From owner-freebsd-security Sun Nov 17 17:17:12 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id RAA27484 for security-outgoing; Sun, 17 Nov 1996 17:17:12 -0800 (PST) Received: from agora.rdrop.com (root@agora.rdrop.com [199.2.210.241]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id RAA27469 for ; Sun, 17 Nov 1996 17:17:03 -0800 (PST) Received: by agora.rdrop.com (Smail3.1.29.1 #17) id m0vPIKD-0008rpC; Sun, 17 Nov 96 17:16 PST Message-Id: From: batie@agora.rdrop.com (Alan Batie) Subject: Re: BoS: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2). To: imp@village.org (Warner Losh) Date: Sun, 17 Nov 1996 17:16:36 -0800 (PST) Cc: adam@homeport.org, pgiffuni@fps.biblos.unal.edu.co, freebsd-security@freebsd.org In-Reply-To: from "Warner Losh" at Nov 17, 96 05:49:47 pm X-Mailer: ELM [version 2.4 PL24 ME8a] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > Sendmail is well understood and well maintained with a very long track > record. Other mailers, no matter how much better, don't match this > track record. Yup, sendmail has a long track record of the "security hole of the month"; I've yet to see one for smail. I would like to switch to sendmail, as I hear it deals with mail queues a lot better these days, and smail development seems to have gone into a black hole, but until sendmail can make it a whole month or two without a CERT advisory on it... -- Alan Batie ______ batie@agora.rdrop.com \ / Assimilate this! +1 503 452-0960 \ / --Worf, First Contact DE 3C 29 17 C0 49 7A 27 \/ 40 A5 3C 37 4A DA 52 B9 It is my policy to avoid purchase of any products from companies which use unrequested email advertisements or telephone solicitation.