Turning off security checks

sendmail is very particular about the modes of files that it reads or writes. For example, by default it will refuse to read most files that are group writable on the grounds that they might have been tampered with by someone other than the owner; it will even refuse to read files in group writable directories.

If you are certain that your configuration is safe and you want sendmail to avoid these security checks, you can turn off certain checks using the DontBlameSendmail option. This option takes one or more names that disable checks. In the descriptions that follow, unsafe directory means a directory that is writable by anyone other than the owner. The values are:

Safe

No special handling.

AssumeSafeChown

Assume that the chown(S) system call is restricted to root. Since some versions of Unix permit regular users to give away their files to other users on some filesystems, sendmail often cannot assume that a given file was created by the owner, particularly when it is in a writable directory. You can set this flag if you know that file giveaway is restricted on your system.

ClassFileInUnsafeDirPath

When reading class files (using the F line in the configuration file), allow files that are in unsafe directories.

DontWarnForwardFileInUnsafeDirPath

Prevent logging of unsafe directory path warnings for non-existent forward files.

ErrorHeaderInUnsafeDirPath

Allow the file named in the ErrorHeader option to be in an unsafe directory.

GroupWritableDirPathSafe

Change the definition of unsafe directory to consider group-writable directories to be safe. World-writable directories are always unsafe.

GroupWritableForwardFileSafe

Accept group-writable .forward files.

GroupWritableIncludeFileSafe

Accept group-writable :include: files.

GroupWritableAliasFile

Allow group-writable alias files.

HelpFileInUnsafeDirPath

Allow the file named in the HelpFile option to be in an unsafe directory.

WorldWritableAliasFile

Accept world-writable alias files.

ForwardFileInGroupWritableDirPath

Allow .forward files in group writable directories.

IncludeFileInGroupWritableDirPath

Allow :include: files in group writable directories.

ForwardFileInUnsafeDirPath

Allow .forward files in unsafe directories.

IncludeFileInUnsafeDirPath

Allow :include: files in unsafe directories.

ForwardFileInUnsafeDirPathSafe

Allow a .forward file that is in an unsafe directory to include references to program and files.

IncludeFileInUnsafeDirPathSafe

Allow an :include: file that is in an unsafe directory to include references to program and files.

InsufficientEntropy

Try to use STARTTLS even if the PRNG for OpenSSL is not properly seeded despite the security problems.

MapInUnsafeDirPath

Allow maps (such as hash, btree, and dbm files) in unsafe directories.

LinkedAliasFileInWritableDir

Allow an alias file that is a link in a writable directory.

LinkedClassFileInWritableDir

Allow class files that are links in writable directories.

LinkedForwardFileInWritableDir

Allow .forward files that are links in writable directories.

LinkedIncludeFileInWritableDir

Allow :include: files that are links in writable directories.

LinkedMapInWritableDir

Allow map files that are links in writable directories.

LinkedServiceSwitchFileInWritableDir

Allow the service switch file to be a link even if the directory is writable.

FileDeliveryToHardLink

Allow delivery to files that are hard links.

FileDeliveryToSymLink

Allow delivery to files that are symbolic links.

RunProgramInUnsafeDirPath

Go ahead and run programs that are in writable directories.

RunWritableProgram

Go ahead and run programs that are group- or world-writable.

WriteMapToHardLink

Allow writes to maps that are hard links.

WriteMapToSymLink

Allow writes to maps that are symbolic links.

WriteStatsToHardLink

Allow the status file to be a hard link.

WriteStatsToSymLink

Allow the status file to be a symbolic link.

TrustStickyBit

Allow group or world writable directories if the sticky bit is set on the directory. Do not set this on systems which do not honor the sticky bit on directories.

NonRootSafeAddr

Do not mark file and program deliveries as unsafe if sendmail is not running with root privileges.