Re: Sendmail request for comments (Was: Re: [cobalt-developers] RAQ4 - Security Problems)

[Michael Stauber <devel@xxxxxxxxxxxxxx>]

Hi Jeff,

> My suggestion would be to compile sendmail from source, but NOT do the
> "make install".  Instead move the main sendmail program file you've
> created yourself (even a newer version) over the old one.

When I answered ToPPi's initial question I took a look at the Sendmail.SRPM 
file from Cobalt. You know, if an SRPM is available, then an upgrade of any 
programm to a newer versions is almost always a walk in the park if a few 
requirements are met:

- Compile time options and run time options must not be that different
- There are no extensive source code patches in the old programm

SUN/Cobalt just patched a minor issue in the 8.10.2 sourcecode and the rest of 
the changes involve the location of files and POP-before-SMTP which has been 
"hacked" into sendmail.cf. 

I don't know what changes Sendmail 8.12.3 (or versions in between that and 
8.10.2) introduced, aside from Milter support and more bugs. :o) I'm more 
into Postfix on generic Linux boxes and prefer not to touch Sendmail on the 
Cobalt's unless I have to.

However, I could imagine that changing just the tarball within the SRPM 
package and dropping out the old SUN patch will bring us almost all the way 
towards our intended destination. The somewhat more complicated things then 
left to be done will be to get POP-before-SMTP back the Cobalt way. 

-- 

Mit freundlichen Grüßen / With best regards

Michael Stauber
mstauber@xxxxxxxxxxxxxx
Unix/Linux Support Engineer