This is *not* an answer only to the people quoted here, but also to all posters in this thread, and to the rest of the world :) ...
On Aug 25, 2002, 21:38 (-0700) Gordon Messmer wrote: > On Sun, 2002-08-25 at 20:33, Ed Wilts wrote: > > > > You can believe the people who run their own e-mail at home on Postfix > > or qmail, or you can listen to the many corporations that rely on > > their business e-mail going through sendmail. > > OR, you can listen to the large security community which will pretty > much unanimously tell you to run screaming from the monstrosity that is > sendmail. Sendmail violates many of the principles of secure > programming, and has a long history of exploits: > * it accepts data from untrusted sources as a privileged user Isn't it possible to tweak sendmail into a behaviour (by the apppropriate settings) where it does not accept data from untrusted users? > * the portion of the program that runs as a privileged user is very > large, and thus, hard to validate dito: isn't this just a question of whether a sendmail user is willing to manually change this behaviour? I'm definitely not an MTA expert or so, rather more I'm probably still a Linux newbie with sendmail installed on a RedHat 6.2, IIRC installed there per default (??). But I didn't have unsolvable problems with sendmail until now: it's true that sendmail doesen't always work out of the box as I want it to do, and that it took me a lot of time to understand it. But I knew what I did when I moved away from Windoze: I like the possibility to learn that Linux and the programs running on it are offering ... My impression is 1: People (even experts, not only home users) seem to criticize sendmail sometimes because they more or less want programs without much need to do some work on their own on the settings of these programs. Admin jobs probably have to be done faster than the problems appear, which probably led to a situation like now where Microsoft software still seems to be an option for many ... (not because Microsoft software works fast, but because people *think* it does.) 2: isn't the sheer number of so-called sendmail "flaws" directly linked to the huge number of people who use the software, thus finding the bad stuff in it? I mean: if every bug on a RedHat Linux system would be seen as similar "dangerous" or so, as people sometimes seem to gauge the sendmail bugs, then who of us would still use RedHat Linux ... ? Definitely: there are some behaviours of sendmail that I'd like to be changed: but they're nearly nil til now compared to the good stuff that I see in sendmail so far .. Regards Wolfgang -- Key on: http://home.t-online.de/home/520050060325-0001/ Key fingerprint = 5FFA E2D1 6DB5 C023 0C5F 3FA7 4E08 5F9F 1560 0BA8 [created on 2002-07-03] http://www.geocities.com/wolfgangpfeiffer/ -- END TRANSMISSION -- -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
