[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

[LI] tips on secure config. of sendmail

To: Linux India <linux-india@xxxxxxxxxxxxxxxxxxxxx>
Subject: [LI] tips on secure config. of sendmail
From: "Smeagol Gollum" <smeagol@xxxxxxxxxxxx>
Date: Sun, 24 Oct 1999 07:42:50 +0530
Organization: KCircle [ http://www.kcircle.com ]
Reply-to: linux-india
Sender: owner-linux-india@xxxxxxxxxxxxxxxxxxxxx

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

When you are installing or upgrading sendmail - please note these.

Redhat linux users: ftp://admin.netus.com/sendmail/ has sendmail 
8.9.3 rpms you might like to try out. Last update 27 March 1999: 
"pop-before- smtp with a DUL map fallthrough from the poprelay ed 
map".  

Linuxconf users beware! - Linuxconf was found to be generating 
faulty (old) check_rcpt tables as recently as 20 July 1999. Make 
sure your version is newer than this before using it to generate 
sendmail.cf files.  

If you are uncomfortable with M4 scripting, WIDE in Japan have a 
.cf generator which may be useful. It can be downloaded from 
ftp://ftp.jpcert.or.jp/pub/security/tools/CF/  

Sendmail 8.8 is effectively unsupported and there are probably 
more relaying holes lurking in it. Update to 8.9.3.  If you stick with 
sendmail 8.8.8 then I'd advise that you see this site -  (print it out 
and stick it on your wall - it's vital)   

http://www.sendmail.org/~ca/email/check.html (by Claus 
Assmann). 

Sendmail 8.9.0 & 8.9.1 can be attacked using the : pathing control
character in the RCPT TO:<> header.  Update to 8.9.3 

NOTE:

When upgrading sendmail to secure versions: Always generate a 
new sendmail.cf - continuing to use the sendmail.cf from a previous 
version which had a relaying vulnerability will usually result in that 
relaying vulnerability not being fixed.   

Hope this helps.  If you have any questions about other MTAs - 
specifically NT based MTAs if you people use them - then please 
mail me.

- ---s


-----BEGIN PGP SIGNATURE-----
Version: PGP 6.0.2 -- QDPGP 2.60 

iQA/AwUBOBIdypqQidQMDLaoEQL3SgCg2gOBSXN0mE7WeUNz8SWfCVaUG8AAoKBJ
d0OURrsT6mmAlA2VPrVXOtcC
=cHRc
-----END PGP SIGNATURE-----

Smeagol Gollum | Smeagol@xxxxxxxxxxxx | (aka) Suresh R.
http://www.kcircle.com | http://www.angen.net/~pegasus/
Phone: +(91-40)3736553/3745398 | eFax: +(1-603)590-5437
You know you are an X-Phile when:
   You steal your neighbor's newpaper every morning for an entire week-  
   just to cut out the Calvin and Hobbes comic, and replace it on their  
   doorstep as if nothing had happened.  If you are caught, just blame  
   the little green men who performed brain surgery on you yesterday 

--------------------------------------------------------------------
The Linux India Mailing List Archives are now available.  Please search
the archive at http://lists.linux-india.org/ before posting your question
to avoid repetition and save bandwidth.

Prev by Subject: Re: [LI] Threads
Next by Subject: [LI] trident + Xserver
Previous by thread: re: [LI] Qmail won't send mail
Next by thread: [LI] HALT by a user
Index(es):
- Subject
- Thread