As shipped, sendmail is configured to use procmail as the local delivery
agent. It is also configured to use the sendmail restricted shell, smrsh,
for program deliveries.
Configuring smrsh when procmail is the LDA is pointless. Any restrictions
that are set up with smrsh as to what programs users can run from their
.forward files can easily be circumvented with a .procmailrc as simple as
As long as procmail is the LDA, configuring sendmail to use smrsh is
nothing but an annoyance and cause for confusion for people not familiar
Providing smrsh allows to change the configuration to a more restrictive one
than shipped by default with Red Hat Linux. I think the current setup is ok,
but agree that this point could be added to some Red Hat README about sendmail.
Thanks for this report,
Florian La Roche
I'm not saying that smrsh shouldn't be provided, just that the default
sendmail.cf should not use smrsh since procmail is also used. This can
be confusing and misleading (some may think that have more security than
they really do since smrsh is rendered useless by procmail).
Commit pushed to master at https://github.com/openshift/origin
UPSTREAM: 44760: Fix issue #44757: Flaky Test_AttachDetachControllerRecovery