Date: Mon, 18 Nov 1996 07:15:18 -0800 (PST) From: Nathan Lawson <nlawson@kdat.csc.calpoly.edu> To: batie@agora.rdrop.com (Alan Batie) Cc: freebsd-security@freebsd.org Subject: Re: BoS: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2). Message-ID: <199611181515.HAA03705@kdat.calpoly.edu> In-Reply-To: <m0vPIKD-0008rpC@agora.rdrop.com> from "Alan Batie" at Nov 17, 96 05:16:36 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> > Sendmail is well understood and well maintained with a very long track > > record. Other mailers, no matter how much better, don't match this > > track record. > > Yup, sendmail has a long track record of the "security hole of the month"; > I've yet to see one for smail. I would like to switch to sendmail, as I > hear it deals with mail queues a lot better these days, and smail > development seems to have gone into a black hole, but until sendmail can > make it a whole month or two without a CERT advisory on it... I've had the displeasure of reviewing the Smail code and found it just as convoluted as sendmail, and in fact, just as insecure. Last year, a colleague posted three Smail bugs to Bugtraq. There were many other potential holes, but I stopped the review process and decided to go with a SMAP hybrid. Note that I am not recommending sendmail, but I think your exultation with smail is a bit premature. -- Nate Lawson "There are a thousand hacking at the branches of CPE Senior evil to one who is striking at the root." CSL Admin -- Henry David Thoreau, 'Walden', 1854
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199611181515.HAA03705>