randy@oetl.UUCP (Randy O'Meara) (06/24/89)
I've just picked up and compiled sendmail 5.61 on my HP-UX
6.2 (model 320) machine. What I would like to know is: how
can I tell if my sendmail is `wormproof'?
--
Randy O'Meara randy@oetl.Scf.Lockheed.Com
(408) 425-6249 ...{pyramid,leadsv,lstc}!oetl!randykarl@giza.cis.ohio-state.edu (Karl Kleinpaste) (06/26/89)
randy@oetl.uucp writes:
I've just picked up and compiled sendmail 5.61 on my HP-UX
6.2 (model 320) machine. What I would like to know is: how
can I tell if my sendmail is `wormproof'?
Check what's listed in the SMTP command table, struct cmd CmdTab[] in
srvrsmtp.c ; "debug" should be either missing or #ifdef'd out of
existence (corroborate carefully against your CFLAGS). If you want to
check if any installed & running version is susceptible, watch what it
does during SMTP conversations, e.g.:
[71] [10:17am] giza:/n/dinosaur/0/karl> telnet 127.1 smtp
Trying...
Connected to 127.1.
Escape character is '^]'.
220 giza.cis.ohio-state.edu Sendmail (laser-tinted braindeath) 5.59/4.890612 ready for love at Mon, 26 Jun 89 10:17:16 EDT
debug
500 Command unrecognized
quit
221 giza.cis.ohio-state.edu closing connection
Connection closed by foreign host.
[72] [10:17am] giza:/n/dinosaur/0/karl>
If you're susceptible, you will get "250 Debug set" after the "debug"
command above.
--Karl