Article 13940 at 08/09/12 02:40:23 From: bq (at mark) solarspeed.net Subject: [coba-e:13940] Re: sendmail question

Index: [Article Count Order] [Thread]
Date:  Thu, 11 Sep 2008 19:40:05 +0200
From:  Michael Stauber <bq (at mark) solarspeed.net>
Subject:  [coba-e:13940] Re: sendmail question
To:  coba-e (at mark) bluequartz.org
Message-Id:  <200809111940.06521.bq (at mark) solarspeed.net>
In-Reply-To:  <E5C929FC6F6D43418DA3535FF12FD4EF@OfficeKen>
References:  <VPOP31.5.0l.20080910182828.510.2d7f.1.505a6688 (at mark) t1.tec1.net> <134F219B440745488A75A81FF9B1BBA9 (at mark) TikKlikPC11> <E5C929FC6F6D43418DA3535FF12FD4EF (at mark) OfficeKen>
X-Mail-Count: 13940

Hi Ken,

> Does anyone know if there would be a problem setting this in the
> sendmail.cf PrivacyOptions as below:
>
> O PrivacyOptions=goaway
>
>
> The default setting is:
> O PrivacyOptions=needmailhelo needexpnhelo noexpn needvrfyhelo noreceipts
> authwarnings noetrn noverb
>
>
> So, I think all the  goaway  option  adds in the  novrfy
> One of the Security Scanner companies our customers use would like us to
> set it this way.
>
> Is there a reason to not do this?

See:
http://www.unix.com.ua/orelly/other/Sendmail_3rd/1565928393_ch24-91368.html#ch24-77194

------------------------------------------------------------------------------
PrivacyOptions=goaway

This is a shorthand way to set authwarnings, noexpn, novrfy, noverb, 
needmailhelo, needexpnhelo, needvrfyhelo, and nobodyreturn. 
------------------------------------------------------------------------------

That is indeed quite useful, as it's strictly locking down what Sendmail will 
do. Especially dissalowing verify is a good procedure. Otherwise people can 
use "verify" to find out what users you have on a box and then SPAM them all 
in one go. Which is not that uncommon.

So yeah, I would recommend to put it in and give it a try.

-- 
With best regards,

Michael Stauber