The sendmail mail transport agent is included in
prepackaged form in most Linux distributions. Installation in this case is
relatively simple. Despite this fact, there are some good reasons to install
sendmail from source, especially if you are security
conscious. The sendmail program is very complex and has
earned a reputation over the years for containing bugs that allow security
breaches. One of the best known examples is the RTM Internet worm that
exploited a buffer overflow problem in early versions of
sendmail. We touched on this briefly in
Chapter 9. Most security exploits involving buffer
overflows rely on all copies of sendmail on different
machines being identical, as the exploits rely on data being stored in
specific locations. This, of course, is precisely what happens with
sendmail installed from Linux distributions. Compiling
sendmail from source yourself can help reduce this risk.
Modern versions of sendmail are less vulnerable because
they have come under exceedingly close scrutiny as security has become a more
widespread concern throughout the Internet community.
The sendmail source code is available via anonymous FTP from
ftp.sendmail.org.
Compilation is very simple bceause the sendmail source
package directly supports Linux. The steps involved in compiling
sendmail are:
# cd /usr/local/src
# tar xvfz sendmail.8.9.3.tar.gz
# cd src
# ./Build |
You need
root permissions to complete the installation
of the resulting binary files using:
# cd obj.Linux.2.0.36.i586
# make install |
You have now installed the
sendmail binary into the
/usr/sbin directory. Several symbolic links to
the
sendmail binary will be installed into the
/usr/bin/ directory. We'll talk about those links when
we discuss common tasks in running
sendmail.
