From owner-freebsd-current@FreeBSD.ORG Wed Apr 2 13:27:21 2003 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EC03D37B401 for ; Wed, 2 Apr 2003 13:27:21 -0800 (PST) Received: from stork.mail.pas.earthlink.net (stork.mail.pas.earthlink.net [207.217.120.188]) by mx1.FreeBSD.org (Postfix) with ESMTP id 64EED43F75 for ; Wed, 2 Apr 2003 13:27:21 -0800 (PST) (envelope-from tlambert2@mindspring.com) Received: from pool0303.cvx22-bradley.dialup.earthlink.net ([209.179.199.48] helo=mindspring.com) by stork.mail.pas.earthlink.net with asmtp (SSLv3:RC4-MD5:128) (Exim 3.33 #1) id 190plO-000209-00; Wed, 02 Apr 2003 13:27:19 -0800 Message-ID: <3E8B555E.5FCF55A6@mindspring.com> Date: Wed, 02 Apr 2003 13:25:50 -0800 From: Terry Lambert X-Mailer: Mozilla 4.79 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Dan Naumov References: <20030402185311.599cb0d3.dan.naumov@ofw.fi> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-ELNK-Trace: b1a02af9316fbb217a47c185c03b154d40683398e744b8a4a7798e55920f12d9394de4d097417b48350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c cc: freebsd-current@freebsd.org Subject: Re: Removing Sendmail X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Apr 2003 21:27:22 -0000 Dan Naumov wrote: > Terry Lambert wrote: > > Because syslog is unreliable. See "BUGS" section of the man page. > > Don't you think that if syslog is unreliable, then it should be fixed ? Sure. You should definitely fix it; you'll need to figure out a way to know whether we've run out of mbufs, or can't connect to the syslogd over TCP, or are experiencing a denial of service attack, etc.. > If things are as you say, we have 2 problems: Sendmail gettings CERTs > every other day and an unreliable system logger. Would you rather just > let things be as they are ? If you insist on painting this bikeshed... Put any other mail server out there in place of Sendmail, and all you will accomplish is a different set of CERTs. Sendmail gets a bad rap because of the amount of attention that's being focussed on it. Any time there's an SSL vulnerability, for example OpenPKG-SA-2002.008, Postfix and everyone else who supports StartTLS gets hit, too. The system logger is unreliable because the transport mechanism has too many causal links where it can be attacked. I am always suspicious of people who want to replace the default MTA/MSA code, and aren't willing to do the actual work in making it possible to plug a different one in place of their own favorite: it's too much like advocacy of their favorite MTA/MSA code, if they aren't willing to make it possible for people who don't like *their* MTA/MSA to use a different one. -- Terry