> To clarify my comments a bit... And to clarify mine. > > I agree sendmail has a larger TCB, so if there's going to be a problem > it's going to be more likely to have dire consequences. I was just > trying to point out that the mere fact that sendmail wasn't designed > for security doesn't mean that sendmail shouldn't be instantly > considered insecure. I do believe that postfix and qmail are both > less risky to run, ultimately (and I have not run sendmail in years). > I don't necessarily consider sendmail insecure, but with the relatively large number of root-able exploits, I have misgivings over running it myself. However, BIND also has the same problems and I find myself running it anyway. (I definitely stay on top of BIND stuff though.) Really, sendmail is a very configurable MTA and is very good at what it does. Now, granted, some of the features are useless to many people and the configuration file makes badly-written Perl look legible... But it works, and there are many people out there who will swear by it. When I rebuilt my machine, I was originally going to install sendmail but glibc 2.1.3 had an essentially-broken copy of Berkeley db in it. (At least it was broken for me.) And I failed managing to get my machine to recognize the copy of Berkeley db 3.x I had compiled first. (Which was dumb of me, admittedly.) And without db support, I couldn't compile either sendmail or postfix. So I use qmail. I don't have many issues with qmail, and I feel that qmail when coupled with some of the other modules/add-ons for it (such as vpopmail) can easily catch up to sendmail's many features... and is easier to configure. --CAE Kujikenaikara! Sub caelo noctis sto quod stellae mihi spem dant. "Just a whisper. I hear it in my ghost." --Major Matoko Kusanagi, "Ghost in the Shell"
This archive was generated by hypermail 2b30 : Sun Jun 24 2001 - 10:42:01 PDT