about sendmail security update

Jonathan Horne freebsd at dfwlp.com
Sat Apr 8 18:20:43 UTC 2006 

On Saturday 08 April 2006 10:25, Gonzalo Suarez wrote:
> hello!
>
> i'm a very new freebsd user/admin. i run my own server since 1 month ago, i
> 've been told about a security issue with sendmail. i read about it on the
> security ad
> ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:13.sendmail
>.ascand I don't know how could i get my system patch or upgraded. some
> people tell me to quit using sendmail and try postfix, but i would like to
> fix sendmail and try to configure it...
>
> I installed the system with a freebsd5.4 release cd. i downloaded the patch
> and when I excuted it i realized that i don't have the source code of
> sendmail since i started the installation with de cd-rom standard
> installation. what am i supposed to do now? patch or upgrade. what is the
> easy way? i have compiled some little C code for college practices and
> installed some bsd-ports with make install but  now i'm a little bit lost
> here...
>
> thanks for your help.
>
> Gonzalo.
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"

here is how i updated my system, just yesterday.  mine is 6.0, but im pretty 
sure its pretty close to the same (actually, before i clicked send here, i did 
this same thing on an unused 5.4 dev box i had, and ive determined that these 
instructions worked on 5.4 as well).

1) cvsup your /usr/src directories.  if they are empty, this will cause them 
to populate.  if there is anything already there, this will update your 
sources to latest.

# pkg_add -r cvsup-without-gui
# pkg_add -r fastest_cvsup
# cp /usr/share/examples/cvsup/stable-supfile /root
# cvsup -L 2 -h `(fastest_cvsup -q -c us )` /root/stable-supfile

that should update your entire sources tree.  take a look at the 
stable-supfile, it can be edited to be more brief about which portions of the 
src tree its going to pull down.  no edits = the whole thing.

2) recompile sendmail

# cd /usr/src/lib/libsm
# make obj && make depend && make
# cd /usr/src/lib/libsmutil
# make obj && make depend && make
# cd /usr/src/usr.sbin/sendmail/
# make obj && make depend && make && make install
# cd /etc/mail
# make all install restart

i generally also restart sendmail from the rc.d script as well, just to be 
sure.

# /etc/rc.d/sendmail restart

now, when you telnet to hostname.domain 25, you will see:

220 locahost.domain ESMTP Sendmail 8.13.6/8.13.3; Sat, 8 Apr 2006 
13:18:24 -0500 (CDT)

good luck!
jonathan

More information about the freebsd-questions mailing list