Improving the Security of Mail Services
Next: Improving the Security
Up: Improving Security of
Previous: Improving the Security
The following precautions should be taken to ensure secure operation of
- Verify that the version of sendmail used is recent.
Older versions of sendmail have several bugs that
allow security violations.
- Remove the ``uudecode'' and ``decode'' alias from the aliases file.
This file is
usually /etc/aliases or /usr/lib/aliases.
- For aliases that allow messages to be sent to programs, make sure
that there is no way to obtain a shell or send commands to a shell from
- Verify that the ``wizard'' password is disable in the configuration
- Verify that sendmail does not support the ``debug'' command.
This can be done with the following commands:
% telnet localhost 25
Connected to localhost
Escape character is
220 hostname sendmail 5.61 ready at Fri, 18 Sep 92 15:10:48 EDT
500 Command unrecognized
If sendmail responds to the ``debug'' command with the message
``200 Debug set'', then sendmail is vulnerable to attack and
should be replaced with a newer version.
Fri Oct 7 16:17:21 EDT 1994