It is my understanding that Sendmail under OpenBSD is configured
to only listen on the loopback interface... Hence, it cannot be
attacked over the network.
Sincerely,
Daniel D. Melameth, MCSE
Systems Engineer
Morrison, Brown, Argiz and Company
Office: [EMAIL PROTECTED]
Home: [EMAIL PROTECTED]
-----Original Message-----
From: Terry Dunlap [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, May 14, 2002 11:35 AM
To: [EMAIL PROTECTED]
Subject: Sendmail
Have you ever noticed that OpenBSD and FreeBSD install Sendmail as part
of their default installs? I just installed OpenBSD 2.9 today on a test
box (I know there are new versions). I was shocked to find Sendmail
running on this OS which claims to offer a "secure" default install.
Granted, I checked the OpenBSD site regarding their implementation of
Sendmail, and they have made some security changes to it. However, given
its track record, why is Sendmail a part of the default installs on
these *BSD flavors? Why is it part of ANY default install???
--
Terry Dunlap, MCSE
Network Security
Western Kentucky University
1 Big Red Way, WAB 313
Bowling Green, KY 42101
270.745.6909
rm -f /usr/bin/laden
