On Wed, 29 Oct 1997, Derek Andree wrote:
It would seem like a nice feature for Sendmail, but do you think it is realistic to assume that everyone would upgrade? I know of many hosts which use "outdated" versions of Sendmail. Then you would be faced with the question of whether to only allow connections from the latest version of sendmail (with the sender verification), which would limit it's usefulness.
Derek Andree derek@firstcomm.com
Anyone running outdated versions of sendmail has not only not met their obligations as a sysadmin, but they are also asking to have their networks owned. Sendmail is updated so often because it has MAJOR security holes and bugfixes. I guarantee you that if you gave me one of the sites that is running outdated sendmail, they could be "owned" in a very short time. There are far too many remote sendmail exploits for older versions to not upgrade. Checking http://www.geek-girl.com/bugtraq and doing a search on sendmail will verify this. So, upgrading should be a prioity to anyone who's running anything less than Sendmail 8.8.8. Joe Shaw - jshaw@insync.net NetAdmin - Insync Internet Services