Date: Wed, 02 Apr 2003 13:25:50 -0800 From: Terry Lambert <tlambert2@mindspring.com> To: Dan Naumov <dan.naumov@ofw.fi> Cc: freebsd-current@freebsd.org Subject: Re: Removing Sendmail Message-ID: <3E8B555E.5FCF55A6@mindspring.com> References: <20030402185311.599cb0d3.dan.naumov@ofw.fi>
next in thread | previous in thread | raw e-mail | index | archive | help
Dan Naumov wrote: > Terry Lambert wrote: > > Because syslog is unreliable. See "BUGS" section of the man page. > > Don't you think that if syslog is unreliable, then it should be fixed ? Sure. You should definitely fix it; you'll need to figure out a way to know whether we've run out of mbufs, or can't connect to the syslogd over TCP, or are experiencing a denial of service attack, etc.. > If things are as you say, we have 2 problems: Sendmail gettings CERTs > every other day and an unreliable system logger. Would you rather just > let things be as they are ? If you insist on painting this bikeshed... Put any other mail server out there in place of Sendmail, and all you will accomplish is a different set of CERTs. Sendmail gets a bad rap because of the amount of attention that's being focussed on it. Any time there's an SSL vulnerability, for example OpenPKG-SA-2002.008, Postfix and everyone else who supports StartTLS gets hit, too. The system logger is unreliable because the transport mechanism has too many causal links where it can be attacked. I am always suspicious of people who want to replace the default MTA/MSA code, and aren't willing to do the actual work in making it possible to plug a different one in place of their own favorite: it's too much like advocacy of their favorite MTA/MSA code, if they aren't willing to make it possible for people who don't like *their* MTA/MSA to use a different one. -- Terry
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3E8B555E.5FCF55A6>