-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 When you are installing or upgrading sendmail - please note these. Redhat linux users: ftp://admin.netus.com/sendmail/ has sendmail 8.9.3 rpms you might like to try out. Last update 27 March 1999: "pop-before- smtp with a DUL map fallthrough from the poprelay ed map". Linuxconf users beware! - Linuxconf was found to be generating faulty (old) check_rcpt tables as recently as 20 July 1999. Make sure your version is newer than this before using it to generate sendmail.cf files. If you are uncomfortable with M4 scripting, WIDE in Japan have a .cf generator which may be useful. It can be downloaded from ftp://ftp.jpcert.or.jp/pub/security/tools/CF/ Sendmail 8.8 is effectively unsupported and there are probably more relaying holes lurking in it. Update to 8.9.3. If you stick with sendmail 8.8.8 then I'd advise that you see this site - (print it out and stick it on your wall - it's vital) http://www.sendmail.org/~ca/email/check.html (by Claus Assmann). Sendmail 8.9.0 & 8.9.1 can be attacked using the : pathing control character in the RCPT TO:<> header. Update to 8.9.3 NOTE: When upgrading sendmail to secure versions: Always generate a new sendmail.cf - continuing to use the sendmail.cf from a previous version which had a relaying vulnerability will usually result in that relaying vulnerability not being fixed. Hope this helps. If you have any questions about other MTAs - specifically NT based MTAs if you people use them - then please mail me. - ---s -----BEGIN PGP SIGNATURE----- Version: PGP 6.0.2 -- QDPGP 2.60 iQA/AwUBOBIdypqQidQMDLaoEQL3SgCg2gOBSXN0mE7WeUNz8SWfCVaUG8AAoKBJ d0OURrsT6mmAlA2VPrVXOtcC =cHRc -----END PGP SIGNATURE----- Smeagol Gollum | [EMAIL PROTECTED] | (aka) Suresh R. http://www.kcircle.com | http://www.angen.net/~pegasus/ Phone: +(91-40)3736553/3745398 | eFax: +(1-603)590-5437 You know you are an X-Phile when: You steal your neighbor's newpaper every morning for an entire week- just to cut out the Calvin and Hobbes comic, and replace it on their doorstep as if nothing had happened. If you are caught, just blame the little green men who performed brain surgery on you yesterday -------------------------------------------------------------------- The Linux India Mailing List Archives are now available. Please search the archive at http://lists.linux-india.org/ before posting your question to avoid repetition and save bandwidth.
