A few of perms oddities: * /usr/sbin/sendmail is setgid-root as well as setuid. Is there a reason for this? * Could we o-rx /var/spool/mqueue? * Can we restrict the use of /usr/bin/mailq to root? I fail to understand why people should know who I'm sending email to.
Setting the permissions on mailq won't help if the user can still run 'sendmail -bp'; to change that requires patching sendmail.
Probably true. mailq is just a symlink to sendmail anyway. However, somewhere along the way (none of the Red Hat boxes I have access to run sendmail :-) newaliases, which is also a symlink, got restricted, so it must be doable.
use restrictrunq and restrictmailq to change sendmail I think it is good that any user can check the state of the sendmail configuration, so I don't want to change perms.