Hello, I am having some problem with my campus network administrator / ISP complaining that I am running vulnerable versions of sendmail on our older machines (redhat 7.3 and 9), since the version broadcasted by sendmail is < 8.12.10, which according to sendmail website fixed a security vulnerability. I checked RHN errata and I know that Redhat already backported the security fix for that problem before the EOL of RH 9 and 7.3, so my sendmail versions are not vulnerable. It's just Redhat did not change their sendmail version from 8.11.x to 8.12.x. I explained this to them and they didn't believe it. They can't even believe that Redhat as a vendor would fix any vulnerability found in sendmail, and they insist that they go by what's in Sendmail website and that I have to upgrade my sendmail. Well I don't want to do that since I know I am not vulnerable. Even fedoralegacy does not have any more fixes for Sendmail. So my question, is there any way that I can change the version broadcasted by sendmail, so that for example when I do 'telnet machine 25' I get the 'required' version (ie. 8.12.11 or whatever) ? I assume something like that is what the network admin people here do to check the version of sendmail that I'm running. Any suggestion ? Anyone's been in similar situation before ? what do you do in that case ? Any respond will be appreciated. Thanks. RDB -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
