Warning: SuSE sendmail upgrade turns on sendmail (Was Re: [RHSA-2003:073-06] Updated sendmail packages fix critical security issues)

Craig Pratt craig at STRONG-BOX.NET
Mon Mar 3 21:43:09 GMT 2003 

WARNING: SuSE 8.1 SENDMAIL UPGRADE TURNS ON SENDMAIL AT RUNLEVEL 5

Just upgraded one of our SuSE 8.1 systems. And was watching for this:

        $ chkconfig --list sendmail
        sendmail                  0:off   1:off   2:off   3:off   4:off
5:off   6:off
        $ sudo rpm -U sendmail-8.12.6-91.i586.rpm
        sendmail                  0:off   1:off   2:off   3:on    4:off   5:on
    6:off

With sendmail set to run at runlevel 5, it will bypass mailscanner (and
the all-important spam and virus scanning it provides ;^)

Note the remedy:

        $ sudo chkconfig sendmail off
        $ chkconfig --list sendmail
        sendmail                  0:off   1:off   2:off   3:off   4:off
5:off   6:off

Craig
craig at strong-box.net

On Monday, March 3, 2003, at 12:59  PM, Julian Field wrote:

> I wouldn't be surprised if the RPMs do a "chkconfig sendmail on" among
> other things :-(
> They really should recognise they are being upgraded and not freshly
> installed and therefore leave your system alone.
>
> At 20:50 03/03/2003, you wrote:
>> Thanks for that!  One little gotcha to look out for... I just
>> upgraded the
>> rpms on my Mandrake box and the postinstall script kicked off a new
>> sendmail process, bypassing MailScanner (Whoops!).  Dunno if this
>> happens
>> with other packages but its worth checking!
>>
>> > -----Original Message-----
>> > From: Richard, Matt [mailto:matthew.richard at COCC.COM]
>> > Sent: Monday, March 03, 2003 9:49 AM
>> > To: MAILSCANNER at JISCMAIL.AC.UK
>> > Subject: FW: [RHSA-2003:073-06] Updated sendmail packages fix
>> critical
>> > sec urity issues
>> >
>> >
>> > For those who have not already seen the advisory.  It appears
>> > to effect
>> > sendmail on many different platforms.
>> >
>> >
>>
>>
>>
>> BMRB International
>> http://www.bmrb.co.uk
>> +44 (0)20 8566 5000
>> _________________________________________________________________
>> This message (and any attachment) is intended only for the
>> recipient and may contain confidential and/or privileged
>> material.  If you have received this in error, please contact the
>> sender and delete this message immediately.  Disclosure, copying
>> or other action taken in respect of this email or in
>> reliance on it is prohibited.  BMRB International Limited
>> accepts no liability in relation to any personal emails, or
>> content of any email which does not directly relate to our
>> business.
>
> --
> Julian Field
> www.MailScanner.info
> Professional Support Services at www.MailScanner.biz
> MailScanner thanks transtec Computers for their support
>
> --
> This message checked for dangerous content by MailScanner on StrongBox.
>


--
This message checked for dangerous content by MailScanner on StrongBox.

More information about the MailScanner mailing list