On Monday, there was a fairly widely distributed announcement that a new flaw had been discovered in sendmail, a flaw which allows a remote attacker to gain the privileges of the sendmail daemon, which is typically root. For the announcement, see
http://www.cert.org/advisories/CA-2003-07.html Anyone running sendmail is strongly urged to patch or upgrade his or her system immediately. I run two redhat boxes, one at 7.1 and one at 7.3. I downloaded the upgrades from redhat and applied them. The one for 7.3 worked fine out of the box, but the one for 7.1 broke my mail. Local delivery (i.e., from the world to me) was broken and mail sent to me bounced. The error message was 550 5.0.0 Access denied. It turns out that earlier versions of redhat shipped with a sendmail that did not use tcpwrappers. This was what was on my 7.1 box. The security upgrade installed a sendmail that does use tcpwrappers, but I guess they forgot to tell me that. Tcpwrappers uses a pair of files, /etc/hosts.allow and /etc/hosts.deny, to control what hosts can connect to what services on your computer. A typical setup has a hosts.deny file that consists of the single line: ALL:ALL which denies every service to every host, and a hosts.allow file that opens specific services to specific hosts or networks. To fix my mail problem, I had to add the line to hosts.allow: sendmail: ALL which means that anyone can connect to my sendmail port and send me mail. This fixed the problem. -- Jon Beck, PhD mailto:[EMAIL PROTECTED] Assoc Professor, Computer Science 2162 Violette Hall Truman State University 660-785-7233 Kirksville, MO 63501 http://vh216202.truman.edu/ ----------------------------------------------------------------- To get off this list, send email to [EMAIL PROTECTED] with Subject: unsubscribe -----------------------------------------------------------------
