[afnog] disable command HELP on sendmail

Brian Candler B.Candler at pobox.com
Fri Dec 9 12:05:05 EAT 2005


On Fri, Dec 09, 2005 at 08:28:17AM +0300, Kenneth Kabagambe wrote:
> am not sure what you mean by "security reasons", please do clarify
> You can always modify the content of the HELP file. Sendmail gets it 
> from *|/etc/mail/helpfile. |*|That will obscure whatever it is you want 
> hidden from other users using HELP.
> ||But seriously, you should consider alternatives like exim or 
> postfix.Sendmail's security history isnt very great.

Fully agreed on both points:

1. Hiding the 'HELP' information is at best "security through obscurity".
Anyone who is serious about attacking your mail server will already know
all the SMTP commands, and will already know what the holes are in various
versions of sendmail. She can just try them all.

2. Sendmail itself has a lousy security history, and there are many
alternatives which are not only more secure, but more configurable, more
functional, and offer better performance.

Regards,

Brian.



More information about the afnog mailing list