Sendmail and Cobalt

March 4th, 2003 · No Comments

This sendmail bug and resulting patch did seem a bit more organized than times in the past. I just wonder how many vulnerabilities are going to be voluntarily disclosed to the Directorate of Information Analysis and Infrastructure Protection.

I’m also a bit salty because the only machine that I have still running sendmail is the Cobalt Raq that hosts this site and others. The problem with the “network appliance” is that you’re completely at the mercy of the vendor. Cobalt was purchased by Sun, who barely supports the line.

Sendmail flaw tests Homeland Security

The attraction to the box, for me, was that it was Linux-based and I wouldn’t really have to manage it. I could have other people responsible for managing email, DNS, web hosting for some of our clients. And they wouldn’t have to be Linux gurus, either. We’re getting closer to that.

The problem yesterday was that a critical flaw in Sendmail was announced with patched available from all of the major Linux vendors. Sun / Cobalt still has yet to release a patch. So last night I was at a crossroads: upgrade sendmail on my own possibly breaking the Cobalt virtual users, leave it up and unpatched, or shutdown SMTP services.

If I wanted a Linux box that I needed to upgrade manually, rebuilding RPMs, etc. I wouldn’t have purchased a RaQ. Why spend more on goofball hardware, when I could have bought a gray box and been responsible for everything myself. This box was intended to save me time.

I ended up shutting down SMTP services until this morning when I saw that Michael Stauber from SolarSpeed had graciously provided a patch for the model that we’re using.

I’ll probably switch to Qmail shortly.

Tags: Work

0 responses so far ↓

There are no comments yet...Kick things off by filling out the form below.

JHill