directories are always unsafe.
GroupWritableForwardFileSafe
Accept group-writable
.forward files.
GroupWritableIncludeFileSafe
Accept group-writable
:include: files.
GroupWritableAliasFile
Allow group-writable alias files.
HelpFileInUnsafeDirPath
Allow the file named in the
HelpFile
option to be in an unsafe directory.
WorldWritableAliasFile
Accept world-writable alias files.
ForwardFileInGroupWritableDirPath
Allow .forward
files in group writable directories.
IncludeFileInGroupWritableDirPath
Allow :include:
files in group writable directories.
ForwardFileInUnsafeDirPath
Allow .forward
files in unsafe directories.
IncludeFileInUnsafeDirPath
Allow :include:
files in unsafe directories.
ForwardFileInUnsafeDirPathSafe
Allow a .forward
file that is in an unsafe directory to include references
to program and files.
IncludeFileInUnsafeDirPathSafe
Allow an :include:
file that is in an unsafe directory to include references
to program and files.
InsufficientEntropy
Try to use STARTTLS even if the PRNG for OpenSSL is not properly seeded
despite the security problems.
MapInUnsafeDirPath
Allow maps (such as
hash, btree, and dbm files)
in unsafe directories.
LinkedAliasFileInWritableDir
Allow an alias file that is a link in a writable directory.
LinkedClassFileInWritableDir
Allow class files that are links in writable directories.
LinkedForwardFileInWritableDir
Allow .forward
files that are links in writable directories.
LinkedIncludeFileInWritableDir
Allow :include:
files that are links in writable directories.
LinkedMapInWritableDir
Allow map files that are links in writable directories.
LinkedServiceSwitchFileInWritableDir
Allow the service switch file to be a link
even if the directory is writable.
FileDeliveryToHardLink
Allow delivery to files that are hard links.
FileDeliveryToSymLink
Allow delivery to files that are symbolic links.
RunProgramInUnsafeDirPath
Go ahead and run programs that are in writable directories.
RunWritableProgram
Go ahead and run programs that are group- or world-writable.
WriteMapToHardLink
Allow writes to maps that are hard links.
WriteMapToSymLink
Allow writes to maps that are symbolic links.
WriteStatsToHardLink
Allow the status file to be a hard link.
WriteStatsToSymLink
Allow the status file to be a symbolic link.
TrustStickyBit
Allow group or world writable directories
if the sticky bit is set on the directory.
Do not set this on systems which do not honor
the sticky bit on directories.
NonRootSafeAddr
Do not mark file and program deliveries as unsafe
if sendmail is not running with root privileges.