[786] in Release_7.7_team
sendmail on Solaris
daemon@ATHENA.MIT.EDU (Jonathon Weiss)
Wed Nov 20 22:43:36 1996
From: Jonathon Weiss <jweiss@MIT.EDU>
To: release-team@MIT.EDU
Date: Wed, 20 Nov 1996 22:43:16 EST
So, last summer (for 8.0) we were going to install a parch to Solaris
to close some sendmail security holes, but it was backed out, because
it upgraded to an 8.6 based sendmail and that required modifications
to the sendmail.cf. Since this would require replacing the cf file on
private workstations which might break workstations with a hacked one,
people were hesitant. I also seem to recall that we didn't have
anyone with a lot of time to fix the sendmail.cf.
However, there are additional compelling reasons to make this switch
now. (I guess that means 8.1 this summer, right?) First, it is
likely that we will be forced to use an 8.6 (or later) based version
with Solaris 2.5 anyway. Second, anyone who has been reading the bugs
discuss has probably noticed mjacknis sending a lot of reports of mail
stuck on workstations. It appears to be the case that these messages
are locked by sendmail processes that aren't around anymore. Since
booting the machine cleans up the lock files, I'm guessing that
sendmail is crashing in some circumstances, thus leaving messages on
the workstation until the next time it is rebooted. This is kinda
poor. (I'ts worth noting that all of the reports of this nature seem
to be coming from suns.) I suspect that upgrading the sendmail would
fix the problem.
I run an 8.6 based version of sendmail on my sun, and have only had to
make a couple of changes to my sendmail.cf to get this to work.
(Although, I have added a number of additional hacks since.) I
suspect that there are some people who would advocate throwing away
our current sendmail.cf and generating a new one based on the stuff in
a sendmail 8 distribution. Since I have never investigated this
significantly, I'm not sure what the pros and cons would be.
Anyhow, I suspect we're going to have to bite the bullet and replace
people's sendmail.cf's soon, so I figured I'd bring it up now, so we
can get any flaming out of the way and document it. Unfortunately, I
can't even tell you how many people run mkserv mail (these are the
most likely people to have modified their sendmail.cf) since no one
has fixed snmpd to look for /var/server/.services in /var/server
rather than /site/server. (I'll admit to being unable to build this
myself, so I couldn't come up with a patch).
Jonathon
