In an earlier posting I made on the Shrike list, I mentioned it is a good idea to turn off mail relaying in sendmail. Someone responded that the default sendmail implementation from Red Hat only listens for connections on the local host, anyhow, so in effect why bother? The best answer to that is that a substitute sendmail.cf file could be inserted to the system maliciously at some point. You should not just assume that sendmail is running with the actual Red Hat defaults, in other words. Substitution of sendmail.cf can be done without disturbing the /etc/mail/sendmail.mc file. Then restart sendmail. Presto! Without quite realizing it, the user's sendmail is listening for connections and is suddenly an open relay. What I do is that if sendmail is active on my system, I always manually edit sendmail.mc, run it through 'make -C /etc/mail', and restart sendmail to use the new sendmail.cf file. That way I know I generated the sendmail.cf file using the options I want (rather than praying the Red Hat defaults are working.) I could go a step further and write a cron script to check the date and times of these files every now and then and email me if they change unexpectedly. So I'm thinking that what would be nice is functionality in both the initscripts and perhaps some other service which runs during normal uptime which checks whether sendmail is installed and if so, whether certain options considered to be high risk are turned on. Bob Cochran
Attachment:
signature.asc
Description: This is a digitally signed message part