[lpi-discuss] Some thoughts on Sendmail
ross e. brunson
ross at brunson.org
Sun Jul 17 20:19:37 EDT 2005
On Sat, 2005-07-16 at 10:15 -0700, Mark Miller wrote:
> Noticed a couple of posts on LWN just now and wanted to get people's
> reaction to them.
>
> "Lots of bad things can and have been said about sendmail's security
> record, true, but it's still the most widely-used MTA by far, and even
> security-conscious projects like OpenBSD do include sendmail as the
> default MTA."
I remember reading somewhere that someone likened Sendmail's
configuration file in it's _UNCOMPILED_ format as being similar to Mr.
Dither's swearing in the comic strip Blondie, or random modem noise, and
I agree wholeheartedly.
> I get lots of flack about how EVERYONE is going to something other than
> sendmail. What is the truth in the server room? Any ideas about how to
> determine what MTA's are used in the real world?
Mark can always use some flack, SUSE defaults to Postfix, and qmail is
going the way of all flesh/bits from what I can see. I exorcise
Sendmail from every system by default.
> "sendmail also went through a ground-up rewrite (version 8 IIRC) and has
> been pretty good since that point. it's a far cry from the bad old days
> of sendmail"
As one of the reviewers said about the last Star Wars movie and how it
was better than the last 3: "True, but only in the way that dying from
natural causes is preferable to crucifixion" and what a good analogy for
Sendmail's "improvements".
> How true is this? You certainly don't see the frequency of vulnerability
> alerts you once did. Is it because people are moving away from sendmail
> or is it really more secure now?
I sat next to one of the consulting guru's from Sendmail Corp. on a
plane flight and asked him point-blank: "Was Sendmail's config file
structure designed as an exercise is sadism or simply to help promote
consulting gigs" and after he stopped laughing (coffee honestly came out
his nose, one of my finest hours) he said: "Yes, either will do". I
swear to God this is true.
> Please share your thoughts! This will have a direct impact on our
> objectives in the near future.
>
That was fun.
Ross
More information about the lpi-discuss
mailing list