linux user group brescia
immagine del castello

Archivio della mailing list

eliminiamo tutto!

marco ghidinelli marcogh a atdot.org
Ven 26 Ott 2001 12:20:30 UTC 
On Fri, Oct 26, 2001 at 12:15:09PM +0200, GiulioMaria Fontana wrote:
> 
> Il 11:23, venerdì 26 ottobre 2001, hai scritto:
> 
> > sendmail e' il programma per cui SONO STATE RISOLTE piu' vulnerabilita'; il
> >  fatto che sia `bacato per default' e' falso. In effetti io mi fido di piu'
> >  di sendmail che non di qmail et similia.
> 
> Lungi da me il voler fare polemiche segnalo solo che Zalevski ha postato 
> ultimamente su Bugtraq alcuni problemi locali (quindi niente remoto) su 
> alcune ultime release di Sendmail e che anche RedHat per la 7.1 e Suse (altri 
> non ho controllato) hanno rilasciato un aggiornamento di sendmail per evitare 
> un root gain locale (sempre niente di remoto...).

si accede all'utente mail, non a root. (era un problema di gestione della
coda della mail, non del server che ascolta sulla 25)

e' anche vero che la release 12 di sendmail ha aggiunto tante di quelle
cose:

Sendmail is the *ONLY*
 MTA with a Turing complete language under the covers !
 .
 Sendmail provides Security and SPAM/UCE/UBE protection via several means:
  - SMTP AUTH (SASL/PAM) authentication for access/relay control.
  - ACCESS database (by IP/host) for access/relay control.
  - Use of varied Realtime Blackhole Lists (RBL) to prevent access.
  - Integration of LOGCHECK rules to fine-tune logging.
  - Inboard POSIX Regular Expression processing of *all* headers.
  - Ability (via MILTER) to scan/change headers *and* body of *ALL* mail
    A site may utilize zero, one, or more MILTERs.
  - Reduced SUID exposures by running SGID mail where possible.
 .
 Sendmail provides Performance and Scalability by:
  - Allowing multiple queues, with the ability to tune both interval and
    queue runners on a queue by queue basis.
  - Providing (a Debian exclusive) an easy to configure means of queue-aging
    to improve throughput by not continually retrying failed deliveries.
  - Allowing most all maps/databases to be obtained via LDAP; reducing the
    number of used databases and simplifying the maintenance of Sendmail.
  - Reducing the file I/O where possible by buffering files in memory.
 .
 Sendmail provides site ehanced site configuration/customization by:
  - Allowing the listener (usually port 25) to run as a daemon or via INETD.
  - Allowing the queue runner (mail delivery) to run as a daemon or via CRON.
  - Automagically updating configuration and databases on upgrades.
  - Providing a Turing complete language for site customization of mail
    handling.
  - Providing a means (MILTER) for a site to scan/change all email - both
    incoming and outgoing.  A site can write their own MILTER, or may use
    any of those found on internet.  To write your own MILTER, you'll need
    to install the optional milter-dev package.
  - Providing extensive documentation via the sendmail-doc (optional) package.
  - Providing an inboard Mail Delivery Agent (MDA) (mail.local), but supporting
    procmail, mailagent, maildrop, or deliver automatically if installed.
    Sendmail will also deliver to anythings else (cyrus, etc) if asked to.

per esempio:

CHE COSA E' UN LINGUAGGIO TURING-COMPLETO???
(hint: giuzzi rispondi please.. :)

> 
> Giulio
> 
> -- 
> _____________________________________________________________
> Fontana GiulioMaria
> System Administrator
> Sinapsi Spa
> Viale Bligny 27, 20136 Milan, Italy, Phone (+39) 02 582095.33

-- 
BOFH excuse #11:

magnetic interferance from money/credit cards

Maggiori informazioni sulla lista Lug