One of the most important services you can provide is a mail server. Unfortunately, it is also one of the most vulnerable to attack, simply due to the number of tasks it must perform and the privileges it typically needs.
If you are using sendmail
it is very important to keep up on current
versions. sendmail
has a long long history of security
exploits. Always make sure you are running the most recent version from
http://www.sendmail.org.
Keep in mind that sendmail does not have to be running in order for you to send mail. If you are a home user, you can disable sendmail entirely, and simply use your mail client to send mail. You might also choose to remove the "-bd" flag from the sendmail startup file, thereby disabling incoming requests for mail. In other words, you can execute sendmail from your startup script using the following instead:
# /usr/lib/sendmail -q15m
This will cause sendmail to flush the mail queue every fifteen minutes
for any messages that could not be successfully delivered on the first
attempt.
Many administrators choose not to use sendmail, and instead choose one
of the other mail transport agents. You might consider switching over
to qmail
. qmail
was designed with security in mind
from the ground up. It's fast, stable, and secure. Qmail can be found at
http://www.qmail.org
In direct competition to qmail is "postfix", written by Wietse Venema, the author of tcp_wrappers and other security tools. Formerly called vmailer, and sponsored by IBM, this is also a mail transport agent written from the ground up with security in mind. You can find more information about postfix at http://www.postfix.org