[unisog] sendmail vulnerability / impact

marchany at vt.edu marchany at vt.edu
Fri Mar 7 19:17:54 GMT 2003


>To date, we've only received one complaint about this action, but our CIO
>wants us to ask other university security folks about what they have done.

I guess it wasn't worth the effort to block port 25 then :-).

What was the real purpose of the block? Is your policy to not allow students 
or any dept on campus from running an email server on their machine? If so, 
why? Why segregate the resnet from the rest of campus? Seems like you're 
making a big assumption that dept mail servers are more secure :-) than resnet 
email servers. Why not block at the border and allow only to designated email 
servers?

On the other hand, why not build updated sendmail kits for the more common 
mail servers on campus? You send a warning to the campus about the sendmail 
problems and then provide a solution to the problem in the form of the 
sendmail kits. Then your university community is free to run an email server 
if they want and they have a solution to this exploit.

If a new FTP vulnerability shows up, are you going to block ports 20,21? What 
about a new WWW exploit? Will you block port 80?

I don't see what was gained by this effort.

	-r.





More information about the unisog mailing list