I've been running sendmail since 2000 (so, not -too- long) and haven't had any security problems. In fact, I believe what I'm running is quite superior to your average MTA setup; in both configuration and security. There's no way I'm going to invite someone to break into one of my servers, no matter how secure I believe it to be (and you'd be a damn fool if you thought differently). However, the sendmail I run is backed by ProPolice, W^X and systrace; all of which are tertiary precautions considering none of them have ever been needed. Now lets keep in mind what we're arguing here. You contend sendmail is "the most insecure POS ever made". This is truly ignorant. Considering the gigs of mail traffic any one of my sendmail servers move each day, you'd think the "most insecure POS ever made" would have run into some problem within that 4 years. Not to mention the thousands of servers just like mine that do just as much or more traffic. Certainly not the model of security, but hardly a POS in any regards. I'm not arguing against any MTAs here (I do have qmail running on 1 server), but the reason you'd use sendmail is the flexibility. Sendmail lets me: Keep multiple queues and filter messages into these queues based on destination and delivery attempts, this lets sendmail spend time delivering messages it knows will go through and leaving the slow ones for when there aren't more important messages waiting. It lets me queue before delivery when someone decides to mail the 10000 people on their mailing list, which allows me to determine what load the server will be under (because not all servers are strictly mail servers). Scan for viruses and spam with as little overhead as possible with Milter. It lets me reject spam and viruses even before I accept them for delivery thanks to Milter. This prevents my mail server from having to deal with bouncing back messages to non-existant hosts. It lets me setup mail servers that deliver only in specific time frames to take advantage of lower Internet charges. Security problems are for the most part a problem of the past, and considering it's been around since the 80's, it obviously has a long "past". A number of security problems were the result of insecure setup more than anything. It's also actively maintained and has an excellent track record of promptly responding to all kinds of bugs. Anyway, perhaps you should live in the real world and not run around making definitive statements about what is and isn't insecure pieces of shit. Chris On September 9, 2004 11:07 pm, Allen wrote:
Ignorance? How many bugs have been in Sendmail? How many servers have been rooted because of it? Hmm, run an insecure Mail program with root privs, ohhhh yes, there is a great idea. If you want to call me ignorant, you set up a mail server, give me the IP and a week to play with some friends, and a signed paper saying you won't take legal action, and if me and friends lose, I'll withdraw my statement, if we succeed, you get owned, and so does any box that server can connect to remotely.
On Thursday 09 September 2004 16:53, Chris Cameron wrote:
Spoken with true ignorance. Congratulations.
On September 9, 2004 01:38 pm, Allen wrote:
Sendmail is one of the most insecure POS ever made. Windows ME would be more secure than sendmail.