How does one solve the security problem of the Sendmail server?

Article Title: how to solve the security problem of the Sendmail server ?. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
Author: ideal
　　
Sendmail is the most widely used email sending/receiving proxy in Unix environments. Because the Sendmail mail server is powerful and complex, the following work is required to ensure the security of Sendmail.
　　
1. Set Sendmail to use "smrsh"
The smrsh program is used as an alternative shell for "/bin/sh" defined for sendmail in mailer. Smrsh is a restricted shell tool that explicitly specifies the list of executable files through the "/etc/smrsh" directory. In short, smrsh limits the Assembly that attackers can execute. When it is used with the sendmail program, smrsh effectively limits the range of programs that sendmail can execute to the smrsh directory.
　　
Step 1:
　　
Determines the list of commands that smrsh can allow sendmail to run. By default, the following commands should be included, but not limited:
　　
"/Bin/mail" (if installed in your system)
　　
"/Usr/bin/procmail" (if installed in your system)
　　
Note: do not include command interpreter in the command list, such as sh (1), csh (1), perl (1), uudecode (1), and stream editor sed (1 ).
　　
Step 2:
　　
Create a symbolic connection for the program running sendmail in the "/etc/smrsh" directory.
　　
Run the following command to allow the mail program "/bin/mail" to run:
　　
[Root @ deep] # cd/etc/smrsh
　　
[Root @ deep] # ln-s/bin/mail
　　
Run the following command to allow the procmail program "/usr/bin/procmail" to run:
　　
[Root @ deep] # cd/etc/smrsh
　　
[Root @ deep] # ln-s/usr/bin/procmail
　　
This allows users in ". forward" and "aliases" to run the mail and procmail programs using the "| program" syntax.
　　
Step 3
　　
Configure sendmail to use restricted shell. The mailer program has only one line in the configuration file "/etc/sendmail. cf" of sendmail. You must modify the line defined by "Mprog" in the "sendmail. cf" file. Replace "/bin/sh" with "/usr/sbin/smrsh ".
　　
Edit the "sendmail. cf" file (vi/etc/sendmail. cf) and change the following line:
　　
For example:
　　
Mprog, P =/bin/sh, F = lsDFMoqeu9, S = 10/30, R = 20/40, D = $ z:/, T = X-Unix, A = sh-c $ u
　　
Should be changed:
　　
Mprog, P =/usr/sbin/smrsh, F = lsDFMoqeu9, S = 10/30, R = 20/40, D = $ z:/, T = X-Unix, A = sh-c $ u
　　
Run the following command to manually restart the sendmail process:
　　
[Root @ deep] #/etc/rc. d/init. d/sendmail restart
　　
2. "/etc/aliases" File
If not properly and strictly managed, the alias file is used to obtain privileges. For example, many release versions contain the "decode" alias in the alias file. This situation is getting fewer and fewer.
　　
This aims to provide users with a convenient way to transmit binary files through mail. At the place where the email is sent, the user converts the binary file to the ASCII format with "uuencode" and delivers the result to the recipient's "decode" alias. The alias sends the mail message to the "/usr/bin/uuencode" program through an MPS queue. This program transfers the message from ASCII to the original binary file.
　　
Delete the "decode" alias. Similarly, for all aliases used to execute programs that are not placed in the smrsh directory, you must carefully check them. They may be suspicious and should be deleted. To make your changes take effect, run:
　　
[Root @ deep] #/usr/bin/newaliases
　　
Edit the alias file (vi/etc/aliases) and delete the following lines:
　　
# Basic system aliases -- these MUST be present.
　　
MAILER-DAEMON: postmaster
　　
Postmaster: root
　　
# General redirections for pseudo do accounts.
　　
Bin: root
　　
Daemon: root
　　
Games: root ?? Delete this row
　　
Ingres: root ?? Delete this row
　　
Nobody: root
　　
System: root ?? Delete this row
　　
Toor: root ?? Delete this row
　　
Uucp: root ?? Delete this row
　　
# Well-known aliases.
　　
Manager: root ?? Delete this row
　　
Dumper: root ?? Delete this row
　　
Operator: root ?? Delete this row
　　
# Trap decode to catch security attacks
　　
Decode: root ?? Delete this row
　　
# Person who shoshould get root's mail
　　
# Root: marc
　　
Finally, run the "/usr/bin/newaliases" program to make the change take effect.
　　
3. avoid abuse of your Sendmail by unauthorized users
The latest version of Sendmail (8.9.3) adds a strong anti-spoofing feature. They can prevent unauthorized users from abusing your email server. Edit your "/etc/sendmail. cf" file and modify this configuration file so that your email server can block spoofing emails.
　　
Edit the "sendmail. cf" file (vi/etc/sendmail. cf) and change the following line:
　　
O PrivacyOptions = authwarnings
　　
Changed:
　　
O PrivacyOptions = authwarnings, noexpn, novrfy
　　
Set "noexpn" to enable sendmail to disable all SMTP "EXPN" commands, which also causes sendmail to reject all SMTP "VERB" commands. Set "novrfy" to enable sendmail to disable all SMTP "VRFY" commands. Such changes can prevent attackers from using the "EXPN" and "VRFY" commands, which are abused by those who are not regular.
　　
4. SMTP greetings
When sendmail accepts an SMTP connection, it sends a greeting message to the machine, which is used as the identity of the host, the first thing it does is to tell the other party that it is ready.
　　
Edit the "sendmail. cf" file (vi/etc/sendmail. cf) and change the following line:
　　
O SmtpGreetingMessage = $ j Sendmail $ v/$ Z; $ B
　　
Changed:
　　
O SmtpGreetingMessage = $ j Sendmail $ v/$ Z; $ B NO UCE C = xx L = xx
　　
Now manually restart the sendmail process to make the changes take effect:
　　
[Root @ deep] #/etc/rc. d/init. d/sendmail restart
　　
The above changes will affect the flag information displayed when Sendmail receives a connection. You should replace "xx" in the "'C = xx L = xx" entry with your country and region code. The subsequent changes do not actually affect anything. However, this is a legal practice recommended by the "news.admin.net-abuse. email" newsgroup partners.
　　
5. Restrict the personnel who can review the content of the mail queue
Generally, anyone can use the "mailq" command to view the content of the mail queue. To restrict the personnel who can review the content of the mail queue, you only need to specify the "restrictmailq" option in the "/etc/sendmail. cf" file. In this case, sendmail only allows users with the same group owner as the directory where the queue is located to view its content. This will allow 0700 of the mail queue directory to be fully protected, and the contents of the restricted legal users can still be seen.
　　
Edit the "sendmail. cf" file (vi/etc/sendmail. cf) and change the following line:
　　
O PrivacyOptions = authwarnings, noexpn, novrfy
　　
Changed:
　　
O PrivacyOptions = authwarnings, noexpn, novrfy, restrictmailq
　　
Now we change the permissions of the mail queue directory to fully protect it:
　　
[Root @ deep] # chmod 0700/var/spool/mqueue
　　
Note: The "noexpn" and "novrfy" options have been added to the "PrivacyOptions =" line in sendmail. cf. Now we will add the "restrictmailq" option in this line.
　　
Any unprivileged user attempts to view the content of the mail queue will receive the following message:
　　
[User @ deep] $/usr/bin/mailq
　　
You are not permitted to see the queue
　　
6. Restrict the permission to process the mail queue to "root"
Generally, anyone can use the "-q" switch to process the mail queue. to limit that only the root user is allowed to process the mail queue, you must go to "/etc/sendmail. specify "restrictqrun" in the cf "file ".
　　
Edit the "sendmail. cf" file (vi/etc/sendmail. cf) and change the following line:
　　
O PrivacyOptions = authwarnings, noexpn, novrfy, restrictmailq
　　
Changed:
　　
O PrivacyOptions = authwarnings, noexpn, novrfy, restrictmailq, restrictqrun
　　
Any unprivileged user attempts to process the content of the mail queue will receive the following information:
　　
[User @ deep] $/usr/sbin/sendmail-q
　　
You do not have permission to process the queue
　　
7. Set unchangeable bits on important sendmail files
By using the "chattr" command, important Sendmail files are not modified without authorization, which improves system security. A file with the "+ I" attribute cannot be modified: it cannot be deleted or renamed, the link to the file cannot be created, and data cannot be written to the file. Only Super Users can set and clear this attribute.
　　
Set unchangeable bits for the "sendmail. cf" file:
　　
[Root @ deep] # chattr + I/etc/sendmail. cf
　　
Set unchangeable bits for the "sendmail. cw" file:
　　
[Root @ deep] # chattr + I/etc/sendmail. cw
　　
Set unchangeable bits for the "sendmail. mc" file:
　　
[Root @ deep] # chattr + I/etc/sendmail. mc
　　
Set unchangeable bits for the "null. mc" file:
　　
[Root @ deep] # chattr + I/etc/null. mc
　　
Set unchangeable bits for the "aliases" file: