Classnotes | UNIX02 | RecentChanges | Preferences We will not be covering Sendmail extensively. However, since you will likely have to use Sendmail at some point in your Unix career, it would a disservice to not at least expose you to it.
Sendmail V5 was written by Eric Allman in 1983. One branch was enhanced by Lennart Lovstrand in 1987 and was called IDA Sendmail. Later, IDA was enhanced by Paul Vixie during 1989-1993, and was called King James Sendmail (KJS). Many of IDA and KJS enhancements made there way into Eric's major rewrite of Sendmail in 1993.
Most of Sendmail's inherent problems are really due to it's age rather than it's design. Sendmail was developed during a time when the internet was a twinkle in the eye of the Arpanet and when the only people sending mail were considered very "trusted". Sendmail ran as root, was an open relay by default, and rarely needed to be very efficient.
As the internet has grown and "less desirables" have arrived, Sendmail allowed for many exploits. From it's default "open relay" being abused by spammers, to it's various root exploits, Sendmail can be a very vulnerable part of your system.
Sendmail can be made quite secure, but you will have to work at it. The default Sendmail configuration for Red Hat, SuSE and others will be geared towards "popping-in" the server on your network and things "just working". However, this same configuration will likely leave you open for attack.
While I personally would recommend replacing Sendmail with Postfix (especially since Postfix is a drop-in replacement for Sendmail), that might not always be an option. So let's spend some time learning the in's and out's of Sendmail, and see some pitfalls that you may encounter.