1. Manuals
  2. Brands
  3. HP Manuals
  4. Software
  5. UX Bastille
  6. User manual

HP UX Bastille User Manual page 61

Version b.3.3
Hide thumbs
Table of Contents

Advertisement

NOTE:
connections.
NOTE:
Actions
Set a cron job to run /usr/sbin/sendmail -q every 15 minutes.
Sendmail.sendmaildaemon
Headline
Stop sendmail from running in daemon mode.
Default
Y
Description
To send and receive mail, sendmail does not need to be running in daemon
mode. Unless you have a constant network connection, you cannot run
sendmail in daemon mode. Daemon mode means that sendmail is
constantly listening on a network connection waiting to receive mail. If you
disable daemon mode, HP-UX Bastille asks if you would like to run sendmail
every few minutes to process the queue of outgoing mail. Most programs send
mail immediately, and processing the queue takes care of transient errors. If
you receive all of your email through a POP/IMAP mailbox provided by your
ISP, you may not need daemon-mode sendmail, unless you run a special
fetchmail-style POP/IMAP-based retrieval program. For example, if you read
your mail with the Netscape common POP/IMAP read functionality, turn
daemon mode off. The only reason to run sendmail in daemon mode is if
you run a mail server.
Actions
In the /etc/rc.config.d/mailservs file, set SENDMAIL_SERVER=0.
Sendmail.vrfyexpn
Headline
Disable the VRFY and EXPN sendmail commands.
Default
Y
Description
An attacker can use the sendmail vrfy (verify recipient existence) and expn
(expand recipient alias/list contents) commands to learn more about accounts
on the system. For example, the expn command can be used to find out where
the postmaster and abuse aliases are redirected. This identifies which user
account belongs to the system administrator. These sendmail commands
can be disabled without breaking anything and make the system cracker's job
more difficult. The only reasons to leave them on are because you run an
old-fashioned friendly site, you use them to debug your own mail server, or
some software you use relies on this.
Actions
In the sendmail configuration file /etc/mail/sendmail.cf, append the
O PrivacyOptions=goaway line.
While processing the mail queue, sendmail does not accept inbound
The 15 minute interval can be changed later. See crontab(1).
61

Advertisement

Table of Contents
loading

Related Manuals for HP UX Bastille

Related Products for HP UX Bastille

This manual is also suitable for:

Ux bastille b.3.3

Table of Contents