RE: [SLUG] mail server.

From: Jeff Barriault (jeffbarr@tampabay.rr.com)
Date: Sat Nov 17 2001 - 16:36:55 EST


I happen to do a bunch of Windows based consulting and am getting really
tired of dealing with problems in IIS and Exchange server. Nimda especially.
I must have cleaned 15 systems at different clients in the last month. Thank
you Microsoft for keeping me in business.

My curiosity about Sendmail, POP3 and IMAP has arisen since I happen to have
a client interested in setting up an internal e-mail system. They are a
small company with about 15 PCs networked together with clients running
Win3.1, Win95, Win98 and Win2K. They had a DSL connection on the Win2K box
using MS Internet Sharing . . . what a freakin mess. I replaced that with a
Linux based firewall distribution called SmoothWall available from
http://www.smoothwall.org. I'm sure they could spend a bunch of money on MS
Exchange licensing fees and I could have them up and running, but I'd like
to offer them an alternative.

I must say that since I've discovered SmoothWall, my views about "free
software" have changed. I never realy thought I could earn any serious
living with free software, but now that I've actually installed SmoothWall
at 5 of my clients' sites, my views are changing. Who knows, maybe my next
client will get sendmail/qmail and imapd/pop3 . . . ?

-----Original Message-----
From: slug@lists.nks.net [mailto:slug@lists.nks.net]On Behalf Of Ronan
Heffernan
Sent: Saturday, November 17, 2001 11:19 PM
To: slug@nks.net
Subject: Re: [SLUG] mail server.

>
>
> The SMTP server is usually a program called "sendmail". This
>is an old program, that is pretty much the UNIX standard around the
>world. Unfortunately, it is also the most commonly exploited port of
>entry for malicious "crackers". I recommend qmail instead.
>

Strong assertion and certainly not true for any sendmail
released within the last 3 years -- I'd choose IIS and Nimda
as the most common port of entry, and Outlook as a close #2;
If restricted to Open Source, the portmap, bind, and lpr hole
is each much worse.

... all ship safe on Red Hat -- dunno on other Linux's

Sorry about forgetting that anyone would use Win32 as an Internet server
(and thus neglecting IIS, Outlook). I was only think UNIX. And no, I
still assert that among UNIX boxen, sendmail is probably the most
exploited service. Relatively few boxes run bind (at most ISPs, you
find 2-3 boxes running DNS, and dozens or hundreds runing HTTP and SMTP
servers). I can't imagine running portmap or lpr on an Internet server
unless you have a very specialized need! I was the sys admin for my
companies servers (external and internal), and we were compromised 3
times in 2 years; at least twice, we basically "proved" that the
crackers came in through sendmail (that's why I switched to qmail).
 "certainly not true for any sendmail released in the last 3 years": I
know that the sendmail people are responsive and fix problems, but has
any four month period gone by in the last three years that didn't see
another compromise/exploit discovered? It is possible to apply patches
to keep one step ahead of the crackers, but it is a lot of work, much of
which is necessitated by sendmail.

Right off the sendmail.org homepage, under the heading NewsFlash:

    * Sendmail 8.12.1 <http://www.sendmail.org/8.12.1.html> is
      available; it fixes a potential local security problem for several
      operating systems.
    * Sendmail 8.11.6 <http://www.sendmail.org/8.11.html> is available;
      it fixes a security problem with command line processing.
    * Sendmail 8.11.0 <http://www.sendmail.org/8.11.0.html> is
      available; it includes support for STARTTLS and SMTP AUTH encryption.
    * An important * security announcement
      <http://www.sendmail.org/sendmail.8.10.1.LINUX-SECURITY.txt>* has
      been released regarding a Linux kernel bug in versions up to 2.2.15.



This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 18:23:20 EDT