From owner-freebsd-questions Thu Nov 16 22:14:54 2000 Delivered-To: freebsd-questions@freebsd.org Received: from guru.mired.org (okc-65-26-235-186.mmcable.com [65.26.235.186]) by hub.freebsd.org (Postfix) with SMTP id DCB3037B479 for ; Thu, 16 Nov 2000 22:14:51 -0800 (PST) Received: (qmail 80520 invoked by uid 100); 17 Nov 2000 06:14:45 -0000 From: Mike Meyer MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <14868.52437.824166.717745@guru.mired.org> Date: Fri, 17 Nov 2000 00:14:45 -0600 (CST) To: Tim McMillen Cc: Boris =?iso-8859-1?Q?K=F6ster?= , questions@freebsd.org Subject: Re: Help: Is Sendmail secure? In-Reply-To: References: <14868.45391.674534.336951@guru.mired.org> X-Mailer: VM 6.75 under 21.1 (patch 10) "Capitol Reef" XEmacs Lucid X-face: "5Mnwy%?j>IIV\)A=):rjWL~NB2aH[}Yq8Z=u~vJ`"(,&SiLvbbz2W`;h9L,Yg`+vb1>RG% *h+%X^n0EZd>TM8_IB;a8F?(Fb"lw'IgCoyM.[Lg#r\ Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Tim McMillen types: > > > Their view on qmail is that while it has a lot of security > > > *features* it does not necessarily have security. There are still bugs in > > > its code (since it has not been audited for security) and those bugs could > > > possibly be exploited. > > Actually, qmail has been audited. I audited it before switching to it > > from sendmail. That's one of the nice things about it - it's small > > enough that one person can reasonably read and review every line of > > code. > No offense meant at all, but I have no knowledge of your > experience with code auditing. As I understand it there are so many > different issues to look at for security that it's almost impossible for > one person to do it for a large program like a mailer. So many of the > issues are also extremely subtle, like different types of format string > bugs etc. No offense taken. I wouldn't trust an audit by an unkonwn person either. In fact, I wouldn't recommend anyone trust my audit, as it's not something I do regularly. I did that one to reassure myself (and only myself) about qmail. The point is that, while qmail is a rather large system for one person to deal with (being around 15K lines of C), sendmail is six time that size, making it a large system even for a team to deal with. > > While I naturally trust my audit more than someone elses, I recognize > > that more eyes looking at the code is a good thing. There was a > > standing cash reward for security bugs in qmail that went unclaimed. > > That counts for a lot in my book - but if I'd audited sendmail, I > > wouldn't count it for as much as auditing sendmail. > That's excellent. Do you have any reference to an URL for that? I'd > really like to see that. An upcoming project for me is to learn a mailer > well so I'm shopping for the right one too. Given OpenBSD's track record > I tend to trust their opinion a lot. You can read about one of them at . I agree about OpenBSD, but they're basically saying they haven't checked qmail, so wouldn't trust it. But the same is true of later versions of sendmail, or the version shipped with some other OS.