Re: [tlug] Hi from new server and a couple of questions

["Stephen J. Turnbull" <stephen@example.com>]

>>>>> "GMO" == GMO Unix Erin D Hughes <erin-hughes@example.com> writes:

    GMO> On Wed, 2006-07-12 at 09:49 +0000, scott wrote:

    >> I don't really want to disable selinux however, especially
    >> after having my previous server cracked and used as a spam
    >> zombie :-(

SELinux has very little to do with that, though, as I understand it.
SELinux will help a lot if you need to offer resistance to hackers
*once the get in*.  But most servers have only one or two "doors", and
the rooms they lead to can be sealed off fairly easily without SELinux
features.  If the spammers (for example) can pretty much do everything
they want to without leaving the "Sendmail wing", they'd be nuts to
try.  That might tip you off.

>>>>> "GMO" == GMO Unix Erin D Hughes <erin-hughes@example.com> writes:

    GMO> Check your version of sendmail. That is probably how they got
    GMO> you the last time and how they will get you again if you are
    GMO> not paying attention.

Yes, if your version of sendmail is sendmail.com sendmail, and not
postfix or exim, they will get you again. :-)

Seriously, sendmail is an extremely complex application, with (today)
a deserved reputation for very few bugs per line of code.  But what
matters is not bugs/loc, it's bugs per app.  Sendmail has a long
history of having too many.

Reconsider whether you really need sendmail.


-- 
School of Systems and Information Engineering http://turnbull.sk.tsukuba.ac.jp
University of Tsukuba                    Tennodai 1-1-1 Tsukuba 305-8573 JAPAN
               Ask not how you can "do" free software business;
              ask what your business can "do for" free software.