These classnotes are depreciated. As of 2005, I no longer teach the classes. Notes will remain online for legacy purposes

UNIX03/Sendmail Security

Classnotes | UNIX03 | RecentChanges | Preferences

Most UNIX systems come with Sendmail installed by default. This is because Sendmail is one of the oldest and most well-known MTAs available, and many UNIX grey-beards insist upon using it. Unfortunately, most of them use it because they have blinders on.

Sendmail has certain fundamental design flaws that have only recently begun to be addressed. Traditionally, Sendmail defaults as an open relay, it runs as root, it is very inefficient, has had many security exploits, is prone to several types of debilitating attacks (SMTP flooding being the most common), and it is very difficult to configure.

In addition to these flaws, sendmail does not have any simple way to integrate with a content filtration system yet it provides built-in support for RBLs.

I will not be covering Sendmail in this class because of the many problems associated with it. However, if you really need to use it and cannot replace it with one of the better alternatives, then the book does an excellent job explaining how to better secure it. Find these instructions in pages 176-190.

If you have the option, you really must look into using Postfix as an alternative. You will find that most of the problems encountered when using Sendmail will clear themselves up by simply switching to Postfix.



Classnotes | UNIX03 | RecentChanges | Preferences
This page is read-only | View other revisions
Last edited June 7, 2003 3:14 am (diff)
Search:
(C) Copyright 2003 Samuel Hart
Creative Commons License
This work is licensed under a Creative Commons License.