From owner-freebsd-hackers  Sun Nov 24 16:07:33 1996
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id QAA21723
          for hackers-outgoing; Sun, 24 Nov 1996 16:07:33 -0800 (PST)
Received: from genesis.atrad.adelaide.edu.au (genesis.atrad.adelaide.edu.au [129.127.96.120])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id QAA21714
          for <hackers@freebsd.org>; Sun, 24 Nov 1996 16:07:22 -0800 (PST)
Received: (from msmith@localhost) by genesis.atrad.adelaide.edu.au (8.8.2/8.7.3) id KAA25958; Mon, 25 Nov 1996 10:36:58 +1030 (CST)
From: Michael Smith <msmith@atrad.adelaide.edu.au>
Message-Id: <199611250006.KAA25958@genesis.atrad.adelaide.edu.au>
Subject: Re: Replacing sendmail (Re: non-root users binding to ports < 1024 (was: Re: BoS: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2
In-Reply-To: <199611242323.RAA06615@bonkers.taronga.com> from Peter da Silva at "Nov 24, 96 05:23:02 pm"
To: peter@taronga.com (Peter da Silva)
Date: Mon, 25 Nov 1996 10:36:57 +1030 (CST)
Cc: jkh@time.cdrom.com, peter@taronga.com, hackers@freebsd.org
X-Mailer: ELM [version 2.4ME+ PL28 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-hackers@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

Peter da Silva stands accused of saying:
> Why? sendmail will *never* be secure. You already have sysinstall options
> to load the pcnfs and apache ports, why not have another question. Something
> like:
> 
> 	"Sendmail is a large, complex mail transport mechanism. Qmail
> 	 is small, tight, and designed to be secure. Qmail provides
> 	 most of the functionality of sendmail. Which mail transport
> 	 should be installed by default?"

"Sendmail is the de-facto Unix standard mail delivery agent.  Is is
 continually subjected to rigorous security scrutiny and frequently
 updated.  It provides advanced mail-handling features, and any
 unix system administrator will feel immediately at home with it.
 Qmail is an obscure mail delivery agent that is claimed to be
 secure.  Nobody much uses it, and it is not scrutinised in anything
 like as much detail.  If you have problems with it, you're likely
 to have trouble finding competent local support.  Which foot would
 you like to shoot?"

Sure, Qmail may well be the best thing since sliced bread.  But making it
the standard FreeBSD mail utility will achieve two things :

 - expose a pile of security holes that the Qmail developer(s) never
   thought existed.
 - make FreeBSD the laughing stock of the unix community.

-- 
]] Mike Smith, Software Engineer        msmith@gsoft.com.au             [[
]] Genesis Software                     genesis@gsoft.com.au            [[
]] High-speed data acquisition and      (GSM mobile)     0411-222-496   [[
]] realtime instrument control.         (ph)          +61-8-8267-3493   [[
]] Unix hardware collector.             "Where are your PEZ?" The Tick  [[