cancel
Showing results for 
Search instead for 
Did you mean: 

Hole in Sendmail security

phil cook
Frequent Advisor

Hole in Sendmail security

Hello

My network administrator is using some sniffer software that uses SNMP to access SMTP & sendmail on some of my unix machines - he can then send unsolicited mail anonymously or with bogus sender details. I've tried removing the public community in snmpd.conf but to no avail.

Any ideas how I can tighten this up - basically it means that anybody in the know within my LAN can use any unix node to send anonymous messages of malicious intent.

Help would be much appreciated.

Phil
Do I have to?
2 REPLIES
Ralf Hildebrandt
Valued Contributor

Re: Hole in Sendmail security

Sendmail (or the SMTP protocol in general) offers no means to protect you from users forging email adresses at their will.

It's a problem inherent in the SMTP protocol.

The only thing sendmail (or any MTA like Postfix or qmail) REALLY knows is the IP of the client!

So, based on IP, you can allow or disallow sending.

SNMP has NOTHING to do with this, as well as sniffers. a Simple "telnet mailmachine 25" is all you need to "forge" arbitrary mails.

If you're looking for a more secure and easier to administer replacement for sendmail, investigate www.postfix.org

What is Postfix? It is Wietse Venema's mailer that started life as an alternative to the widely-used Sendmail program.

Postfix attempts to be fast, easy to administer, and secure, while at the same time being sendmail compatible enough to not upset existing users. Thus, the outside has a sendmail-ish flavor, but the inside is completely different.

This software was formerly known as VMailer. It was released by the end of 1998 as the IBM Secure Mailer. From then on it has lived on as Postfix.
Postfix/BIND/Security/IDS/Scanner, you name it...
phil cook
Frequent Advisor

Re: Hole in Sendmail security

Thanks for your advice here Ralf - however I'm pretty reluctant to switch the mail software on all my live machines. Am currently looking into the possibility of configuring sendmail to disallow relaying - i.e only processing mail submitted locally - this does at least mitigate the risk. I think I've managed to do so utilising the /etc/sendmail.cw file (at least on my hpux platforms), unfortunately I have the same problem on my Tru64 platforms but haven't as yet worked out how to implement (different sendmail version)

Rgds

Do I have to?