The following sets of configuration guidelines are broad enough to address basic elements of mail. Specific configuration steps can also be found in the help or man pages, of course. Additional in-depth resources for secure configuration can be found at NIST as well (http://csrc.nist.gov/publications/nistpubs/800-45/sp800-45.pdf).
- Ensure that the most up-to-date version and patches are running.
- Disable mail relaying.
- Ensure that VRFY and EXPN are disabled.
- Limit Sendmail program execution by using a tool such as smrsh.
- Disable daemon mode on client hosts.
- Limit file transfer size.
- Limit what IP addresses can connect.
- Restrict those who can send mail (on Windows this can be defined in the Group profile).
- Disable automatically relaying to noninternal addresses to prevent mail rules from forwarding potentially sensitive data.
