From owner-freebsd-hackers  Sun Nov 24 17:13:29 1996
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id RAA25667
          for hackers-outgoing; Sun, 24 Nov 1996 17:13:29 -0800 (PST)
Received: from lestat.nas.nasa.gov (lestat.nas.nasa.gov [129.99.50.29])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id RAA25645
          for <hackers@freebsd.org>; Sun, 24 Nov 1996 17:13:14 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by lestat.nas.nasa.gov (8.7.5/8.6.12) with SMTP id RAA22845; Sun, 24 Nov 1996 17:06:20 -0800 (PST)
Message-Id: <199611250106.RAA22845@lestat.nas.nasa.gov>
X-Authentication-Warning: lestat.nas.nasa.gov: Host localhost [127.0.0.1] didn't use HELO protocol
To: Michael Smith <msmith@atrad.adelaide.edu.au>
Cc: peter@taronga.com (Peter da Silva), jkh@time.cdrom.com,
        hackers@freebsd.org
Subject: Re: Replacing sendmail (Re: non-root users binding to ports < 1024 (was: Re: BoS: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2 
Reply-To: Jason Thorpe <thorpej@nas.nasa.gov>
From: Jason Thorpe <thorpej@nas.nasa.gov>
Date: Sun, 24 Nov 1996 17:06:19 -0800
Sender: owner-hackers@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

On Mon, 25 Nov 1996 10:36:57 +1030 (CST) 
 Michael Smith <msmith@atrad.adelaide.edu.au> wrote:

 > "Sendmail is the de-facto Unix standard mail delivery agent.  Is is
 >  continually subjected to rigorous security scrutiny and frequently
 >  updated.  It provides advanced mail-handling features, and any
 >  unix system administrator will feel immediately at home with it.
 >  Qmail is an obscure mail delivery agent that is claimed to be
 >  secure.  Nobody much uses it, and it is not scrutinised in anything
 >  like as much detail.  If you have problems with it, you're likely
 >  to have trouble finding competent local support.  Which foot would
 >  you like to shoot?"

Oh, well, there's smail and mmdf, too... don't forget those... :-)

So, for the record, JT Conklin and I made the decision to switch
mail.netbsd.org to qmail... Not only is the qmail developers 
list very responsive to problems, but the documentation is so good
that you probably won't _need_ to ask any questions.  We learned qmail
in a few days, and have been quite happy with the performance of
our mail server as a result.

 > Sure, Qmail may well be the best thing since sliced bread.  But making it
 > the standard FreeBSD mail utility will achieve two things :

So, JT and I also discussed putting qmail in the NetBSD source tree, and
making it optional.  We haven't done anything about that yet, but it's
still a possibility...

 >  - expose a pile of security holes that the Qmail developer(s) never
 >    thought existed.
 >  - make FreeBSD the laughing stock of the unix community.

Nah... have them both, and let the user choose in /etc/make.conf.
Qmail is tiny.

Jason R. Thorpe                                       thorpej@nas.nasa.gov
NASA Ames Research Center                               Home: 408.866.1912
NAS: M/S 258-6                                          Work: 415.604.0935
Moffett Field, CA 94035                                Pager: 415.428.6939