Date: Mon, 25 Nov 1996 10:36:57 +1030 (CST) From: Michael Smith <msmith@atrad.adelaide.edu.au> To: peter@taronga.com (Peter da Silva) Cc: jkh@time.cdrom.com, peter@taronga.com, hackers@freebsd.org Subject: Re: Replacing sendmail (Re: non-root users binding to ports < 1024 (was: Re: BoS: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2 Message-ID: <199611250006.KAA25958@genesis.atrad.adelaide.edu.au> In-Reply-To: <199611242323.RAA06615@bonkers.taronga.com> from Peter da Silva at "Nov 24, 96 05:23:02 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Peter da Silva stands accused of saying: > Why? sendmail will *never* be secure. You already have sysinstall options > to load the pcnfs and apache ports, why not have another question. Something > like: > > "Sendmail is a large, complex mail transport mechanism. Qmail > is small, tight, and designed to be secure. Qmail provides > most of the functionality of sendmail. Which mail transport > should be installed by default?" "Sendmail is the de-facto Unix standard mail delivery agent. Is is continually subjected to rigorous security scrutiny and frequently updated. It provides advanced mail-handling features, and any unix system administrator will feel immediately at home with it. Qmail is an obscure mail delivery agent that is claimed to be secure. Nobody much uses it, and it is not scrutinised in anything like as much detail. If you have problems with it, you're likely to have trouble finding competent local support. Which foot would you like to shoot?" Sure, Qmail may well be the best thing since sliced bread. But making it the standard FreeBSD mail utility will achieve two things : - expose a pile of security holes that the Qmail developer(s) never thought existed. - make FreeBSD the laughing stock of the unix community. -- ]] Mike Smith, Software Engineer msmith@gsoft.com.au [[ ]] Genesis Software genesis@gsoft.com.au [[ ]] High-speed data acquisition and (GSM mobile) 0411-222-496 [[ ]] realtime instrument control. (ph) +61-8-8267-3493 [[ ]] Unix hardware collector. "Where are your PEZ?" The Tick [[
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199611250006.KAA25958>