Date: Wed, 7 Oct 1998 13:47:49 +0930 From: Greg Lehey <grog@lemis.com> To: Steve Friedrich <SteveFriedrich@Hot-Shot.com>, Frank Pawlak <fpawlak@execpc.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Dos and Don'ts Message-ID: <19981007134749.V27781@freebie.lemis.com> In-Reply-To: <199810070408.AAA12006@laker.net>; from Steve Friedrich on Wed, Oct 07, 1998 at 12:07:51AM -0400 References: <199810070408.AAA12006@laker.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wednesday, 7 October 1998 at 0:07:51 -0400, Steve Friedrich wrote: > On Wed, 7 Oct 1998 12:24:00 +0930, Greg Lehey wrote: > >> There are, of course, problems with every version of mail. I haven't >> followed the discussions enough to be able to offer an opinion. As >> you say, nearly every installation (including mine) uses sendmail, and >> it works well. Others may have some advantages, but I don't see that >> as sufficient reason to say "DON'T use sendmail". > > I believe (I'm certain I'm NOT wrong, but I could be mistaken ;o) ) > thatmost people who hate sendmail, do so because it was a well known > "hole" in sendmail that was exploited by a little prick who had access > to the source, was told about the possible exploit, and wasn't taught > to be scrupulous (his parents are the only ones to blame) that resulted > in the "Internet Worm". As anyone who has read the resulting analyse > of his exploit, it WAS NOT the work of a genius (as figured by the > popular press, who don't even know the difference between a hacker and > a cracker). Ah, that story's nearly 10 years old. You forgot to mention that his father was one of the original authors of UNIX (Robert Morris; I met him at the AUUG meeting last month). I suspect that most people who hate sendmail have never even heard the story. > The "hole" has since been closd, but as anyone working in a security > field can tell you, locks can only keep honest people honest. Right. Of course, that doesn't say anything about the relative security of sendmail and other mailers. I'd guess that sendmail is both safer (because more holes have been closed) and more vulnerable (because more people are trying to break it, and the holes become known more quickly). Greg -- See complete headers for address, home page and phone numbers finger grog@lemis.com for PGP public key To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19981007134749.V27781>