From owner-freebsd-questions@FreeBSD.ORG Sat Sep 8 06:38:14 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1143B16A41A for ; Sat, 8 Sep 2007 06:38:14 +0000 (UTC) (envelope-from tedm@toybox.placo.com) Received: from mail.freebsd-corp-net-guide.com (mail.freebsd-corp-net-guide.com [65.75.192.90]) by mx1.freebsd.org (Postfix) with ESMTP id CFF1313C45A for ; Sat, 8 Sep 2007 06:38:13 +0000 (UTC) (envelope-from tedm@toybox.placo.com) Received: from TEDSDESK (nat-rtr.freebsd-corp-net-guide.com [65.75.197.130]) by mail.freebsd-corp-net-guide.com (8.13.8/8.13.8) with SMTP id l886cCTN079608; Fri, 7 Sep 2007 23:38:12 -0700 (PDT) (envelope-from tedm@toybox.placo.com) From: "Ted Mittelstaedt" To: "DAve" , Date: Fri, 7 Sep 2007 23:39:05 -0700 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1896 In-Reply-To: <46E038DB.9050507@pixelhammer.com> Cc: Subject: RE: mail server setup questions X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 08 Sep 2007 06:38:14 -0000 > -----Original Message----- > From: owner-freebsd-questions@freebsd.org > [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of DAve > Sent: Thursday, September 06, 2007 10:29 AM > To: freebsd-questions@freebsd.org > Subject: Re: mail server setup questions > > > Don't wonder if qmail has flaws, go to CERT.org and search first for > Sendmail, then Postfix, then Exim, then qmail. To say "Anyone who even > thinks that a piece of software that it 6 years old has no flaws had > best re-think this.", is simply FUD. > He said no flaws, cert.org and friends only track security flaws, not other kinds of flaws. And cert.org and friends are only as good as the reports submitted to them. I would offer the suggestion that if every mail admin out there using qmail was not a mail expert, that it is unlikely that security flaws would be noticed or reported. In the last analysis, the absense of a particular piece of software from a security notification list is NOT proof that the software has no security flaws. You cannot prove a negative in this case. Ted PS I routinely use 6 year old software myself.