Go to main content

Trusted Extensions Configuration and Administration

Exit Print View

Updated: November 2020

Trusted Extensions Mail Features

In Trusted Extensions, the System Administrator role sets up and administers mail servers according to instructions in Managing sendmail Services in Oracle Solaris 11.4. In addition, the security administrator determines how Trusted Extensions mail features need to be configured.

    The following aspects of managing mail are specific to Trusted Extensions:

  • The user's local configuration file, such as .mailrc, is at the user's minimum label.

    Therefore, users who work at multiple labels do not have a .mailrc file at the higher labels, unless they copy or link the .mailrc file in their minimum-label directory to each higher directory.

    The Security Administrator role or the individual user can add the .mailrc file to either .copy_files or .link_files. For a description of these files, see the updatehome(1) man page. For configuration suggestions, see .copy_files and .link_files Files.

  • Your mail reader can run at every label on a system. Some configuration is required to connect a mail client to the server.

    For example, to use Thunderbird mail for multilevel mail requires that you configure a Thunderbird mail client at each label to specify the mail server. The mail server could be the same or different for each label, but the server must be specified.

  • Trusted Extensions software checks host and user labels before sending or forwarding mail.

    • The software checks that the mail is within the accreditation range of the host. The checks are described in this list and in Trusted Extensions Accreditation Checks.

    • The software checks that the mail is between the account's clearance and minimum label.

    • Users can read email that is received within their accreditation range. During a session, users can read mail only at their current label.

      To contact regular user by email, an administrative role must send mail from a workspace that is at a label that the user can read. The user's default label is usually a good choice.