server patching and updates???

How important is it to update EVERYthing that is on a server for web and e-mail via yum?

I own a small web and e-mail server running WhiteBox 3. as this is a fork of RHE3 it is nearing the end of its support life span from RH. Do i need to be concerned with upgrading to CentOS 4.1 or an other fork of RHE4 or is the system ok as it stands?

What makes you think RHEL3 nearing its end of life? According to Redhat they will support it with security/bug fix updates for 7 years after release. Since RHEL3 was released in Nov 2003 that means it will be supported by updates untill november 2010!

If I were you I'd be more concerned that the Whitebox project won't last that long - IMHO it seems to have died off a bit while Centos has a lot of activity around it. If anything you should consider a 'cross-grade' to Centos 3.6, see http://lists.centos.org/pipermail/ce...ne/000246.html

Ideally, you need to stay up to date. Old versions of packages tend to become security risks as holes are discovered in the code. Also, as time passes you'll find trouble running newer software on an older environment (e.g. You have have a webapp the requires PHP5, but you only have 4. Unlikely in the short term, since PHP5 is still quite new, but how about 2 years from now?)

In some cases (leased server with no physical access) upgrading is impossible without the assistance of your colocation provider. In these cases, I tend to compile the critical software from source myself so I can stay up to date. It's not a perfect solution, or even a terribly good one, but I've had success with it on the small scale.

ok thanks you 2. after i replace the motherbord i plan on upgrading to centos 4.x anyways.