You have been contracted to penetration test an e-mail server for a client that wants to know for sure if the sendmail service is vulnerable to any known attacks. You have permission to run any type of test, how will you proceed to give the client the most valid answer?
A. Run all known sendmail exploits against the server and see if you can compromisethe service, even if it crashed the machine or service
B. Run a banner grabbing vulnerability checker to determine the sendmail version andpatch level, then look up and report all the vulnerabilities that exist for that versionand patch level
C. Run all sendmail exploits that will not crash the server and see if you cancompromise the service
D. Log into the e-mail and determine the sendmail version and patch level, then lookup and report all the vulnerabilities that exist for that version and patch level