From owner-freebsd-questions Wed Dec 17 03:21:45 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id DAA01514 for questions-outgoing; Wed, 17 Dec 1997 03:21:45 -0800 (PST) (envelope-from owner-freebsd-questions) Received: from gatekeeper.barcode.co.il (gatekeeper.barcode.co.il [192.116.93.17]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id DAA01503 for ; Wed, 17 Dec 1997 03:21:34 -0800 (PST) (envelope-from nadav@barcode.co.il) Received: (from smap@localhost) by gatekeeper.barcode.co.il (8.8.7/8.8.7) id NAA27834; Wed, 17 Dec 1997 13:18:09 +0200 (IST) (envelope-from nadav@barcode.co.il) X-Authentication-Warning: gatekeeper.barcode.co.il: smap set sender to using -f Received: from localhost.barcode.co.il(127.0.0.1) by gatekeeper.barcode.co.il via smap (V2.0) id xma027832; Wed, 17 Dec 97 13:18:00 +0200 Message-ID: <3497B58E.7A97@barcode.co.il> Date: Wed, 17 Dec 1997 13:20:46 +0200 From: Nadav Eiron X-Mailer: Mozilla 3.0 (X11; I; SunOS 5.6 sun4u) MIME-Version: 1.0 To: Charlie Roots CC: freebsd-questions@FreeBSD.ORG Subject: Re: Sendmail HYPER-SECURITY References: <19971217091842.5156.rocketmail@send1a.yahoomail.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk Charlie Roots wrote: > > Hi there, > special hugs and kisses to; > Doug White, and David Greenman. > > I understand that Sendmail was, once, a major security hole by which > attackers and hackers used to get the password file, and to obtain > unauthorized root access priviledges, and I also understand that > RECENT versions of sendmail has attacked the attackers by being more > secure than ever. This is abit out of the point, but still... Instead of relying on sendmail's security you may choose to use the TIS fwtk's smap+smapd combination (it's in the ports). I've been using them for over a year and they work great. What it does is provide you with a small smtp "stub" (smap) that's only smart enough so that your party will believe it's a mailer. It then saves whatever comes in in a file and a daemon (smspd) passes it over to sendmail. The advantage - there is *no* outside access to sendmail at all! This make me feel safe enough not to try and fill all possible security gaps inside sendmail, running it in a pretty much generic configuration. [snip] > Thanks for replying IN ADVANCE. > > == > MAY THE FORCE BE WITH YOU. > _________________________________________________________ > DO YOU YAHOO!? > Get your free @yahoo.com address at http://mail.yahoo.com Nadav