Squirrelmail question
Charles Mallahan Jr.
HaveAGreatDay at mallahan.net
Thu Jan 30 18:14:06 CST 2003
I agree with you. I run webmin, nagios, acid, squirrelmail all in SSL.
Like right now I am in Dayton, OH (I travel alot because I am an IT
consultant, specializing in security) and I need the remote admin feature.
A while back someone trojaned the sendmail source, and so RedHat posted a
patch for sendmail. I applied the patch, and like other patches, it
usually makes a rpmnew config file. So handling it like a previous bind
and apache patch, I checked my configuration files, and in those cases
they were back to the original default text, so I just restored my old
ones.
With sendmail it generates your .cf file off of a text configuration file,
so for "a try" using webmin (making it easy...since time is tight right
now) I would just rerun the configure and see what happened. I didn't
change anything, but I figured the patch might have.
I recommend to anyone before using webmin, do what I do. Compile your
entire system from source (and don't quit with doing apache). It took me
a week before I had apache configured the way I wanted it, with the proper
mods, it took me two weeks to just understand bind, but I am better-off
for it now. I don't want/need to consume any more time then I have to
keep my systems properly running, but I wouldn't say anyone who just uses
webmin is a Linux Guru either.
Jonathan Hutchins said:
> ----- Original Message -----
> From: "Charles Mallahan Jr." <HaveAGreatDay at mallahan.net>
>
>> I had the same problem, I went into webmin in the sendmail server
>> section,
>> I clicked on domain mapping. Then I clicked on the "click here" which
>> took me to reconfiguring sendmail, which I did. Must be from the
>> patches
>> that came down awhile back on RHN, I never reconfigured. Once I did
>> this,
>> I could forward and reply to emails.
>
> Do you have any idea what you changed in sendmail though?
>
> (This is one of those things I hate about things like webmin that
> Microsoft-ize Linux. You can have someone administer a server and make
> sendmail configuration changes without knowing a thing about what they're
> changing or why. For someone who knows what they're doing it can be a
> useful tool for remote admin, but I would think it would be a security
> nightmare. I sure wouldn't run it, but if I did run a web configuration
> tool I would not allow it to start automatically; I'd start it manually
> from
> an SSH login and shut it back down when I was done making changes.)
>
>
>
>
Regards,
Charles Mallahan Jr., CISSP
More information about the Kclug
mailing list