Sendmail Problems

Alexander Dalloz alexander.dalloz at
Thu Oct 14 17:44:11 UTC 2004

Am Do, den 14.10.2004 schrieb Jonathan Allen um 19:29:

> Thank you for telling everyone.  This is an old system, without much
> working hardware, that has a limited life horizon but needs to stay
> operational for a bit longer.

You posted the hostname yourself first here on the list. Despite that,
hosts connected to the net - especially those 24/7 online - are always
targets for scans and probes from all over the world

> How did you extract that information - presumably by doing a portscan
> or something like it ?

Yes, I did a portscan after a telnet to your SMTP server told be to be
that old Sendmail release which has a lot of severe bugs. And then I
found it is not only the MTA. A portscan is nothing forbidden, just
something like knocking at the doors and checking whether they are open
or locked.

> How would you suggest that I secure as much as I can without doing
> either a system or kernel upgrade ?  Sticking plaster - yes, but
> some unusual configuration stuff has to stay up a bit longer.
> Jonathan

First shut down every service you don't really need. I.e. the wu-ftp
daemon is vulnerable. If you don't need the FTP server switch it off. If
you need an FTP server, then install a new version as a replacement. Do
so with all other services. Yes, - before you ask - it is much work. I
am not quite sure about the kernel running, but would bet it has
security flaws too. Obvious, because Red Hat Linux release 6.0 (Hedwig)
has not security update packages since years. I wonder a bit that this
host is not already "rootkited" - or is it?


Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13
Fedora GNU/Linux Core 2 (Tettnang) kernel 2.6.8-1.521smp 
Serendipity 19:35:34 up 14:47, 16 users, 0.25, 0.35, 0.32 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <>

More information about the fedora-list mailing list