From owner-freebsd-questions  Wed Dec 17 07:14:57 1997
Return-Path: <owner-freebsd-questions>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id HAA17167
          for questions-outgoing; Wed, 17 Dec 1997 07:14:57 -0800 (PST)
          (envelope-from owner-freebsd-questions)
Received: from mojo.calyx.net (mojo.calyx.net [208.132.136.2])
          by hub.freebsd.org (8.8.7/8.8.7) with SMTP id HAA17149
          for <freebsd-questions@freebsd.org>; Wed, 17 Dec 1997 07:14:45 -0800 (PST)
          (envelope-from lists@mojo.calyx.net)
Message-Id: <199712171514.HAA17149@hub.freebsd.org>
Received: (qmail 27607 invoked from network); 17 Dec 1997 15:14:43 -0000
Received: from kwesi.calyx.net (208.132.136.100)
  by mojo.calyx.net with SMTP; 17 Dec 1997 15:14:43 -0000
X-Sender: lists@calyx.net
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.0 Release Candidate 3
Date: Wed, 17 Dec 1997 10:14:17 -0500
To: freebsd-questions@freebsd.org
From: Nicholas Merrill <lists@mojo.calyx.net>
Subject: Re: Sendmail HYPER-SECURITY
In-Reply-To: <3497B58E.7A97@barcode.co.il>
References: <19971217091842.5156.rocketmail@send1a.yahoomail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-questions@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

At 01:20 PM 12/17/97 +0200, you wrote:
>Charlie Roots wrote:

>> I understand that Sendmail was, once, a major security hole by which
>> attackers and hackers used to get the password file, and to obtain
>> unauthorized root access priviledges, and I also understand that
>> RECENT versions of sendmail has attacked the attackers by being more
>> secure than ever.

Then Nadav replied:

>This is abit out of the point, but still... Instead of relying on
>sendmail's security you may choose to use the TIS fwtk's smap+smapd
>combination (it's in the ports). I've been using them for over a year
>and they work great. What it does is provide you with a small smtp
>"stub" (smap) that's only smart enough so that your party will believe
>it's a mailer. It then saves whatever comes in in a file and a daemon
>(smspd) passes it over to sendmail. The advantage - there is *no*
>outside access to sendmail at all! This make me feel safe enough not to
>try and fill all possible security gaps inside sendmail, running it in a
>pretty much generic configuration.

That's one way to handle it. Or you could also look into running qmail
(www.qmail.org) which is more secure to begin with.

Nick