[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
Benjamin M. A'Lee wrote: > Wasn't Eric Allman (sendmail author) one of the people with the most CERT > advisories against his software ever? After Paul Vixie, IIRC. So goes the FUD that people spread. But what has it got to do with anything? Name any other reasonably complex network-facing software that has been around as long in as widespread use as Sendmail or BIND. Bearing in mind that they both originate from a simpler time, when security just wasn't such an issue it's hardly surprising that they alone have generated a large number of CERT advisories over the years. What might the advisory list look like for Apache, or PHP, or any number of other tools in twenty years' time, assuming they even last that long? Far more relevant is what they're like *now*. > Even if you do really need weird and wonderful protocols, you can use postfix, > and I wouldn't be surprised if Exim supported them too. Both of them have > disadantages, though, when compared to sendmail; for example, it's nearly > impossible to get a working postfix configuration by catting /dev/random, but > quite easy with sendmail. ;) And just because fewer problems have been found in exim and postfix doesn't mean they don't exist or are any more secure than a current sendmail installation. But, the reason I wouldn't recommend sendmail to anyone who's starting out from scratch is that the configuration syntax, whilst logical, is a nightmare to deal with and easy to make mistakes in that are very hard to track down. That said, I still use it quite happily (and exim, and qmail) and this, from a member of SCLUG when we started it quite some years back, is rather impressive in an exceptionally geeky kind of way: http://pfaff.newton.cam.ac.uk/jhnc/hanoi-cf.html James -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html