Other Security Information

No single chapter on security can be fully complete. The subject is so complex and far-ranging that an entire book might not be enough. To augment the information we have given here, we recommend these other important sources:

http://www.sendmail.org/~gshapiro/

Gregory Shapiro has authored a number of fine papers on sendmail. Of special interest, as of this writing, is Sendmail Security (based on V8.12), a brief document that outlines much of what we have talked about in this chapter, and provides tips we have not covered.

sendmail/SECURITY

The file sendmail/SECURITY is supplied with the sendmail source distribution and mainly deals with a non-root setup. You should read this file each time you download a new sendmail release.

http://www.cert.org/

This is the official site for the CERT Coordination Center, which studies Internet security vulnerabilities, handles computer security incidents, and publishes security alerts. This is an excellent site for security information, and it allows you to sign up for a mailing list that can warn you about security incidents.

http://www.sans.org/

The official site for the SANS Institute, an organization that provides security training and information. This site allows you to subscribe to a mailing list that provides routine digests of security matters.

Practical Unix & Internet Security, Third Edition

By Simson Garfinkel and Gene Spafford (O’Reilly), this comprehensive book on security that includes information about many versions of Unix. It contains information about network security that is germane to sendmail administration.

Other web sources

Any of your favorite search engines can be used to find additional material about computer security in general, email security, and sendmail security in specific.

Get sendmail, 4th Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.