Front Page

ISP mini How-To

Products

· Announcements

· Special Offers

Purchase/Contact Us

Our Projects

About Us

Linux & ISP News

Kernels 2.6.24.4 · 2.4.36.2

9000 PCs in Swiss schools going Linux-only (7/04/08 ZDNet)

Bad, bad reasons not to buy open-source (20/06/07 eWeek)

MS Linux-patent FUD seeps into devices (07/06/07 Linux-Watch)

Cuba migrates to open source (ZD)

Reference Items

Sendmail Security Vulnerability (22/03/2006)

DNS DoS Attack Remedy (ISP Ltd) (21/03/2006)

Analysing malicious SSH log-in attempts (SecurityFocus)

Malicious cryptography (SecurityFocus)

Wireless Forensics: Tapping the air (SecurityFocus)

Zero to IPSec in 4 minutes (SecurityFocus)

Other Tech News

Solwise 200Mbps powerline adaptor (5/02 Register)

AMD Fusion chip (5/02 InfoWeek)

Sendmail MTA Security Advisory

22 March 2006

One of the most reliable *nix server applications is Sendmail, handling millions of e-mails every day without a hint of trouble. Every now and then, somebody finds a way to exploit it, and this is one of those times (although I think it's been over a year since the last security flaw was reported, so it still stands as one of the most stable server apps in Linux).

This security flaw is reported by the major distributions as "high impact" with no known work-around, and now that it is being broadly advertised you can bet that many aspiring hackers will be trying to exploit this flaw, so be sure to upgrade your mail servers right away.

ISP Ltd. customers with a support contract will be upgraded starting today, at between midnight and 5am your local time.

Sendmail's official security advisory can be found at this URL:

http://www.sendmail.com/company/advisory/index.shtml

ISP Ltd. customers with networks built since 2004 should do this (during off-peak hours):

mailserver ~ # /etc/init.d/sendmail stop
mailserver ~ # eup sendmail
(wait until it is finished)
mailserver ~ # update-maps

To verify the running version of Sendmail, you can do this:

mailserver ~ # telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 rosalinda.ispl.ca ESMTP Sendmail 8.13.6/8.13.6; Thu, 23 Mar 2006 00:15:00 -0800

In this above dialogue, you will see that Sendmail 8.13.6 is running on this server. At this point, just press Ctrl+] and then type 'quit' to close the telnet session.

ISP Ltd. customers with networks built prior to 2004 should do the following:

mailserver ~ # cp -a /usr/lib/sendmail /tmp/ (to make a back-up copy)
mailserver ~ # cp -a /etc/mail /tmp/ (to make a back-up copy)
mailserver ~ # cd /usr/src/ispltd
mailserver ~ # wget ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.13.6.tar.gz
mailserver ~ # tar -xzf sendmail.8.13.6.tar.gz
mailserver ~ # cd sendmail-8.13.6/sendmail
mailserver ~ # sh Build
· (if it says "ERROR: /usr/bin/m4 failed" please contact me for help)
mailserver ~ # cd ../cf/cf
mailserver ~ # cp /etc/mail/sendmail.mc .
· (if you don't have this file, please contact me)
mailserver ~ # sh Build sendmail.cf
mailserver ~ # /etc/init.d/sendmail stop
mailserver ~ # sh Build install-cf
mailserver ~ # cd ../..
mailserver ~ # sh Build install
mailserver ~ # update-maps

Others who have GNU/Linux systems not built by ISP Ltd. should follow the instructions provided on the Sendmail web site.

Be careful if you have add-on software that ties into Sendmail with special settings in the /etc/mail/sendmail.cf file. In this case, compare the new sendmail.cf to the one you backed-up so you can put those special settings back in place.