Date: Fri, 17 Nov 2000 00:33:25 -0500 (EST) From: Tim McMillen <timcm@umich.edu> To: Mike Meyer <mwm@mired.org> Cc: Boris =?iso-8859-1?Q?K=F6ster?= <koester@x-itec.de>, questions@freebsd.org Subject: Re: Help: Is Sendmail secure? Message-ID: <Pine.SOL.4.10.10011170022410.27879-100000@gorf.gpcc.itd.umich.edu> In-Reply-To: <14868.45391.674534.336951@guru.mired.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> Tim McMillen <timcm@umich.edu> types: > > This question also gets run around a lot on the OpenBSD mailing > > lists. OpenBSD comes with sendmail by default and the dev team considers > > it the most secure. Their stance is that while sendmail has a bad > > history, most of the bugs have been worked out of the code (in the > > slightly older versions of sendmail that OpenBSD includes) and is now > > secure. > > Can I guess as to why they're running "a slightly older version"? > Could it be because auditing sendmail is a major undertaking, and > they don't want to go through that *again*. That's pretty much it exactly. New features bring new bugs. > > Their view on qmail is that while it has a lot of security > > *features* it does not necessarily have security. There are still bugs in > > its code (since it has not been audited for security) and those bugs could > > possibly be exploited. > > Actually, qmail has been audited. I audited it before switching to it > from sendmail. That's one of the nice things about it - it's small > enough that one person can reasonably read and review every line of > code. No offense meant at all, but I have no knowledge of your experience with code auditing. As I understand it there are so many different issues to look at for security that it's almost impossible for one person to do it for a large program like a mailer. So many of the issues are also extremely subtle, like different types of format string bugs etc. > While I naturally trust my audit more than someone elses, I recognize > that more eyes looking at the code is a good thing. There was a > standing cash reward for security bugs in qmail that went unclaimed. > That counts for a lot in my book - but if I'd audited sendmail, I > wouldn't count it for as much as auditing sendmail. That's excellent. Do you have any reference to an URL for that? I'd really like to see that. An upcoming project for me is to learn a mailer well so I'm shopping for the right one too. Given OpenBSD's track record I tend to trust their opinion a lot. > > Further they believe that a good administrator configuring the > > mail program correctly has more to do with security than security > > features. Qmail's security features are said to be hard to configure > > properly for a newbie. > > I would certainly agree with the assessment about configuration being > more important than the mailer. I'd say that following the appropriate > security announcement lists is between the two. Whether it's qmail is > harder to configure than sendmail depends (as above) on what kind of > security you're talking about. Good point. > All of which is an argument for running the mailer provided with the > OS. The people who build the distribution would presumably have > configured it to securely to start with. > > <mike Thanks for the insight, Tim To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.SOL.4.10.10011170022410.27879-100000>