problem forwarding mail

bmeckle · 02-16-2007, 11:52 AM

Hello,

I have a linux system running arpwatch. I noticed that when it was setup somebody had sendmail running so arpwatch would forward messages to them. I don't like having sendmail run so I stopped it and put the email addresses into the /root/.forward file. I have not recieved an email since.

my .forward file looks like this
ima@idiot.com,
imstilla@idiot.com

I can send mail to myself from this system using mailx.
cat somefile | mailx ima@idiot.com

Did I do something wrong?
Any help is greatly appreciated.
Thanks in advance.

unSpawn · 02-17-2007, 05:53 AM

I don't like having sendmail run
What's your beef with running Sendmail?

so I stopped it and (..) I have not recieved an email since.
In /etc/(mail/)aliases adding a line "root: recipient" will make all email to root go to user account "recipient" which should be an unprivileged human user account.

[edit]
I'll add Alternate .forward files as reference, but be sure to notice the note.
[/edit]

bmeckle · 02-19-2007, 02:59 PM

My beef with sendmail is that it leaves a security hole. If I don't have to have it running I would rather shut it off. It looks like the version of arpwatch that we are running requires sendmail. I am currently looking into weather or not there is a version of arpwatch that does not require sendmail.

Thanks for your help.

unSpawn · 02-19-2007, 06:32 PM

My beef with sendmail is that it leaves a security hole.
Does that mean you:
- suffered a breach of security in the past 2 years due to Sendmail on boxen you own or administer, or
- believed campfire hearsay when Ye Aulde Dragons told you Ancient Tales of 'Net Folklore five years ago, or
- are in a host/network situation where binding to localhost ports, user and network access restrictions, SELinux etc, etc won't be able to harden it enough for you?

It looks like the version of arpwatch that we are running requires sendmail.

Code:

]# rpm -q arpwatch
arpwatch-2.1a13-9.FC3     # * Mind you, not that I run FC3...

]# rpm -qR arpwatch
/bin/sh  
/sbin/chkconfig  
/sbin/service  
config(arpwatch)
libc.so.6
libresolv.so.2

No deps here I can see.

bmeckle · 02-20-2007, 07:40 AM

We had a breach about 5 years ago before I became a sysadmin, but that system was completely unpatched and the intruder came in through a back door to another network. But the good thing about it was it brought security to the for ground in our company.

Also one of our arpwatch systems is sitting, for the moment, in our DMZ so I hardly consider it a secure network. And we noticed at least one advertising it's self out as a mail server, causing problems with mail.

All that and best practices.
Thanks for your help and thanks for setting me straight.