Spam is one of the biggest problems on the internet. That's why I'm so interested in MTA's. I want to play with postfix to see if it is better than sendmail, or at least easier to use... Bob On Sat, 2003-07-26 at 13:52, Joe wrote: > Robert L Cochran wrote: > > >In an earlier posting I made on the Shrike list, I mentioned it is a > >good idea to turn off mail relaying in sendmail. Someone responded that > >the default sendmail implementation from Red Hat only listens for > >connections on the local host, anyhow, so in effect why bother? > > > >The best answer to that is that a substitute sendmail.cf file could be > >inserted to the system maliciously at some point. You should not just > >assume that sendmail is running with the actual Red Hat defaults, in > >other words. > > > This is theoretically true - but if an attacker has somehow gotten a > root shell on your box, you have much, much bigger problems than mail > relaying! Finding out how that happened, and taking measures to stop it > from happening again are the key. > > <snip security checks> > > The procedures you list would be considered paranoid by some, but others > would say that paranoia is the key to security. But if you're going to > be paranoid, be consistent though - why focus solely on sendmail? There > are thousands of things you will need to check daily or hourly, and > sendmail is one of the smaller issues. hacked kernels, kernel modules, > hacked utilities that mask an intruders presence (rootkits), hacked > libs, hacked network layer, identity theft, malicious users, denial of > service attacks, warez sites on your server, physical security, etc, etc. > > But on balance, a reasonably up to date redhat box with sensible > security measures is going to be one very tough nut to crack, for any > hacker without physical access. anything is possible, but the > probability of a sensibly managed redhat box getting hacked is quite low. > > Joe > > > > -- > Rhl-beta-list mailing list > Rhl-beta-list redhat com > http://www.redhat.com/mailman/listinfo/rhl-beta-list -- Need help with computer hardware or software? I can take care of it in your home at very reasonable cost. Bob Cochran Greenbelt, Maryland, USA http://www.greenbeltcomputer.biz/
Attachment:
signature.asc
Description: This is a digitally signed message part