Securing Sendmail

Securing Sendmail

Note that it is recommended to use Postfix over Sendmail for various security reasons.

On newer Linux systems Sendmail is configured to run in the background for local mail delivery and not to accept incoming network connections. If your server is not a mail or relay server, then it is important that Sendmail is not accepting incoming network connections from any host other than the local server.

The default sendmail.cf configuration file on RedHat does not allow Sendmail to accept incoming network connections. The following setting in /etc/mail/sendmail.cf tells Sendmail not to accept incoming network connections from servers other than the local node:

DaemonPortOptions=Port=smtp,Addr=127.0.0.1, Name=MTA

If that’s not the case on your system, you can change it by setting or uncommenting the DAEMON_OPTIONS parameter in the /etc/mail/sendmail.mc file.

Uncomment the DAEMON_OPTIONS line in /etc/mail/sendmail.mc to read:

DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA’)dnl

Then run:

# mv /etc/mail/sendmail.cf /etc/mail/sendmail.cf.old
# m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
# /etc/init.d/sendmail restart

To verify whether Sendmail is still listening for incoming network request, you can run one of the following commands from another node (make sure that you have permissions to probe a machine):

# nmap -sT -p 25 [ip address]
# telnet [ip address] 25

Tags: Securing, sendmail

Trackback URI | Comments RSS

You must be logged in to post a comment.

ServerBuddies Support Blog

Linux Support Blog

Leave a Reply

E-mail Updates

Archives

Categories

Links