test

Trusted Solaris Administrator's Procedures

Managing Trusted Solaris Mail Features

In the Trusted Solaris environment, the System Adminstrator role sets up and administers mail servers according to instructions in the Solaris System Administration Guide, Volume 2 and System Administration Guide, Volume 3. In addition, the security administrator determines how Trusted Solaris mail features should be configured. The following sections describe aspects of managing mail that are specific to the Trusted Solaris environment.

.mailrc Is at User's Minimum Label Only

By default, users' .mailrc files are stored only in the SLD at the user's minimum label. Users who work at multiple labels do not have a .mailrc at the higher labels unless they copy or link the .mailrc file to each higher SLD.

The Security Administrator role or the individual user can add the .mailrc file to either .copy_files or .link_files. See updatehome(1M) for a description of .copy_files and .link_files. See "Managing Initialization Files" for more information.

For background about mail aliases, see the Mail Aliases section in "Introduction to Mail Services" in the Solaris System Administration Guide, Volume 3 .

The Solaris Management Console Manages Mail Aliases

Local and name service mail aliases are managed using the Solaris Management Console (SMC) Mailing Lists tool. Depending on the scope of the selected SMC toolbox, an administrator can update the local /etc/aliases file, the mail.aliases NIS map, or the mail_aliases NIS+ table.

Users Cannot Read Email Below Minimum Label

The sendmail.cf file has been extended with Trusted Solaris options to enable the security administrator to customize labeled mail delivery. By default, ADMIN_LOW-labeled mail is upgraded to the recipient's minimum label. Other mail that is labeled below the recipient's minimum label is returned. ADMIN_LOW mail is treated differently from other mail because ADMIN_LOW mail is always sent by a system process to an account (usually an administrative role account) that should see the mail.

The default behavior is shown in the commented-out lines in the sendmail.cf file. 


#O LabelAdminLow=upgrade
#O LabelTooLow=return

The Security Administrator role may change the values for the Trusted Solaris-specific options in the sendmail(1M) configuration file sendmail.cf to be consistent with the site's security policy. A user who is cleared to a particular label, such as CONFIDENTIAL or INTERNAL USE ONLY, should probably not be able to send mail to a user whose minimum label dominates the first user's label, such as SECRET or NEED TO KNOW.

Users Cannot List the Mail Queue

By default, a user is not able to list queued mail sent by other users. The restrictmailq privacy option is set by default in the sendmail.cf file.

Listing of the mail queue is done either by entering the mailq command or the equivalent command, sendmail with the -bp option. These commands are in the Mail Management profile, and show mail only at labels dominated by the calling process.

See "To Permit Users to See the Mail Queue" for how to enable a user on a particular system to list the queue.

dtmail is the Default Mail Application

By default, dtmail is the mail application that is launched from the Mailer subpanel on the Trusted Solaris Front Panel. Trusted Solaris software enables the System Administrator role to substitute an alternate mail application that provides full multilevel mail capabilities.

Without administrative intervention, any user can drag and drop an action for an alternate mail application into the Front Panel and then access the newly-installed mailer at the label of the current workspace. However, since mail monitoring at multiple labels does not occur when an action is installed this way, dragging and dropping by individual accounts of alternate mail actions into the Front Panel is only appropriate at a site using a single label.

Before an alternate mail action can be installed in the front panel, an application must first be defined for the mail application. The example in "To Create a Multilevel Action for the Alternate Mail Application " shows the substitution of the OpenWindows mailtool for Dtmail, even though it is unlikely that this substitution would be made. The example relies on a predefined OpenWindows mailtool action in the /usr/dt/appconfig/types/C/sunOW.dt file as shown below.


ACTION OWmailtool
{
        LABEL           OW Mail Tool
        ICON            OWmailtool
        TYPE            COMMAND
        WINDOW_TYPE     NO_STDIO
        EXEC_STRING     /usr/openwin/bin/mailtool
}

See "To Create a Multilevel Action for the Alternate Mail Application " for creating an alternate Front Panel mail application, and "To Substitute an Alternate Mail Application for All Users " and "To Install an Alternate Mailer in the Front Panel" for different distribution methods.