Sendmail may contain a flaw that may allow a remote denial of service. The issue is triggered when an attacker issues a large number of RCPT TO commands. This may result in loss of availability for the service.
Currently, there are no known upgrades or patches to correct this issue. It is possible to mitigate the effect the attack may have of the service by implementing the following workaround:
Add or set the MaxRecipientsperMessage option in the sendmail.cf file to restrict the amount of recipients per e-mail.
Additionally, add or set the PrivacyOptions=goaway to the sendmail.cf file. This will prevent sendmail for returning information in response to the VFRY and EXPN commands. This will not prevent the attack but will make it harder to confirm email addresses by spam collectors.