MTA: Sendmail

Table of Contents

Configuration
SMTP authentification
SSL configuration
Protecting daemon accounts

Protecting daemon accounts

by ross at 07:22:48 on October 28, 2011

There are system accounts that should not receive mail. They usually have a UID number between 1 and 999. For example, daemon or operator accounts.

There is a way to protect these accounts:

Edit /etc/mail/YOUR-HOSTNAME.cf:

FEATURE(`access_db')

Rebuild config files and restart sendmail:

# cd /etc/mail
# make cf
# make install
# make restart

Here is a simple one-liner to fill the file (this is a single line):

# >pw usershow -a | awk -F: -vOFS= '{ if ($3 != 0 && $3 < 1000) 
 print $1,"@\t\t\tERROR:\"550 This account does not accept or read mail\"" }'

Example output:

daemon@                 ERROR:"550 This account does not accept or read mail"
operator@                       ERROR:"550 This account does not accept or read mail"
bin@                    ERROR:"550 This account does not accept or read mail"
tty@                    ERROR:"550 This account does not accept or read mail"
kmem@                   ERROR:"550 This account does not accept or read mail"
games@                  ERROR:"550 This account does not accept or read mail"
news@                   ERROR:"550 This account does not accept or read mail"
man@                    ERROR:"550 This account does not accept or read mail"
sshd@                   ERROR:"550 This account does not accept or read mail"
smmsp@                  ERROR:"550 This account does not accept or read mail"
mailnull@                       ERROR:"550 This account does not accept or read mail"
bind@                   ERROR:"550 This account does not accept or read mail"
proxy@                  ERROR:"550 This account does not accept or read mail"
_pflogd@                        ERROR:"550 This account does not accept or read mail"
_dhcp@                  ERROR:"550 This account does not accept or read mail"
uucp@                   ERROR:"550 This account does not accept or read mail"
pop@                    ERROR:"550 This account does not accept or read mail"
www@                    ERROR:"550 This account does not accept or read mail"
squid@                  ERROR:"550 This account does not accept or read mail"
logcheck@                       ERROR:"550 This account does not accept or read mail"
mysql@                  ERROR:"550 This account does not accept or read mail"
ldap@                   ERROR:"550 This account does not accept or read mail"
cyrus@                  ERROR:"550 This account does not accept or read mail"
courier@                        ERROR:"550 This account does not accept or read mail"
clamav@                 ERROR:"550 This account does not accept or read mail"
postfix@                        ERROR:"550 This account does not accept or read mail"

Add the output to /etc/mail/access file and then:

# cd /etc/mail
# make maps

 

Comments