From owner-freebsd-security Tue Dec 17 03:15:53 1996 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id DAA15871 for security-outgoing; Tue, 17 Dec 1996 03:15:53 -0800 (PST) Received: from kremvax.demos.su (kremvax.demos.su [194.87.0.20]) by freefall.freebsd.org (8.8.4/8.8.4) with SMTP id DAA15860 for ; Tue, 17 Dec 1996 03:15:50 -0800 (PST) Received: by kremvax.demos.su (8.6.13/D) from 0@megillah.demos.su [194.87.0.21] with ESMTP id OAA21856; Tue, 17 Dec 1996 14:14:16 +0300 Received: by megillah.demos.su id OAA12736; (8.8.3/D) Tue, 17 Dec 1996 14:14:36 +0300 (MSK) Message-Id: <199612171114.OAA12736@megillah.demos.su> Subject: Re: sendmail... To: ley@cert.dfn.de (Wolfgang Ley) Date: Tue, 17 Dec 1996 14:14:36 +0300 (MSK) Cc: vitjok@fasts.com, freebsd-security@freebsd.org In-Reply-To: <199612170931.KAA05839@tiger.cert.dfn.de> from "Wolfgang Ley" at Dec 17, 96 10:31:24 am From: "Mikhail A. Sokolov" X-Class: Fast Organization: Demos Company, Ltd. Reply-To: mishania@demos.su X-Mailer: ELM [version 2.4 PL24 ME7a] Content-Type: text Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > Victor Rotanov wrote: > > Why sendmail can't be replaced with something more secure by default? > > I'd suggest Zmailer which can be fount at > Proof that Zmailer ist more secure than sendmail (note: "there are no/less > *known* security bugs" doesn't count because people most probably haven't > bothered to investigate Zmailer/Smail/Qmail/... in the same depth as > sendmail). > Bye, > Wolfgang. Both issues are correct, but I'd recall Jordan's words/idea from last month's battles: it is possible to set sendmail as a default starting mailer daemon/software in stock distributions of FreeBSD _and_ add optional (say, in /etc/sysconfig) mailer software invocation, something like Qmail/ Zmailer/Smail/whatever. I can also mention, Wolfgang is definetely correct in that sendmail's behaviour is more known than other suggested, and it'll take more and more time to investigate everything about, say, Zmailer. Plus, - let's settle an analogy: we have inn and cnews in ports, and, since tastes differ, people use it on their own risk/experience. News servers software isn't what each user need, but well, the idea might come up from this analogy: stock distribution can have sendmail turned on by default and numerous daemon software in ports/packages? This current battle reminds me "what eats more RAM, Emacs or Netscape" one, and this have been discussed plenty times, eh? Btw, it was told that Jamie Zawinski was proud when Netscape started eating more RAM than Emacs ;-) -mishania P.S. Isn't it an issue of freebsd-current@?