[nSLUG] Re: Mailing List Security

Mike Spencer mspencer at tallships.ca
Wed Mar 5 03:16:13 AST 2003


Previously I asked how to tell which version of sendmail I'm running.

dlpotter suggested:

> 1) usually the headers in an outgoing message indicate the version of 
> the program used to send it, and

So I sent myself a message, client -> sendmail -> ISP's smarthost ->
ISP's POP3 server.  This header reflects the connection to sendmail
from my client:

   Received: (from mds at localhost)
       by bogus.nodomain.nowhere (8.9.1a/8.9.1) id CAA11327;
       Wed, 5 Mar 2003 02:53:12 -0400

Does that mean I have sendmail 8.9.1a?  If so why is this number
repeated (without the "a")?  The header inserted by the ISP's mta
says:

   Received: from bogus.nodomain.nowhere (dialup-71.glinx.com [24.222.77.71])
      by admin.tallships.ca (8.9.1/8.9.1) with ESMTP id CAA00739
      for [snip]

Does that mean that the ISP is running sendmail 8.9.1?

Sorry if this is kinda getting off the Linix focus.  I'm pretty good
at untangling spam headers but I never knew what this part of the
header meant.

> 2) most programs have a -v -Ver or some command line option to return 
> the version number - this would normally be documented in the man
> page

Apparently no such switch for sendmail.


bdaviso suggested:

> Try "telnet localhost 25" and see what version is reported.

Doh.  I knew that.  Duh.  It says

     220 bogus.nodomain.nowhere ESMTP Sendmail 8.9.1a/8.9.1

But then,

> The banner version is specificed in the config file (sendmail.cf),
> so you cannot trust that.

Um, check.  Found that.  My executable is older than sendmail.cf and
I'm pretty sure I never upgraded it.  I guess 8.9.1 it is.

Tnx for the replies.


- Mike

-- 
Michael Spencer                  Nova Scotia, Canada 
                                 
mspencer at tallships.ca            
http://home.tallships.ca/mspencer/




More information about the nSLUG mailing list