Securing Sendmail in Slack 12.2?
 

Hi all, I was reading an online article recently and according to the author, "Sendmail is full of holes". He was not as forthright with providing guides or solutions to "plugging" these holds but instead recommended that another mail program - Postfix - be used instead. I am no expert in such matters but as far as I am aware, Sendmail features in most Unix environments and comes bundled with Slack practically fully configured. Thus one can argue that if it properly secured then it should be a be solid mail solution.

Therefore, I would like to find out whether the default Slack 12.2 Sendmail offering is secure enough to be used as a mail server and if it isn't what steps can be taken to accomplish this.

I read shilo's guide http://shilo.is-a-geek.com/sendmail18.html for setting up his mail server. There he provided a quick "hack" which according to him "increases your mail server security a bit". Obviously a "bit" is better nothing :), but I rather suspect that there is a "tad" more that can be done :).

I will be quite grateful for any advice.

Cheers

control access to sendmail with hosts.allow and hosts.deny
 

I have an /etc/hosts.deny file. The contents of the file is merely: This denies all hosts access to local services, unless granted access specifically in my /etc/hosts.allow file. The contents of my /etc/hosts.allow is merely: This allows users on localhost access to sendmail, which was sufficient enough for what I needed (asterisk using sendmail to mail voice messages to my inbox)

Well I doubt the "Full of holes" comment has much merit without any real proof. Suffice to say that any service that is not configured correctly can be seen as a liability though.

Sendmail is a widely used and solid mail server and while it is a bit complex if it were full of holes I'm sure it would be front page news by now.

I prefer Postfix myself but mainly due to it's simple and flexible configuration. You'll find a postfix slackbuild at Slackbuilds.org

Thanks for the responses guys.

I agree, although several years ago Sendmail actually was "full of holes". And it was a nightmare to configure it. That was the time when some other distros, like SuSE, dropped Sendmail and started to include Postfix, instead. It had a more modern architecture, was easier to set up and more secure "by design", and faster.
But in the more recent past, Postfix is actually criticized for its architecture, which is secure, but doesn't support extension ("Plug-ins") as well, and several vulnerabilities were found. More than in Sendmail in the same period of time.

I like Postfix, too, and several years ago it was much easier to set up than Sendmail and faster and more secure, but Sendmail has caught up. With the M4 makros it's set up, at least, as quickly as Postfix, and there have been a couple of bugs, but no serious vulnerabilities in the recent past. No more than with Postfix, that is.

In the end, both MTAs are doing their job really well. I use what's included with the distro, therefore, as long as it is one of these two.

gargamel