[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Checking sendmail.cf file at boot time



In an earlier posting I made on the Shrike list, I mentioned it is a
good idea to turn off mail relaying in sendmail. Someone responded that
the default sendmail implementation from Red Hat only listens for
connections on the local host, anyhow, so in effect why bother? 

The best answer to that is that a substitute sendmail.cf file could be
inserted to the system maliciously at some point. You should not just
assume that sendmail is running with the actual Red Hat defaults, in
other words. 

Substitution of sendmail.cf can be done without disturbing the
/etc/mail/sendmail.mc file. Then restart sendmail. Presto! Without quite
realizing it, the user's sendmail is listening for connections and is
suddenly an open relay.

What I do is that if sendmail is active on my system, I always manually
edit sendmail.mc, run it through 'make -C /etc/mail', and restart
sendmail to use the new sendmail.cf file. That way I know I generated
the sendmail.cf file using the options I want (rather than praying the
Red Hat defaults are working.) I could go a step further and write a
cron script to check the date and times of these files every now and
then and email me if they change unexpectedly.

So I'm thinking that what would be nice is functionality in both the
initscripts and perhaps some other service which runs during normal
uptime which checks whether sendmail is installed and if so, whether
certain options considered to be high risk are turned on. 

Bob Cochran



Attachment: signature.asc
Description: This is a digitally signed message part


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]