HPE Community
Operating System - HP-UX
1833875 Members
1795 Online
110063 Solutions
New Discussion

Re: Another Sendmail Question

 
Tom Jackson
Valued Contributor

‎03-10-2003 06:48 AM

‎03-10-2003 06:48 AM

Another Sendmail Question

Hi:

I shutdown sendmail to hopefully avoid the sendmail vulnerability. However, I am still able to send mail from my J6000 to local and remote mail accounts.

Do I still need to worry about the sendmail vulnerability since ssendmail is shutdown?

How come I can still send messages?

Tom
0 Kudos
Reply
9 REPLIES 9
Robin Wakefield
Honored Contributor

‎03-10-2003 06:52 AM

‎03-10-2003 06:52 AM

Re: Another Sendmail Question

Hi Tom,

The sendmail that you've disabled is the listening daemon (together with maybe a queue run timing switch), e.g.

/usr/lib/sendmail -bd -q15m

The ability to send out is not affected by you switching the daemon off, since sendmail can simply be run as a one-off command to "send mail".

rgds, Robin
0 Kudos
Reply
David_246
Trusted Contributor

‎03-10-2003 07:01 AM

‎03-10-2003 07:01 AM

Re: Another Sendmail Question

Hi Tom,

Indeed sendmail can run as a daemon (permanent) to receive incomming emails(connections). But if installed and set your DS in your /etc/mail/sendmail.cf or in /etc/mail/sendmail.cw you are able to send e-mails.
The period sendmail opens a connection is very short to send an e-mail, so security risc, yep sure but very minim.
/usr/lib/sendmail -q will be able to send e-mails at a specific time using cron. So, you take the choise what you want. Remove sendmail, or just minimize the impact.

Regs David
@yourservice
0 Kudos
Reply
Michael Steele_2
Honored Contributor

‎03-10-2003 07:24 AM

‎03-10-2003 07:24 AM

Re: Another Sendmail Question

Could you elaborate about the vulnerability of sending messages via sendmail? Current version address these problems I thought.

Receiving email can be easily enought disabled.

I know about .mailrc or .forward files for example.

But to disable sendmail permanantly edit file /etc/rc.config.d/mailservs file and replace
export SENDMAIL_SERVER=1
with
export SENDMAIL_SERVER=0
Support Fatherhood - Stop Family Law
0 Kudos
Reply
Michael Steele_2
Honored Contributor

‎03-10-2003 07:27 AM

‎03-10-2003 07:27 AM

Re: Another Sendmail Question

PS Use killsm or /sbin/init.d/sendmail stop for the momment.
Support Fatherhood - Stop Family Law
0 Kudos
Reply
Frank Slootweg
Honored Contributor

‎03-11-2003 05:15 AM

‎03-11-2003 05:15 AM

Re: Another Sendmail Question

I am *not* a mail specialist, so take this with a grain of salt, but I have looked into this for our/my own use, and, as far as I know, you *are* vulnerable, even if (unpatched) sendmail is shut down. I don't see why some [.]forward somewhere would not allow your sendmail to be attacked.

*Please* correct me if I am wrong. I would sleep better and so would many others.
0 Kudos
Reply
Tom Jackson
Valued Contributor

‎03-11-2003 05:33 AM

‎03-11-2003 05:33 AM

Re: Another Sendmail Question

Frank:

Thanks for sharing your concern. Since I'm inside a firewall and we don't use sendmail for anything except to mail cron status, I thought shutting down sendmail would prevent the problem from occurring.

One thing I noticed is that I still get my cron status mail messages, but I can't send messages to accounts on the system where sendmail is stopped. I can also send from the system where sendmail is stopped.

Does anyone know when a RELEASED patch will be available? I am reluctant to install the binary fix since some sites are having problems and it hasn't gone through all of its testing.

Are there any other options?

Tom
0 Kudos
Reply
Michael Steele_2
Honored Contributor

‎03-11-2003 05:39 AM

‎03-11-2003 05:39 AM

Re: Another Sendmail Question

Hmmmmm, Frank, can you spell facetious any other way?

Dot files like .forward and .mailrc allow for executables and are subject to hijacking and certainly a security issue, especially if its world readable. /etc/mail/alias is recommended instead.
Support Fatherhood - Stop Family Law
0 Kudos
Reply
W.C. Epperson
Trusted Contributor

‎03-11-2003 05:54 AM

‎03-11-2003 05:54 AM

Re: Another Sendmail Question

Servers which can send outbound via sendmail but not receive inbound are vulnerable, to the extent that someone could transfer an exploit to the machine via FTP (etc) and then send it. You have to evaluate this likelihood, but the threat from the Internet would appear very low.
"I have great faith in fools; self-confidence, my friends call it." --Poe
0 Kudos
Reply
Frank Slootweg
Honored Contributor

‎03-11-2003 05:56 AM

‎03-11-2003 05:56 AM

Re: Another Sendmail Question

M. (Cool name! :-)),

Yes, I know of the dangers of non-safe/closed .forward and .mailrc files, but my point was that even if they *are* safe/closed, they do not (completely) disable *this* (sendmail) vulnerability.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.