Date: Fri, 7 Sep 2007 23:39:05 -0700 From: "Ted Mittelstaedt" <tedm@toybox.placo.com> To: "DAve" <dave.list@pixelhammer.com>, <freebsd-questions@freebsd.org> Subject: RE: mail server setup questions Message-ID: <BMEDLGAENEKCJFGODFOCMEFMCAAA.tedm@toybox.placo.com> In-Reply-To: <46E038DB.9050507@pixelhammer.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> -----Original Message----- > From: owner-freebsd-questions@freebsd.org > [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of DAve > Sent: Thursday, September 06, 2007 10:29 AM > To: freebsd-questions@freebsd.org > Subject: Re: mail server setup questions > > > Don't wonder if qmail has flaws, go to CERT.org and search first for > Sendmail, then Postfix, then Exim, then qmail. To say "Anyone who even > thinks that a piece of software that it 6 years old has no flaws had > best re-think this.", is simply FUD. > He said no flaws, cert.org and friends only track security flaws, not other kinds of flaws. And cert.org and friends are only as good as the reports submitted to them. I would offer the suggestion that if every mail admin out there using qmail was not a mail expert, that it is unlikely that security flaws would be noticed or reported. In the last analysis, the absense of a particular piece of software from a security notification list is NOT proof that the software has no security flaws. You cannot prove a negative in this case. Ted PS I routinely use 6 year old software myself.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BMEDLGAENEKCJFGODFOCMEFMCAAA.tedm>