Sendmail Vulnerability Issues

A critical security problem was recently discovered in sendmail ( and a new version 8.12.8 containing a fix is now available.

Although H-Sphere doesn't include sendmail package by default, boxes that don't have H-Sphere mail system based on qmail/vpopmail may contain a custom sendmail package. We recommend checking your webservers, CP server and database servers as follows:


[root@server root]# rpm -qa|grep sendmail


[root@server root]# telnet localhost 25
Connected to localhost.
Escape character is '^]'.
220 monster.psoft ESMTP Sendmail 8.11.6/8.11.6; Thu, 6 Mar 2003 18:31:15
telnet> Connection closed.

If you have a sendmail package installed and sendmail SMTP daemon running, you should update or patch the package. The instructions are available on the sendmail site at

Copyright 1998-2008. Positive Software Corporation.
All rights reserved.