Improving Sendmail Security by Turning It Off

Hal Pomeranz

Sendmail is, for better or worse, the de facto standard Mail Transfer Agent (MTA) for UNIX systems. While many books could be written about the pros and cons of replacing Sendmail with an alternate MTA -- such as Postfix, Qmail, or Exim -- the reality is that most UNIX shops have a huge installed base of machines running Sendmail daemons as part of their default install. The surprising news, however, is that the vast majority of these systems do not need to be running a Sendmail daemon at all.

This issue is likely to become a critical one for sites in the near future. The Sendmail buffer overflow exploit announced in March will almost certainly be programmed into an automated worm within the next six months. Such a worm could do for UNIX systems what Code Red did to the Windows world -- simply because there are so many potentially vulnerable UNIX systems on the network today. Shutting off the Sendmail daemon on 99.9% of the systems in your environment would greatly reduce the potential impact of such a worm.

The Role of the Sendmail Daemon

When I discuss security issues with systems administrators, I find that many of them are confused about the need for a running Sendmail daemon on their systems. This confusion is understandable since, for at least the last two decades, the commercial UNIX vendors have been shipping their operating systems with active Sendmail daemons in the default install. Most administrators simply assume that this daemon is necessary for the users and automated processes running on the system to be able to emit email from the machine.

The reality, however, is that the Sendmail daemon on a machine is only responsible for two things:

1.