It is my understanding that Sendmail under OpenBSD is configured to only listen on the loopback interface... Hence, it cannot be attacked over the network.
Sincerely, Daniel D. Melameth, MCSE Systems Engineer Morrison, Brown, Argiz and Company Office: [EMAIL PROTECTED] Home: [EMAIL PROTECTED] -----Original Message----- From: Terry Dunlap [mailto:[EMAIL PROTECTED]] Sent: Tuesday, May 14, 2002 11:35 AM To: [EMAIL PROTECTED] Subject: Sendmail Have you ever noticed that OpenBSD and FreeBSD install Sendmail as part of their default installs? I just installed OpenBSD 2.9 today on a test box (I know there are new versions). I was shocked to find Sendmail running on this OS which claims to offer a "secure" default install. Granted, I checked the OpenBSD site regarding their implementation of Sendmail, and they have made some security changes to it. However, given its track record, why is Sendmail a part of the default installs on these *BSD flavors? Why is it part of ANY default install??? -- Terry Dunlap, MCSE Network Security Western Kentucky University 1 Big Red Way, WAB 313 Bowling Green, KY 42101 270.745.6909 rm -f /usr/bin/laden