Squirrelmail question

Charles Mallahan Jr. HaveAGreatDay at mallahan.net
Thu Jan 30 18:14:06 CST 2003 

I agree with you.  I run webmin, nagios, acid, squirrelmail all in SSL. 
Like right now I am in Dayton, OH (I travel alot because I am an IT
consultant, specializing in security) and I need the remote admin feature.

A while back someone trojaned the sendmail source, and so RedHat posted a
patch for sendmail.  I applied the patch, and like other patches, it
usually makes a rpmnew config file.  So handling it like a previous bind
and apache patch, I checked my configuration files, and in those cases
they were back to the original default text, so I just restored my old
ones.

With sendmail it generates your .cf file off of a text configuration file,
so for "a try" using webmin (making it easy...since time is tight right
now) I would just rerun the configure and see what happened.  I didn't
change anything, but I figured the patch might have.

I recommend to anyone before using webmin, do what I do.  Compile your
entire system from source (and don't quit with doing apache).  It took me
a week before I had apache configured the way I wanted it, with the proper
mods, it took me two weeks to just understand bind, but I am better-off
for it now.  I don't want/need to consume any more time then I have to
keep my systems properly running, but I wouldn't say anyone who just uses
webmin is a Linux Guru either.

Jonathan Hutchins said:

> ----- Original Message -----
> From: "Charles Mallahan Jr." <HaveAGreatDay at mallahan.net>
>
>> I had the same problem, I went into webmin in the sendmail server
>> section,
>> I clicked on domain mapping.  Then I clicked on the "click here" which
>> took me to reconfiguring sendmail, which I did.  Must be from the
>> patches
>> that came down awhile back on RHN, I never reconfigured.  Once I did
>> this,
>> I could forward and reply to emails.
>
> Do you have any idea what you changed in sendmail though?
>
> (This is one of those things I hate about things like webmin that
> Microsoft-ize Linux.  You can have someone administer a server and make
> sendmail configuration changes without knowing a thing about what they're
> changing or why.  For someone who knows what they're doing it can be a
> useful tool for remote admin, but I would think it would be a security
> nightmare.  I sure wouldn't run it, but if I did run a web configuration
> tool I would not allow it to start automatically; I'd start it manually
> from
> an SSH login and shut it back down when I was done making changes.)
>
>
>
>

Regards,

Charles Mallahan Jr., CISSP

More information about the Kclug mailing list