HPE Community
Operating System - HP-UX
1830899 Members
2514 Online
110017 Solutions
New Discussion

.forward file

 
SOLVED
Go to solution
Philip J. Priest_1
Frequent Advisor

‎08-28-2002 01:04 PM

‎08-28-2002 01:04 PM

.forward file

Any security issues should i be aware of when using a .forward file?

Phil
0 Kudos
Reply
6 REPLIES 6
James R. Ferguson
Acclaimed Contributor

‎08-28-2002 01:07 PM

‎08-28-2002 01:07 PM

Solution

Re: .forward file

Hi Phil:

I'd keep in readable to only its owner. Conferring write privileges could mean that someone could intercept mail that was not destined to him/her.

Regards!

...JRF...
Reply
Sajid_1
Honored Contributor

‎08-28-2002 01:10 PM

‎08-28-2002 01:10 PM

Re: .forward file

Make sure that the world doesn't get write access to the file. Also while configuring .forward file, keep the $HOME directory to permission -755. Sometimes, the forward function does not work if the $HOME directory has a permission other than this. You can always look at the /var/adm/syslog/mail.log file for warnings and errors.

gl,
learn unix ..
Reply
PIYUSH D. PATEL
Honored Contributor

‎08-28-2002 01:14 PM

‎08-28-2002 01:14 PM

Re: .forward file

Hi Phil,

Dont give write permissions to others. Give only read permissions to owner.

Piyush
Reply
Christopher Caldwell
Honored Contributor

‎08-28-2002 01:39 PM

‎08-28-2002 01:39 PM

Re: .forward file

security
consider running sendmail with smrsh (sendmail restricted shell).

.forward can contain programs. users must have a valid shell (defined in /etc/shells) to run programs with a .forward. Consider giving users that don't need to run programs with .forward a shell that's not defined in /etc/shells.

make sure the group and other directory write permissions in the path to the .forward file are not set -- [if you're running sendmail >= sendmail 8.9]

don't use
ODontBlameSendmail=forwardfileinunsafedirpath,forwardfileinunsafedirpathsafe

operational
Depending on your set up, .forward can be more expensive for delivery than virusertable or aliases.
Reply
Jochen Sprick
Occasional Visitor

‎08-29-2002 07:26 PM

‎08-29-2002 07:26 PM

Re: .forward file

An issue overlooked by the other techies: you certainly should we aware of the security issue of having the CONTENTS of your mail eventually routed over the public internet and thereby read on the internet.
Having your company mails being routed to your home account is nice, but be aware that there may be confidential contents in your company mail.
0 Kudos
Reply
Bill Thorsteinson
Honored Contributor

‎08-30-2002 05:19 AM

‎08-30-2002 05:19 AM

Re: .forward file

Don't allow group or world
write access to any directories
in the tree. Some versions od sendmail will verify this and
refuse to forward.

Check the man page for aliases.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.