Re: Sendmail request for comments (Was: Re: [cobalt-developers] RAQ4 - Security Problems)

[Harald Kapper <hk@xxxxxxxxxx>]

On Thu, 02 May 2002 10:16:16 -0700, you wrote:

>ToPPi wrote:
>
>> I'd appreciate to find some pkg's or rpm's to update this software in order
>> to close this security leaks.
>> Is sun developing new pkgs?? or do the discontinue the support for the raq's
>
>I'm opening this up as not a solution, but as a topic for discussion...
>
>The RaQ's implementation of sendmail includes some custom changes to a
>whole bunch of files sendmail uses, but sendmail itself is pretty
>"straight".
>
>My suggestion would be to compile sendmail from source, but NOT do the
>"make install".  Instead move the main sendmail program file you've
>created yourself (even a newer version) over the old one.
>
>My guess (ONLY A GUESS -- DO NOT TRY THIS AT HOME ON A PRODUCTION
>SERVER) is that you can easily upgrade sendmail on your Raq this way
>without breaking anything.
>
>Any comments???
>
>Jeff

hi there,
well we did exactly that successfully with v8.11.6 of sendmail.
warning: only tested on raq2-boxes.
especially one has to re-integrate the pop-before-smtp-parts into
sendmail.cf after making a custom one with m4, but that's relatively
easy by diff'ing the old sendmail.cf with the new one.
also one has to symlink some /etc/mail/... files onto the /etc/...
level so the perl-scripts of the admin-interface still find the files
where they expect them.
note on why not v8.12 of sendmail: 8.12 dropped the
AutoRebuildAliases=True support, this could possibly break
web-interface scripts that rely on sendmail rechecking for new
alias-files.

hth,
Harald Kapper                        kapper.net, inc.
managing director                    loeblichgasse  6
chief software development           1090 vienna, .at
tel +43 1 3195500-0, fax +43 1 3195502, hk@xxxxxxxxxx