RedHat security advisory for sendmail
Posted: Wed Mar 22, 2006 12:51 pm
Today, RedHat issued a security advisory for a potential remote exploit when using sendmail with RHEL3 and RHEL4.
The details can be found at https://rhn.redhat.com/errata/RHSA-2006-0264.html
For Scalix customers, this shouldn't cause too much concern as, by default, the SMTP Relay is listening on the external IP address and sendmail should only be listening on the localhost ( 127.0.0.1 ) address.
However, the errata will provide a new sendmail.cf and submit.cf with .rpmnew extensions. Usual practice is that customers should analyse the differences between the original and the .rpmnew versions and apply any changes to the .rpmnew version. They should then copy the .rpmnew version over the original.
If you have configured a milter such as SpamAssassin, you will need to re-apply the changes as documented in the technote. Details are at http://www.scalix.com/community/viewtopic.php?t=929.
After copying the .rpmnew version over the original, you should run the Scalix command to re-apply the Scalix-specific rules.
Once that is complete, restart sendmail with.
Customers that are currently using the dual IP address solution from previous SpamAssassin technotes should take the time to read the new technote as there is no longer any need to have that dual IP solution in place. The SMTPFILTER option to smtpd.cfg has been available since 9.4.
If there are any questions, please post them to the forum.
Cheers
Dave
The details can be found at https://rhn.redhat.com/errata/RHSA-2006-0264.html
For Scalix customers, this shouldn't cause too much concern as, by default, the SMTP Relay is listening on the external IP address and sendmail should only be listening on the localhost ( 127.0.0.1 ) address.
However, the errata will provide a new sendmail.cf and submit.cf with .rpmnew extensions. Usual practice is that customers should analyse the differences between the original and the .rpmnew versions and apply any changes to the .rpmnew version. They should then copy the .rpmnew version over the original.
If you have configured a milter such as SpamAssassin, you will need to re-apply the changes as documented in the technote. Details are at http://www.scalix.com/community/viewtopic.php?t=929.
After copying the .rpmnew version over the original, you should run the Scalix command
Code: Select all
omsendin
Once that is complete, restart sendmail with
Code: Select all
/etc/init.d/sendmail restart
Customers that are currently using the dual IP address solution from previous SpamAssassin technotes should take the time to read the new technote as there is no longer any need to have that dual IP solution in place. The SMTPFILTER option to smtpd.cfg has been available since 9.4.
If there are any questions, please post them to the forum.
Cheers
Dave