On Thu, 17 Jul 2003, Brian Downey wrote: >> That still doesn't change the fact that currently, in version 8.9.12 there >> are no known security issues with the sendmail distribution. > >There are no known exploits the current patched version of Windows XP I >use at work, either.
Yes there are. They have been reported to Microsoft and Microsoft chooses not to fix/acknowledge them. I know Ie6 is not Windows XP, but most Windows XP users have IE6 installed, and microsoft says IE is a required part of the OS, so here you go: http://pivx.com/larholm/unpatched/ But then, this wasn't a post about Windows XP/IE to begin with. >> I'm not saying sendmail is more secure than QMail, I'm just saying it is >> currently not less secure either. > >It is by inherent design flaws; not merely based on current code >revisions. It's "qmail", not "Qmail". Sorry, pet peeve. I have a pet Ferret. =) >I'm sure everyone is very thankful that you properly set up your Sendmail >server to work securely. However, the unfortunate fact is that many MTA >admins publically accessible Sendmail mail servers do not. Perhaps they shouldn't be admin's then. Getting a secure setup is a very easy thing to do. Just like I think all the poeple who setup open proxy's and those who setup unsecured Wireless networks, I think that they should do a little bit of research before getting on the internet. But then I guess I have way too high expectations of people. >Because: Sendmail is needlessly complex due to years of patching on top of >patching and rewrites; which in my opinion can lead to configuration >mistakes. I think any experience admin agrees that Sendmail tops the list >for "Worst Configuration File" award. I find the sendmail.mc file easy to configure and manage. Setting up various features and settings are as easy as an entry into the mc file. Before the m4 macro was introduced, yeah, sendmail config was brutal, but having the simplicity of m4 along with the power of being able to hack the cf directly leads to a very robust system. BTW: This is completely getting offtopic. They are both MTA's, they are both configurable to do what you need it to do, and they both get the job done. Use what you are more comfortable with. Christopher Fisk -- He may have come up with the recipe, but I came up with the idea of charging $6.95 for it. -- Moe Syzlak, Flaming Moe's -- [EMAIL PROTECTED] mailing list
