Details
In Solaris 11, the sendmail service is set to local only mode by default. This means that
users on remote systems cannot connect to the sendmail service, eliminating the
possibility of a remote exploit attack against some future sendmail vulnerability. Leaving
sendmail in local-only mode permits mail to be sent out from the local system. If the local
system will not be processing or sending any mail, this service can be disabled.However, if sendmail is disabled completely, email messages sent to the root account
(such as cron job output or audit service warnings) will fail to be delivered.An alternative approach is to disable the sendmail service and create a cron job to
process all mail that is queued on the local system, sending it to a relay host defined in the
sendmail.cf file. It is recommended that sendmail be left in local-only mode unless there
is a specific requirement to completely disable it.
The software for all Mail Transfer Agents is complex and most have a long history of
security issues. While it is important to ensure that the system can process local mail
messages, it is not necessary to have the MTA’s daemon listening on a port unless the
server is intended to be a mail server that receives and processes mail from other systems.
Solution
Run the following to set sendmail to listen only local interfaces-# svccfg -v -s svc-/network/smtp-sendmail setprop config/local_only=true
# svcadm refresh sendmail
# svcadm restart sendmail
Supportive Information
The following resource is also helpful.
This control applies to the following type of system Unix.