Security Issues for Berkeley Sendmail

While sendmail is a crucial component of many networked UNIX systems, it may also create significant security risks, particularly if the system administrator is not careful.

Understanding the Risks

Sendmail is nearly ubiquitous. It is the most popular mail daemon for UNIX platforms. This makes it an attractive target for attackers.
The complexity and variety of the functions provided by sendmail creates more potential for security weaknesses and makes it more difficult to identify possible holes before they are exploited.
Sendmail usually runs as the privileged user. A security vulnerability in sendmail can result in total compromise of the system and the network itself.
In daemon mode, sendmail is a network application. Security vulnerabilities that may exist due to the negligence of the programmers or system administrator may provide a door (as sendmail has done in the past) for unauthorized remote access.

Minimizing the Risks

Keep sendmail up-to-date
Recently, the majority of upgrades have included patches to known security holes. Exploit scripts are available for most of the widely-known vulnerabilities, allowing someone with minimal technical expertise to attack systems running older versions.
Read a security mailing list. At the very least, subscribe to something like the CERT advisory mailing list. It will not be as informative or punctual as a discussion-oriented security mailing list, but it usually keeps its readers updated on new vulnerabilities in sendmail and other major security issues.
Check the sendmail home page regularly. It will list the version number of the most recent release of sendmail. You should be running whatever version that is at the time.
If you do not run Berkeley Sendmail, make sure you stay up-to-date on all vendor-supplied security patches.

Do not create unnecessary security risks

If your machine does not receive mail over the network, there is no reason to run sendmail in daemon mode. Disable it so it does not execute at boot time.
Run sendmail with minimal permissions. Again, if you don't run sendmail as a daemon, you probably don't need it to run SUID root. Sendmail however, must be SGID mail.

Establish good security practices

Attacks usually exploit a number of programs in conjuction. Maintain good general security on your system. Learn how and, more importantly, why. If you don't know where to begin, pick up an introductory book such as Practical UNIX & Internet Security, 2nd Edition
Know your system. Bankers learn to identify counterfeit money -- not by studying the fakes, but by knowing every detail of genuine currency. Likewise, the only way a system administrator can recognize attacks on her/his system is to know it well enough to identify problems or modifications that may indicate an attack.