| |
| |
| |
|
Page: 1 2
Comments:
<0> Cowboy: runas support seems useful
<0> snappy: it's not just a DoS
<1> People, hi!
<1> Could you consult me about procmail and formail?
<2> mostly no.
<3> Zebar - What do you need about procmail?
<4> how do I test if my sendmail installation is vulnerable
<4> I tried nessus , but nessus doesnt have latest plugins for the new sendmail vulnerability
<5> run 8.13.6 and you are safe
<5> else be sure your OS / distribution provides a patches version and install that
<4> My client has FC1 with sendmail 8.11.6
<5> no, FC1 came with 8.12
<5> http://download.fedoralegacy.org/fedora/1/updates/i386/sendmail-8.12.11-4.25.1.legacy.i386.rpm
<4> sorry you are right
<4> this is redhat 7.2
<5> autsch!
<5> 7.2 is EOL and even unsupported by fedoralegacy
<4> yup I know , trying to get them to upgrade
<5> upgrade to 7.3 at least
<4> but there are lot of legacey software which cant be upgarded in a jiffy
<4> and there are many installations
<5> just stupid
<4> personally I would jump the first chance to upgrade to the latest
<4> but the management wont let me
<5> a real wonder if such 7.2 hosts aren't hacked already
<4> we have been following up with the patches :-(
<5> numerous unfixed vulnerabilities as 7.2 is EOL since end of 2003 IIRC
<4> I was just looking for an exploit test software
<3> rprasad - Built your own rpm from 8.13.6
<3> rprasad - Why do you have so many sendmails anyway?!
<4> they are different machines
<4> and many of them running a single sendmail based solution
<3> With legacy software on the same box?!
<4> sorry ?
<3> The reason, why you can't upgrade? As I read above, it's legacy software?
<4> This mailing solution was sold to the customer(s) 3 yrs ago
<3> And you're the brave one, who has to support it now?
<4> the all customers dont want to upgrade the entire solution because it is working
<4> well supporting a working solution is not that brave :-)
<3> And upgrading the whole solution isn't an option at all?
<4> That is surely an option
<3> Then try to advocate for that solution.
<4> but customers wont agree ..for fear of breaking
<3> Well, offer them to fix anything that will break with the new upgraded solution.
<5> it is just a question of time until exploits are going around between script kids
<4> :-)
<3> And tell them a much higher fee for "fixing the old solution". Simple thing.
<4> Elrond u must talk to our marketing folks :-)
<4> they promise the moon :-)
<5> rprasad: it should be nearly trivial to at least install the bug fixing sendmail for RHL7.3 from fedoralegacy
<3> rprasad - If they take enough money for the moon, it's okay.
<4> In India people are *very* cost consious
<3> Well, upgrading is the cost effective solution. Long term
<4> ultimately If I get no solution thats what I am going to
<3> Go it now. It's the better way.
<4> but I cant justify a forced upgrade , if my sendmail was not even vulnerable :-(
<4> I tried the link in the motd .. doesnt seem to be doing anything yet
<3> So you'll invest many hours of finding out, if it's vulnerable?
<4> yup it is more of a strategy decision
<4> than a tech one
<3> Ahh
<3> And your boss is okay with you investing that much time?
<4> you cant send ur people to 300 places and ask them to upgrade the OS + hardware + etc etc
<4> much cheaper for me to fix the "vulnerability" and replace a single binary
<3> Ahh, well
<3> Then built a new sendmail for the relevant platform
<4> If I tell my boss he has to upgrade .. then I better make sure for the sake of my job :-)
<5> well, there is a reason to run enterprise linux release with very long term support
<4> Zerberus : Pardon me ?
<3> Zerberus - right... or just facing the "hard work"
<5> rprasad: Red Hat for instance sells the RHEL with 7+ years of support / bug fixing packages
<5> so you still get RHEL 2.1 packages with bug fixes (RHEL 2.1 is RHL 7.2 based)
<4> yup: so I use centos now
<4> RHEL is still a cost to p*** on the customer .. he may not like that
<5> depends on whether you may need the support you buy from subscription fees
<4> coming back to my original question is sendmail 8.11.6 vulnerable ?
<3> I don't know.
<5> i think it is, to be sure compare the sources
<4> from what I understand the vulnerability uses Timeout.datablock .. so I can workaround it
<4> set Timeout.datablock to say 4hours and restart sendmail every 3 hours
<6> Hello, I was wondering if anyone can point me in the right direction to setup sendmail for 3 domain names
<6> i don't want virtual domains because I need to be able to setup different accounts to send/recieve from different domains
<6> what I would like to do exactly is the following: My current email domain is titov@currentdomain.com. I want to still receive all email coming into currentdomain.com but when I email out I want to be able to email out with newdomain.com
<5> why would that not work with virtual domains?
<6> now, some of the users will still need to send out from currentdomain.com as well
<5> that is no problem using virtusertable
<6> Zerberus, because I think virtual domains doesn't change the headers of the email...so wouldn't currentdomain.com still show up when I send email out rather than my newdomain.com?
<5> the hostname does not change, yes, if you mean that
<6> hmmm...
<6> i need to somehow have these two domains work as if they were two different mail servers...for example currentdomain.com is one company and newdomain.com is another
<5> then run 2 or more individual daemons
<7> Can someone tell me what these mean? http://code.gnu-designs.com/callout.txt
<7> "stat=Deferred: 451 Could not complete sender verify callout"
<7> 1,851 of them
<5> the remote MTA answers with a tempfail - they are trying to verify your sender
<6> how would that work...here is the thing...we are a company called currentdomain.com and we just split...so now we are currentdomain.com and newdomain.com. Now, our customerservice dept. still needs to get all of the email from currentdomain.com but when customerservice reps. reply to customers or create a new email it needs to go out as newdomain.com. Now, a few people will still need to send/receive email from both currentdomain.co
<7> So mussi@fr.st?
<5> setuid: is mex.fr.st your host?
<7> Nope
<7> It seems to be a user subscribed to a list I host though
<7> I just unsubscribed him and rm'd the queue files from the spool
<5> so mussi@ft.st is the recipient, and recipient fails when trying to verify the sender on your side
<7> hrm, so the sender would be Mailman, I presume
<7> How would they verify that?
<5> they just callback, typically from:<> and see if mail is deliverable to the sender
<7> Then they're probably blocked on port 25
<7> I block all of the "from:<>" probes
<7> # iptables-save | grep "dport 25" | wc -l
<7> 7325
<5> that is BAD
<5> hope that you are not already listed on rfc-ignorant.org
<7> What's bad?
<7> No matches
<7> ;)
<5> to violate RFCs
<7> I'm not violating rfcs... I'm talking about blank From: addresses, not "From " lines
<5> http://rfc-ignorant.org/policy-dsn.php
<7> I block IPs that my MTA show as "User unknown..." (spam attempts, forged bounces) and "Did not issue..." probes
<7> # grep "did not issue" mail.log | perl -lne 'print /\b((?:\d{1,3}\.){3}\d{1,3})\b/' | sort | uniq | wc -l
<7> 5501
<7> That's _today_, and those are unique addresses
<3> People love to violate RFCs to fight spam it seems?
<3> (not that I think, callback is a good thing either.)
<8> in virtusertable, are wild cards allowed in the name field? ie, 'rsvp*@mydomain.com rsvp_user'
<5> no
<8> is there any way i can achieve this?
<5> http://groups.google.com/groups?as_q=virtusertable+wildcard&num=10&scoring=r&hl=en&as_epq=&as_oq=&as_eq=&as_ugroup=comp.mail.sendmail&as_usubject=&as_uauthors=&lr=&as_drrb=q&as_qdr=&as_mind=1&as_minm=1&as_miny=1981&as_maxd=27&as_maxm=3&as_maxy=2006&safe=off
<9> hi someone here gots sendmail working with bind ?
<5> sure
<9> Zerberus icant makes work bind got some problems could help me ?
<5> i don't know your problem
<9> i know
<9> can i pm you ?
<5> no
<9> nice
<10> Percotz: so state your problem here...
<9> http://200.81.24.149/bind
<9> theres my config files and the error
<10> not quite... 404
<10> check the permissions on that directory
<5> www IN A 127.0.0.1 or omit the "IN"
<5> append a newline to the .db files end
<5> has nothing to do with sendmail, please read the DNS howto on tldp.org carefully
<9> that **** no work
<5> no need to blame the tools
<9> Zerberus please ...
<11> Percotz, please "what"?
<9> who knows ...
Return to
#sendmail
or
Go to some related
logs:
#math
libc.mo Ubuntu dapper
ubuntu c800 suspend
apt-get etch mysql-server-5.0
Beer before liquor, never been sicke
#suse
dual boot ubutu windows
luelinx setup
#web
#php
|
|