Ok, I just cvsup'd and it did not pull down the sources for sendmail 8.13.6
( I might still have misunderstanding of what exactly cvsup does).  Anyway,
I took matters into my own hands, and I was wondering if my procedure would
be considered acceptable by my peers.  So, this is what I did:


1)       pulled down sendmail.8.13.6.tar.gz from sendmail.org.

2)       read FREEBSD-upgrade doc from /usr/src/contrib/sendmail, and found
this info

For the import of sendmail, the following files were removed:












The following directories were renamed:


        sendmail -> src


3)       untared sendmail.8.13.6.tar.gz, and made the exact same changes to
files/folders listed above.  Rename source folder to just 'sendmail'

4)       remove /usr/src/contrib/sendmail.  Replace with my new sendmail
directory that I just downloaded and edited

5)       re-compile sendmail as most all howtos dictate:


# cd /usr/src/lib/libsm

# make obj && make depend && make

# cd /usr/src/lib/libsmutil

# make obj && make depend && make

# cd /usr/src/usr.sbin/sendmail/

# make obj && make depend && make && make install


      6) cd /etc/mail/  do a make all install restart

      7) reboot.


When the system came back up, the sendmail banner tells me its running
8.13.6/8.13.4.  would this mean im upgraded to the latest and am now without
a shadow of a doubt secure against this latest sendmail threat?  Would that
have been an acceptable way to upgrade a production server (and should I do
it again, this time on my production sendmail server)?


Thanks for reading!


freebsd-questions@freebsd.org mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to