Date: Fri, 10 Jan 1997 12:30:59 -0500 From: Dan Cross <tenser@spitfire.ecsel.psu.edu> To: Warner Losh <imp@village.org> Cc: Lyndon Nerenberg <lyndon@esys.ca>, Jimbo Bahooli <moke@fools.ecpnet.com>, freebsd-security@freebsd.org Subject: Re: sendmail running non-root SUCCESS! Message-ID: <19970110173059.1419.qmail@spitfire.ecsel.psu.edu> In-Reply-To: Your message of "Thu, 09 Jan 1997 22:24:01 MST." <E0viZRh-0006S1-00@rover.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> Because qmail has an insufficient track record to replace a > known workhorse like sendmail with in the base system. True, few mailers have the track record of a new security bug being found in them once a month or so, one of which being one of the four ways in which the Internet worm propogated itself. :-) :-) :-) > There are > issue with configuration and such with qmail, and the upgrade path for > current users. However, there is work underway to allow alternative > mailer agents to be used, to allow more testing and experience with > qmail, exim or any of the other replacements. Great! Like I said, what mailer is used doesn't really matter, but it's clear that sendmail is losing the security versus features battle. If Eric can make things secure, then great, stick with sendmail. If not, then it's irresponsible to stick with sendmail, and alternatives should be investigated. > Heck, you really should look into exim. There's even a FreeBSD port > of it that is quite good. Makes virtual domains a breeze (as does > qmail). Thanks, I will. Btw- I'm surprised to see that qmail isn't in the ports collection. I have a port for it, and if people are interested, I'll clean it up and upload it to freefall and do the send-pr thang... > Qmail isn't the end all be all of mailers either, but we've had that > flame war here, and it tends to be counter productive. All flame wars are counter productive. As I've said several times now (yesh, you guys are really sensative to this qmail thing, huh? :-), whatever mailer one chooses is irrelevant. As long as that mailer does what is required of it, is relatively efficient, and is secure, then go with it. I just picked qmail as one suggestion out of many possibilities. Sendmail would be fine if it was more secure, but unfortunately Eric seems to be more hip on adding neat features and improving cf file syntax than scouring code for potential security bugs (I can't say that I blame him. :-) The point is that there are alternate mailers out there and it's worthwhile to investigate them. Few sites really need the power and complexity of sendmail, yet most admins are going to run it because a) it comes with the system, b) it's common and thus easy to find support for, c) other alteratives are unknown or not well supported, d) it does what most folks want. These sites could probably get away with replacing sendmail with another mailer which does what they need of it, but is more secure. - Dan C.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19970110173059.1419.qmail>