On Thu, 2002-09-19 at 10:37, Matthew Moen wrote:
> Sendmail runs as one huge monolithic executable. It is inherently less
> secure than MTA's which have unprivileged processes listening to the
> outside world performing bounds checking and then interacting with
> actual guts of the MTA via a well-defined interface. qmail and Postfix
> both have some incarnation of this latter behavior.
While I don't disagree with your analysis, there are a couple of *musts*
when setting up sendmail.
A) configure relaydomains to relay only for authorized domains.
B) use smrsh (sendmail restricted shell) to do local delivery.
C) use the builtin or a third party plugin's ability to filter mail with
an accepted e-mail "blacklist".
D) Most importantly: chroot sendmail -- not only a great exercise, but
an excellent way to secure a box and potentially your environment. I
believe the Linux Documentation Project has excellent HowTos on
configuring this. BIND is also a great candidate for chroot.
There are a few more which I forget at the moment, but here are a couple
more thoughts:
With the introduction of macros -- the sendmail.mc file, sendmail has
become considerably less cryptic to configure and manage. I highly
recommend O'Reilly's sendmail -- there are some great references to
securing and configuring sendmail.
http://www.oreilly.com/catalog/sendmail2/
I have used sendmail for years now in several environments without
suffering any successful hacks. Patching software is the responsibility
of a diligent Admin and should never be taken lightly -- as is keeping
up with CERT, SANS, etc.
Matt
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 19:47:37 EDT