Checking sendmail.cf file at boot time
Robert L Cochran
cochranb at speakeasy.net
Sat Jul 26 18:11:29 UTC 2003
Spam is one of the biggest problems on the internet. That's why I'm so
interested in MTA's.
I want to play with postfix to see if it is better than sendmail, or at
least easier to use...
Bob
On Sat, 2003-07-26 at 13:52, Joe wrote:
> Robert L Cochran wrote:
>
> >In an earlier posting I made on the Shrike list, I mentioned it is a
> >good idea to turn off mail relaying in sendmail. Someone responded that
> >the default sendmail implementation from Red Hat only listens for
> >connections on the local host, anyhow, so in effect why bother?
> >
> >The best answer to that is that a substitute sendmail.cf file could be
> >inserted to the system maliciously at some point. You should not just
> >assume that sendmail is running with the actual Red Hat defaults, in
> >other words.
> >
> This is theoretically true - but if an attacker has somehow gotten a
> root shell on your box, you have much, much bigger problems than mail
> relaying! Finding out how that happened, and taking measures to stop it
> from happening again are the key.
>
> <snip security checks>
>
> The procedures you list would be considered paranoid by some, but others
> would say that paranoia is the key to security. But if you're going to
> be paranoid, be consistent though - why focus solely on sendmail? There
> are thousands of things you will need to check daily or hourly, and
> sendmail is one of the smaller issues. hacked kernels, kernel modules,
> hacked utilities that mask an intruders presence (rootkits), hacked
> libs, hacked network layer, identity theft, malicious users, denial of
> service attacks, warez sites on your server, physical security, etc, etc.
>
> But on balance, a reasonably up to date redhat box with sensible
> security measures is going to be one very tough nut to crack, for any
> hacker without physical access. anything is possible, but the
> probability of a sensibly managed redhat box getting hacked is quite low.
>
> Joe
>
>
>
> --
> Rhl-beta-list mailing list
> Rhl-beta-list at redhat.com
> http://www.redhat.com/mailman/listinfo/rhl-beta-list
--
Need help with computer hardware or software? I can take care of it in
your home at very reasonable cost.
Bob Cochran
Greenbelt, Maryland, USA
http://www.greenbeltcomputer.biz/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-test-list/attachments/20030726/4b0e02fe/attachment.sig>
More information about the fedora-test-list
mailing list