sendmail.net: Securing Sendmail on Four Types of SystemsJul 12, 2000, 04:48 (0 Talkback[s])
"Depending on where you are and what you're doing there, security can mean very different things. This second article in our series on sendmail and security, based on the tutorial given by Eric Allman and Greg Shapiro at the recent USENIX conference in San Diego, looks at what you can do to secure sendmail on four types of systems: systems with user login access, systems with user accounts but no shell access, POP/IMAP mail servers, and firewalls."
"When it comes to security, systems with general user accounts have some inherent limitations. First, things have to be in their expected locations so users (and user programs) can find them. Second, RunAsUser won't cut it: sendmail has to run as root to assume individual users' identities when reading and writing files or executing programs on their behalf. For instance, if a user forwards something to the vacation program, vacation has to run as that user to access and update files in that user's home directory."
"You can still have a tight security policy, but this kind of system imposes some distinct limits. So what can you actually do? Here's a checklist:...."