not that i'm advocating sendmail, but..
you can at least *somewhat* chroot sendmail.
Postfix was written bye Weitse Venema, who also wrote tcpd and SATAN (with
Dan Farmer)
Maybe that's not good enough for some people, I guess.. but Postfix is
definitely stable and not such an `unknown'. And you can chroot it,
too! :)
Cyrus should work with any MTA that can use procmail as its local delivery
agent, thought I guess you have to be pretty careful with that.
Scott
On Wed, 14 Mar 2001, John Hughes wrote:
> Rob Tanner <[EMAIL PROTECTED]> writes:
> [ re cyrus vs UW imap security ]
> > The big issue, however, is sendmail. And ny effort to hack through
> > your mail system via your email system (i.e., through port 25) goes
> > through sendmail before Cyrus ever sees it, and most of those attacks
> > are designed to get sendmail to execute some program with its root
> > privileges. Since all the mailboxes are owned by the Cyrus user, what
> > would be more secure of a system that just does mail delivery woulkd
> > be a hack to sendmail so that once it attaches to port 25 it drops root
> > and runs as the Cyrus user. Show me a hack like that, and Cyrus wins
> > hands down (or two thumbs up)
>
> So dump sendmail.
>
> And your sendmail replacement shouldn't run as user cyrus; it doesn't
> need to access the mailboxes directly, that's what LMTP is for.
>
> AFAIK postfix works with cyrus, maybe qmail also.
>
>
