I have a fresh install of Virtualmin showing some concerning information in the “Software Versions” section of the dashboard. It says “Mail injection command” In the first column, and “/usr/lib/sendmail -t” in the second column.
I am not using sendmail. I have Postfix configured and working with SPF, DKIM, and DMRC.
So far I have:
Installed and configured PHPList Newsletter System. This required php-zip which had its required dependencies.
Installed and configured WordPress with the recommended php-intl.
Somewhere along the line, php-imap was suggested as a recommended package. Stupidly, I installed the package knowing I didn’t need it for any particular reason. I have been reading up on it. Apparently there are highly documented vulnerabilities with the php-imap extension on Ubuntu and Debian operating systems. *palm to face
Postfix includes a mail injection command called sendmail, which behaves exactly as the old sendmail command included with the Sendmail package.
You should not try to change that, you absolutely need it for a huge variety of mail-related functions to work.
I would assume they have been patched in current versions provided by the distribution. php-imap is widely used and actively maintained, to the best of my knowledge (but I am not a PHP developer, nor is it my area of expertise). It is installed to satisfy dependencies in several Install Scripts (which may explain how you have it installed, if you don’t remember installing it).
Of course not. There’s nothing wrong. You should just spend some more time reading and learning.
Even if something were wrong with any of the above, it’d be a huge waste of time to start over every time you install the wrong package somehow. You can uninstall packages with one command.
Also, in the future, please post one question per topic.