New Sendmail security feature
Ken A
ka at pacific.net
Thu Jun 15 16:04:08 IST 2006
Kai Schaetzl wrote:
> Ken A wrote on Wed, 14 Jun 2006 11:31:45 -0700:
>
>> "by limiting the maximum message size accepted by your server (via the
>> sendmail MaxMessageSize option), you can eliminate the attack completely."
>>
>> Does anyone using sendmail NOT limit max message size you'll accept?
>
> well, they are "vague" about the size. Even the original advisory at
> http://www.sendmail.com/security/advisories/SA-200605-01.txt.asc
> just says "very large". What is "very large"?
'ulimit -a | grep stack' will tell you what "very large" is, I think.
I'm just waiting for yum repositories to get the new version and it's a
minor patch, so it should be no problem upgrading very soon.
For now, I just put 'ulimit -s xxxxx' at the top of my
/etc/init.d/MailScanner file, so the processes start with a stack size
limit that is > MaxMessageSize.
Ken A
Pacific.Net
> Kai
>
More information about the MailScanner
mailing list