Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 16 Jun 2004 13:22:25 -0400
From:      Chuck Swiger <cswiger@mac.com>
To:        mail25@bzerk.org
Cc:        freebsd-questions@freebsd.org
Subject:   Re: Mail
Message-ID:  <40D081D1.1060606@mac.com>
In-Reply-To: <20040616145305.GB15913@ei.bzerk.org>
References:  <40D023A1.8090009@cs.uiowa.edu> <20040616140305.GD32001@millerlite.local.mark-and-erika.com> <20040616145305.GB15913@ei.bzerk.org>

next in thread | previous in thread | raw e-mail | index | archive | help
mail25@bzerk.org wrote:
> On Wed, Jun 16, 2004 at 10:03:05AM -0400, Mark Frank typed:
>> Just curious.  What sendmail bugs are you referring?  Have you reported
>> them to sendmail.org?
> 
> Probably just hear-say. There's so much bad-mouthing sendmail! Most of
> it by people who got lost in sendmail's many configuration options, but
> instead of reading some docs they drop it, telling everybody they should
> avoid sendmail at all cost.

There are many people who find it difficult to configure sendmail and thus 
criticise sendmail as a result, agreed.  Some of those complaints are 
unjustified, agreed.

However....

> Too bad, 'cause to me and many others sendmail is one of the most 
> reliable and compliant MTA's in existance today. And there hasn't been
> a major security problem in years.

The last major security hole in sendmail was 8 months ago:

8.12.10/8.12.10 2003/09/24 (Released: 2003/09/17)
         SECURITY: Fix a buffer overflow in address parsing.  Problem
                 detected by Michal Zalewski, patch from Todd C. Miller
                 of Courtesan Consulting.

There have been around 70 security issues mentioned since the beginning of 
sendmail-8 circa 1993, or about six per year.  Recently, things have gotten 
better, but a dispassionate evaluation of the security history of sendmail 
does not inspire any great confidence that one can set up sendmail, leave it 
unpatched, and expect the software to still be free of known 
remotely-exploitable security problems two years later.

-- 
-Chuck



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?40D081D1.1060606>