On Thu, 2003-02-13 at 17:48, Robert Wideman wrote: > >> As you see, I am looking for a decent HOWTO for the > >> Sendmail included with Mandrake 8.2. If possible, > >> both a "quick setup" HOWTO and a detailed version > >> would be greatly appreciated as I'm trying to get this > >> going ASAP but would like to know more later... > > Mandrake does NOT like sendmail. There are HOWTO's on mandrake secure on > HOWTO for QMail. It is the MOST secure email server out there. There is > even a few thousand dollar reward for any hacks on it. > > Rob >
Qmail is IMO the best email server out there. It's a pleasure to use, and security is never a worry, believe it or not. Dave Sill wrote a good book on this MTA called "Life With Qmail". Vincent Danen is the prime source for qmail rpm's; his site and work have been of incalculable value to anyone that does Qmail for a living. He's a god. ;)) Postfix, on the other hand, has been shown to exhibit some security problems. In the bugtraq archives I have, which date back to Jan 1, 2000, show several security problems that have cropped up, one as close as Jan 15th of this year. However that may be, you can't begin to compare Postfix to Sendmail when you talk about security. Sendmail is a WHOLE nother ball game. Sendmail is probably the WORST possible email server you could concievably install. The problem it has is basically a major design flaw that has never really been addressed, dating almost from the 1970's if I remember correctly, which is that it runs it's whole sack of marbles as root. Although admittedly it's gotten marginally better, over the years the bugtraq mailing list has benefitted from quite a bit of sendmail traffic. It keeps them busy. Example, Nov 28, 2002: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ Mandrake Linux Security Update Advisory ________________________________________________________________________ Package name: sendmail Advisory ID: MDKSA-2002:083 Date: November 28th, 2002 Affected versions: 7.2, 8.0, 8.1, 8.2, 9.0 ________________________________________________________________________ Problem Description: A vulnerability was discovered by zen-parse and Pedram Amini in the sendmail MTA. They found two ways to exploit smrsh, an application intended as a replacement for the sh shell for use with sendmail; the first by inserting specially formatted commands in the ~/.forward file and secondly by calling smrsh directly with special options. These can be exploited to give users with no shell account, or those not permitted to execute certain programs or commands, the ability to bypass these restrictions. ________________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1165 http://www.sendmail.org/smrsh.adv.txt Happy sendmailing. :D LX
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com