Date: Wed, 17 Dec 1997 10:14:17 -0500 From: Nicholas Merrill <lists@mojo.calyx.net> To: freebsd-questions@freebsd.org Subject: Re: Sendmail HYPER-SECURITY Message-ID: <199712171514.HAA17149@hub.freebsd.org> In-Reply-To: <3497B58E.7A97@barcode.co.il> References: <19971217091842.5156.rocketmail@send1a.yahoomail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
At 01:20 PM 12/17/97 +0200, you wrote: >Charlie Roots wrote: >> I understand that Sendmail was, once, a major security hole by which >> attackers and hackers used to get the password file, and to obtain >> unauthorized root access priviledges, and I also understand that >> RECENT versions of sendmail has attacked the attackers by being more >> secure than ever. Then Nadav replied: >This is abit out of the point, but still... Instead of relying on >sendmail's security you may choose to use the TIS fwtk's smap+smapd >combination (it's in the ports). I've been using them for over a year >and they work great. What it does is provide you with a small smtp >"stub" (smap) that's only smart enough so that your party will believe >it's a mailer. It then saves whatever comes in in a file and a daemon >(smspd) passes it over to sendmail. The advantage - there is *no* >outside access to sendmail at all! This make me feel safe enough not to >try and fill all possible security gaps inside sendmail, running it in a >pretty much generic configuration. That's one way to handle it. Or you could also look into running qmail (www.qmail.org) which is more secure to begin with. Nick
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199712171514.HAA17149>