[BlueOnyx:25775] Re: Suggestion for sendmail config change

[Michael Stauber]

Hi Dirk,

> what do you think about setting the statement for confPRIVACY_FLAGS in 
> sendmail.cf to „goaway“?
> 
> This could prevent sendmail from probing whether certain users exist on 
> the system or not.

My first reaction to your question was thinking: "We don't need 'goaway' 
for that, because we set 'novrfy' and 'noxpn' individually and that 
covers it already."

But before saying something dumb I decided to check if our sendmail.mc 
has what I thought it should have.

The constructor 
/usr/sausalito/constructor/base/email/syncEmailService.pl and the 
handler /usr/sausalito/handlers/base/email/system.pl modify sendmail.mc 
(and rebuild sendmail.cf) and they're *supposed* to set the 
confPRIVACY_FLAGS ...

	novrfy noexpn authwarnings

But what they in fact did? It was setting this:

	noexpn noexpn authwarnings

So my reaction on seeing that: /facepalm

I just published updated base-email RPMs for BlueOnyx 5209R, 5210R and 
5211R which set the following confPRIVACY_FLAGS (just to be pretty strict):

	goaway,authwarnings,novrfy,noexpn,noreceipts,restrictqrun

This is slightly redundant, as 'goaway' already covers some of this. But 
let's do it right this time around.

Code changes in SVN:

https://devel.blueonyx.it/trac/changeset?reponame=&new=4428%40%2F&old=4423%40%2F

Many thanks for bringing this to my attention.

-- 
With best regards

Michael Stauber