Security-Fix Sendmail 8.12.9 Released

bahamutirc writes "Yet another security problem was discovered by Michal Zalewski in Sendmail 8.12.8, 'a buffer overflow in address parsing due to a char to int conversion problem which is potentially remotely exploitable.' Apparently somebody jumped the gun and posted before Sendmail had a chance to notify anyone, so they had to release it today. Go grab your source." Here's the CERT advisory.

Sendmail....

[Chester K]

Sendmail: The IIS of Open Source.

This is the straw that breaks the camel's back. I'm changing to another MTA.

Is Sendmail still worth it?

[mnmn]

I fought with the M4 format of sendmail.cfg for a while in setting up a complex system before switching to qmail. Ive tried postfix too, but I still see diehard sendmailers around.

For one, sendmail is really not intuitive. If youre given a server youve never seen before and have to alter some fancy configs in it, could you do it faster than if it were say qmail? Maybe if I stare at M4 pinfo I could begin to get it, I gave up early there.

Secondly these security problems.

So beside the fact that sendmail is the standard, quite mature and very flexible if you know how to config it, does it have any big edge over postfix or qmail that everyone should know about?

And can the sendmail developers be brave trailblazers and finally change the config file syntax to just text words like httpd.conf?

Re:Sendmail....

[dissy]

Perhaps I just dont know the undocumented tricks of those mail servers.

If anyone could give me either detailed instructions on how to translate from sendmail to qmail/postfix configs, or a good website that explains this, I would be most grateful.

Please do keep in mind my only experence with qmail or postfix was reading the documentation to see how hard it would be to convert my sendmail setup, and seeing most of the features i need not being listed, i didnt bother setting them up.
I am not at all familiar with the config files used by either.

I am also assuming in this post one IS familiar with sendmail.
Where i simply say virtusertable, that would of course be /etc/mail/virtusertable.

I use the short names assuming you know what i mean. In a reply, please use the long form when describing qmail/postfix, as i have no clue whats what :)

My current setup uses sendmails virtusertable for all domains i handle.
There is never an instance where mail sent to user@domain will just deliver to the account user, which is sendmails default method of delivery.
Every domain i have in my cw file is in virtusertable.

That said, the features I need are:

Fall-through addresses

in sendmails virtusertable if you add @domain.com
if the email address doesnt match a specific entry in virtusertable for a domian, it will then deliver using that rule.

Configurable bounce errors

I have some addresses (and some domains fall-through address) have entrys as:
@domain.com error:nouser No such user
which returns the correct error code and the text message above.

Delivery to a piped process

in sendmails aliases file you can add an entry such as
somealias: "|/path/to/an/app"
and sendmail will execute that program passing the email to its stdin.

Backup mail spooling

Where the server accepts mail for a domain but doesnt attempt to deliver it locally, just forward to a mail server with a higher(lower) MX priority.

Support 'list' forwards

IE staff@domain.com -> account1, account2, outside@emailaddy.com
Sendmail does this really ghetto by using both virtusertable and aliases, as only aliases can have multiple places of delivery, but virtusertable can send domain mail to an alias easily enough.

Access controls for relaying

I use IP addresses to control who can send mail out through the mailserver (Only machines in my IP space, as well as a couple friends statics are on the list)
I would be interested in smtp-auth in the future but until I finished the server transistion I would want the functionality to remain as-is, and inform my users later for new and added features, preferably without having to say older features will no longer work.
Doing without smtp-auth would also be fine with me.

Domain mirroring

In sendmails virtusertable, if you have say 3 domains that use the same mappings, you can do the following:

user1@domain.com user1 ...
user99@domain.com user99
@domain.com error:nouser No such user

@domain.NET %1@domain.com
@domain.ORG %1@domain.com

Then you only need to manage one list (for com) and if you sent mail to user1@domain.org it would rewrite it as user1@domain.com

Also for local delivery, the mailer would need to work with procmail.
Im sure qmail and postfix both do, so that shouldnt be a problem. Just wanted to mention it incase..

If qmail/postfix really can do everything above, then i stand corrected, but would ask either for a source of good documentation, or just an explnation on each point for how to do it the qmail/postfix way.

Thanks

Re:Qmail and postfix hippies: shut the hell up ple

[Anonymous Coward]

This one bug doesn't make sendmail bad. The fact that it's had scores of bugs does.

It's "only" a mail server, but what about a company whose email contains very sensitive information? They may feel safe using, say, smtps and imaps, but if sendmail isn't secure, they're sunk. In addition, getting on a mail server may allow access to a local network filled with insecure windows boxes. Oops.

You seem to be way too attached to sendmail. There are better alternatives [postfix.org] available, so why not use them? I broke off from sendmail years ago, happily.

You should not create such an attachment to software; I use OpenSSH currently because it's free and works. I won't pretend it's not bug-ridden, though, and if something better comes along, I will switch because I care about security. I don't care if I've been using OpenSSH for years.

Re:Advisories, more like invatations to exploit

[grokBoy]

Well, the Full-Disclosure [netsys.com] list that I am involved with was one of the ones that received the premature announcement [netsys.com], but I'm sure you'll agree that even with the follow-up [netsys.com] it was far from anything that provided a remote exploit. The tone of the thread seemed to indicate that there was already interest in this 'in the wild' before it was disclosed to the lists in question, in any case. Kudos to the Sendmail team for getting the fix out so promptly.

OSX 10.2.4 is vulnerable to this exploit

[Anonymous Coward]

It looks to me like OSX 10.2.4 is vulnerable to this exploit. The CERT advisory says all version previous to 8.12.9 and I'm pretty sure OSX uses 10.12.6. Can anyone confirm this? It is disabled by default, so it is not large issue. Anyone care to bet as to how long for a security patch?

Re:I still choose Sendmail as my MTA

[Anonymous Coward]

Please keep in mind that this MTA was around when the network was more of a community (not a lot of .com) and having an open relay was normal.

But that is the major PROBLEM with sendmail. Or, do you mean we should continue to use a program with a bad design for today's world _because_ it has a bad design?

Too Cool for Secure Code

[bill_mcgonigle]

Interesting how we just had this article [slashdot.org] the other day.

I know some places process alot of mail with sendmail and need all the speed they can get, but the monster sites seem to have gone to qmail anyway. Considering the speed of my computer vs. the speed of my 'net pipe, I don't have much of a load on my mailserver, which leads me to ask:

Does anybody know of a good mailserver written in a higher-level language?

This is what, the 82nd remote root-exploit in sendmail due to C coding problems? Let's see something written in Perl or Python or Java, even.