Hi. all
I had one response.
There is something wrong asking question.
My original question is "outgoing mail" with multiple hostname.
I modified "sendmail_wrapper.c" by my needs.
refer the attached source.
----------------------> my original question <------------------------
Hi. all.
i have one question. (sorry for only asking...)
Some host has multiple hostname.
eg) 192.0.2.1 (some1.co.kr, some2.or.kr)
There are two group of users. UID 100: for internal usage. (group1)
UID 300: for external usage. (group2)
Group1 and Group2 will be seperated for some day. But currently
located in same hosts for the time being.
How to seperate group's email address.
thanks in advance.
----------------------> modified source <--------------------------------
This program uses multiple sendmail.cf by condition.
Please, examine "***** modified part *****".
/*
** sendmail_wrapper.c - wrap sendmail to prevent newlines in command line
** and clean up the environment.
**
** - v1.2 prevent exploitation of '-oR' on SunOS 4.1.x
** - v1.3 update installation instructions
** - v1.4 Parse options for SunOS sendmail to prevent
** shell characters being passed to popen
** - v1.5 Stop core dumps if someone supplies silly args
** - v1.6 Protect against possible syslog() buffer overrun
** Update installation instructions
**
** Modified: Jaeho Yang
** I.NET Technologies, Inc.
**
** Authors: Eric Halil, Danny Smith
** AUSCERT
** c/o Prentice Centre
** The University of Queensland
** Qld. 4072.
** Australia
** auscert@auscert.org.au
**
** Disclaimer: The use of this program is at your own risk. It is
** designed to combat a particular vulnerability, and may
** not combat other vulnerabilities, either past or future.
** The decision to use this program is yours, as are the
** consequences of its use.
**
** This program is designed to be an interim relief measure
** until appropriate patches can be obtained from your vendor.
**
** Installation instructions
** =========================
**
** 1. su to root.
**
** 2. Determine the location of sendmail. On SunOS and Ultrix
** systems, it is located in the /usr/lib directory. On BSDI
** systems, it is located in the /usr/sbin directory. For example
** purposes only, /usr/lib will be used in the following instructions
** steps.
**
** 3. Copy the sendmail program to sendmail.real. Change the permissions
** on the copy of sendmail.
**
** # cd /usr/lib
** # cp sendmail sendmail.real
** # chmod 0700 sendmail.real
**
** However, if the /usr file system is NFS-mounted by diskless or
** dataless NFS clients, you must allow non-root execution:
**
** # chmod 0711 sendmail.real
**
** 4. Determine the permissions, owner, and group of sendmail. This
** information will be used later.
**
** For BSD users:
** # ls -lg sendmail
** For System V users:
** # ls -l sendmail
**
** 5. Edit this wrapper program and define REAL_SENDMAIL. By default,
** REAL_SENDMAIL is defined as "/usr/lib/sendmail.real".
**
** 6. Compile this program in a directory other than /usr/lib. For
** example to use /tmp, first copy this file into /tmp.
**
** # cd /tmp
** # cc -O -o sendmail sendmail_inet.c
**
** 7. Kill the sendmail daemon.
**
** For SunOS and Ultrix:
** # kill -9 `head -1 /etc/sendmail.pid`
** # /usr/lib/sendmail -bd -q1h
**
** For BSDI:
** # kill -9 `head -1 /var/run/sendmail.pid`
** # /usr/sbin/sendmail -bd -q1h
**
** 8. Kill all running sendmail processes.
**
** Follow your vendor's guidelines or use the following commands.
**
** For BSD based systems:
** # ps -auxw | grep sendmail | grep -v grep
** # kill -9 (process id numbers)
**
** For System V based systems:
** # ps -ef | grep sendmail | grep -v grep
** # kill -9 (process id numbers)
**
** 9. Copy this new wrapper program into the directory containing sendmail.
** Make sure this directory and its parent directories are protected so
** only root is able to make changes to files in the directory. This
** will replace the existing sendmail. The following steps should be
** executed quickly.
**
** Users will not be able to send e-mail during the time when the
** wrapper is copied into place until the chmod command has been
** executed. Use the information from step #4 and set the permissions
** owner, and group of the new sendmail. For example:
**
** # cp sendmail /usr/lib/sendmail
** # cd /usr/lib
** # chown root sendmail
** # chgrp wheel sendmail
** # chmod 4511 sendmail
**
** 10. Restart the sendmail daemon.
**
** Follow your vendor's guidelines or use the following command.
**
** # /usr/lib/sendmail -bd -q1h
**
** 11. Test that mail still works.
**
*/
static char Version[] = "sendmail_wrapper V1.6 22-Sep-1995";
#include <stdio.h>
#ifdef sun
#include <syslog.h>
static char ok_chars[] = "1234567890!@%-_=+:,./\
abcdefghijklmnopqrstuvwxyz\
ABCDEFGHIJKLMNOPQRSTUVWXYZ";
#endif
/*
** REAL_SENDMAIL needs to be defined using the full pathname
** of the real sendmail. A few known locations have been defined.
*/
#ifdef sun
#define REAL_SENDMAIL "/usr/lib/sendmail.real"
#endif
#ifdef ultrix
#define REAL_SENDMAIL "/usr/lib/sendmail.real"
#endif
#if defined (__bsdi__) || defined(__386BSD__) || defined(__FreeBSD__) || defined(__NetBSD__)
#define REAL_SENDMAIL "/usr/sbin/sendmail.real"
#endif
#ifdef INET
char **cargv;
char **cenvp;
#endif
int main( argc, argv, envp)
int argc;
char *argv[];
char *envp[];
{
char *cp;
int i;
int j;
int status;
cargv = (char **) malloc ((argc+2) * sizeof(char *));
cargv[0] = (char *) malloc (strlen(argv[0])+1);
strcpy(cargv[0], argv[0]);
for (i = 1; i < argc; i++) {
cargv[i+1] = (char *) malloc (strlen(argv[i])+1);
strcpy(cargv[i+1], argv[i]);
}
cargv[i+1] = NULL;
/************************* modified part *****************************/
if (getgid() == 100) { /* 100 */
cargv[1] = (char *) malloc(strlen("-C/etc/mail/sendmail.co.cf")+1);
strcpy(cargv[1], "-C/etc/mail/sendmail.co.cf");
} else { /* 300 */
cargv[1] = (char *) malloc(strlen("-C/etc/mail/sendmail.or.cf")+1);
strcpy(cargv[1], "-C/etc/mail/sendmail.or.cf");
}
argc++;
/************************* modified part *****************************/
/*
** Ensure that there are no newlines in the arguments
*/
for ( i = 1; i < argc; i++)
{
#ifdef sun
if ( ( strncmp( cargv[ i], "-f", 2) == 0) ||
( strncmp( cargv[ i], "-r", 2) == 0))
{
if ( strlen( cargv[ i]) > 2)
{
cp = cargv[ i] + 2;
}
else
{
if ( ( i + 1) >= argc)
{
break;
}
cp = cargv[ i + 1];
}
if ( strspn( cp, ok_chars) < strlen( cp))
{
syslog( LOG_MAIL | LOG_ERR, "Possible SunOS sendmail attack specifying '-%c %.20s' by uid %d\n",
cargv[ i][ 1], cp, getuid());
exit( 1);
}
}
#endif
for ( cp = cargv[ i]; *cp != '\0'; cp++)
{
if ( ( *cp == '\r') || ( *cp == '\n'))
{
*cp = ' ';
}
}
}
/*
** While we are at it, let's clean up the environment
** Remove LD_*, IFS, and PATH environment variables before execing
*/
i = 0;
while( envp[ i] != NULL)
{
if ( strncmp( envp[ i], "LD_", 3) == 0)
{
j = i;
while ( envp[ j] != NULL)
{
envp[ j] = envp[ j + 1];
j++;
}
continue;
}
if ( strncmp( envp[ i], "IFS=", 4) == 0)
{
j = i;
while ( envp[ j] != NULL)
{
envp[ j] = envp[ j + 1];
j++;
}
continue;
}
if ( strncmp( envp[ i], "PATH=", 5) == 0)
{
j = i;
while ( envp[ j] != NULL)
{
envp[ j] = envp[ j + 1];
j++;
}
continue;
}
/*
** Now check for newlines in environment variables
*/
for ( cp = envp[ i]; *cp != '\0'; cp++)
{
if ( ( *cp == '\r') || ( *cp == '\n'))
{
*cp = ' ';
}
}
/*
** next environment variable
*/
i++;
}
/*
** exec the real sendmail now
*/
status = execve( REAL_SENDMAIL, cargv, envp);
perror( "execve sendmail");
return( status);
}
***********************************************************************
-- Yang, Jaeho I*NET Techologies, Inc. Leading Edge of Internet Service Provider At Korea E-Mail: jhyang@nuri.net TEL: +82-2-538-6941 FAX: +82-2-538-6942 URL: Jaeho's Home Page <p>
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:10:34 CDT