From: Green, Simon (Simon.Green@EU.ALTRIA.COM)
Date: Wed Mar 12 2003 - 05:04:32 EST
That would have been my choice, but wouldn't wash with our management.
If you don't actually have incoming email, then there is no good reason to
run the sendmail daemon; you can send outgoing mail without it, and that
reduces your exposure considerably.
If you need to receive mail, then you need sendmail or an equivalent
running. That's a business decision, not a technical one.
If you can reduce the number of servers actually running sendmail, then
patching it becomes a less onerous task and you can go ahead with it either
because you think it's a good idea or because you don't think it's worth the
fight.
Simon Green
Altria ITSC Europe s.a.r.l.
AIX-L Archive at http://marc.theaimsgroup.com/?l=aix-l&r=1&w=2
AIX FAQ at http://www.faqs.org/faqs/aix-faq/
N.B. Unsolicited email from vendors will seldom be appreciated.
> -----Original Message-----
> From: Herman, Tim [CC] [mailto:Tim.Herman@MAIL.SPRINT.COM]
> Sent: 11 March 2003 20:42
> To: aix-l@Princeton.EDU
> Subject: Re: Sendmail hole
>
>
> Easy. Tell them to show you how it's exploited - a working example.
> They won't be able to.
>
> -----Original Message-----
> From: Bill Verzal [mailto:Bill_Verzal@BCBSIL.COM]
> Sent: Tuesday, March 11, 2003 1:49 PM
> To: aix-l@Princeton.EDU
> Subject: Sendmail hole
>
>
> (I don't feel like spelling vulnerability)
>
> Management here has just asked us to shut off sendmail
> because of the most
> recent hole. Anyone got any obvious reasons why we
> should/should not do
> this ?
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 22:16:38 EDT