[13194] in North American Network Operators' Group
Re: Spam Control Considered Harmful
daemon@ATHENA.MIT.EDU (Joe Shaw)
Thu Oct 30 11:19:29 1997
Date: Thu, 30 Oct 1997 10:11:09 -0600 (CST)
From: Joe Shaw <jshaw@insync.net>
To: Derek Andree <derek@firstcomm.com>
cc: nanog@merit.edu
In-Reply-To: <3457CE07.1A7658A7@firstcomm.com>
On Wed, 29 Oct 1997, Derek Andree wrote:
> It would seem like a nice feature for Sendmail, but do you think it is
> realistic to assume that everyone would upgrade? I know of many hosts which
> use "outdated" versions of Sendmail. Then you would be faced with the
> question of whether to only allow connections from the latest version of
> sendmail (with the sender verification), which would limit it's usefulness.
>
> Derek Andree
> derek@firstcomm.com
Anyone running outdated versions of sendmail has not only not met their
obligations as a sysadmin, but they are also asking to have their networks
owned. Sendmail is updated so often because it has MAJOR security holes
and bugfixes. I guarantee you that if you gave me one of the sites that
is running outdated sendmail, they could be "owned" in a very short time.
There are far too many remote sendmail exploits for older versions to not
upgrade. Checking http://www.geek-girl.com/bugtraq and doing a search on
sendmail will verify this. So, upgrading should be a prioity to anyone
who's running anything less than Sendmail 8.8.8.
Joe Shaw - jshaw@insync.net
NetAdmin - Insync Internet Services
