Date: Thu, 16 Nov 2000 13:02:07 -0500 (EST) From: Tim McMillen <timcm@umich.edu> To: Mike Meyer <mwm@mired.org> Cc: Chris Fedde <chris@fedde.littleton.co.us>, questions@FreeBSD.ORG Subject: Re: Help: Is Sendmail secure? Message-ID: <Pine.SOL.4.10.10011161254090.27355-100000@qbert.gpcc.itd.umich.edu> In-Reply-To: <14867.33937.379915.199934@guru.mired.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This question also gets run around a lot on the OpenBSD mailing lists. OpenBSD comes with sendmail by default and the dev team considers it the most secure. Their stance is that while sendmail has a bad history, most of the bugs have been worked out of the code (in the slightly older versions of sendmail that OpenBSD includes) and is now secure. Their view on qmail is that while it has a lot of security *features* it does not necessarily have security. There are still bugs in its code (since it has not been audited for security) and those bugs could possibly be exploited. Further they believe that a good administrator configuring the mail program correctly has more to do with security than security features. Qmail's security features are said to be hard to configure properly for a newbie. Tim On Thu, 16 Nov 2000, Mike Meyer wrote: > Chris Fedde <chris@fedde.littleton.co.us> types: > > On Wed, 15 Nov 2000 12:54:53 -0800 (PST) "Hiu F. Ho" wrote: > > +------------------ > > | Is Sendmail really that bad? If I use qmail, do I need a separate POP > > | server? > > +------------------ > > Sendmail is not realy that bad. You need a seperate pop server if you > > are running sendmail. > > Sendmail has a history of security problems, mostly because it dates > from the days when the internet was a nice neighborhood. It includes a > lot of functionality that generally isn't needed these days. > > Qmail are designed for dealing with internet mail, not > berknet/uucp/BITNet/ArpaNet/whatever. They were also designed after > the internet stopped being a collection of friends, so security was a > design consideration. > > That said, if you're running a small site, don't plan on making a > target of yourself, and follow the FreeBSD security announcements, > there probably isn't a lot of difference. Sendmail being part of the > FreeBSD distribution means there are fewer headaches if you ant to run > it. > > <mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.SOL.4.10.10011161254090.27355-100000>