Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 02 Apr 2003 13:25:50 -0800
From:      Terry Lambert <tlambert2@mindspring.com>
To:        Dan Naumov <dan.naumov@ofw.fi>
Cc:        freebsd-current@freebsd.org
Subject:   Re: Removing Sendmail
Message-ID:  <3E8B555E.5FCF55A6@mindspring.com>
References:  <20030402185311.599cb0d3.dan.naumov@ofw.fi>

next in thread | previous in thread | raw e-mail | index | archive | help
Dan Naumov wrote:
> Terry Lambert wrote:
> > Because syslog is unreliable.  See "BUGS" section of the man page.
> 
> Don't you think that if syslog is unreliable, then it should be fixed ?

Sure.  You should definitely fix it; you'll need to figure out
a way to know whether we've run out of mbufs, or can't connect
to the syslogd over TCP, or are experiencing a denial of service
attack, etc..


> If things are as you say, we have 2 problems: Sendmail gettings CERTs
> every other day and an unreliable system logger. Would you rather just
> let things be as they are ?

If you insist on painting this bikeshed...

Put any other mail server out there in place of Sendmail, and
all you will accomplish is a different set of CERTs.  Sendmail
gets a bad rap because of the amount of attention that's being
focussed on it.  Any time there's an SSL vulnerability, for
example OpenPKG-SA-2002.008, Postfix and everyone else who
supports StartTLS gets hit, too.

The system logger is unreliable because the transport mechanism
has too many causal links where it can be attacked.

I am always suspicious of people who want to replace the
default MTA/MSA code, and aren't willing to do the actual work
in making it possible to plug a different one in place of their
own favorite: it's too much like advocacy of their favorite
MTA/MSA code, if they aren't willing to make it possible for
people who don't like *their* MTA/MSA to use a different one.

-- Terry



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3E8B555E.5FCF55A6>