Security-Fix Sendmail 8.12.9 Released 166
bahamutirc writes "Yet another security problem was discovered by Michal Zalewski in Sendmail 8.12.8, 'a buffer overflow in address parsing due to
a char to int conversion problem which is potentially
remotely exploitable.' Apparently somebody jumped the gun and posted before Sendmail had a chance to notify anyone, so they had to release it today. Go grab your source." Here's the CERT advisory.
See (Score:2)
Re:See (Score:2)
long int foobar = 2;
long int foofoobar = 0;
foofoobar = (long int)foo / foobar;
Re:See (Score:2)
An int is normally defined as the most natural size for the target architecture. Hence, on intel, int and long int are both 32 bits. I do not like to use this nomenclature,
Re:See (Score:2)
When porting code, you can almost always use a larger type, so if I was porting from an 11 bit architecture, to a more "normal" (If powers of 2 is really normal), I would make sure to use 16 bit ints, (as an initial stab, to truly do it right, you have to read each individual line of code, and
Re: 36 bits (Score:2)
The PDP-11 has a 16-bit word size.
I think that you are thinking of the PDP-10.
Good. (Score:1)
~ The Devil
Re:Good. (Score:5, Insightful)
If this was a Microsoft problem and they kept it quiet you would have been ranting and raving right now, right?
Re:Good. (Score:1)
Re:Good. (Score:2)
Were it a Microsoft problem, they would have known about it six months ago and not told anybody.
Were it a Microsoft problem, three months ago their customers would have started reporting the problem (along with the exploits people had been trying to use), and Microsoft would have denied everything.
Were it a Microsoft problem, four months after discovery they would have released a patch which b
Thank you CERT. (Score:2)
I would like to thank CERT for sending this security notification on a Saturday that I was working, rather than on a Saturday that I was not.
Re:Thank you CERT. (Score:1)
~The Devil
You musn't patch today! (Score:2)
Too late sendmail monkeys! (Score:5, Funny)
Sendmail.... (Score:5, Interesting)
This is the straw that breaks the camel's back. I'm changing to another MTA.
Re:Sendmail.... (Score:2)
Re:Sendmail.... (Score:4, Insightful)
Yes but qmail and postfix dont do near as much as sendmail.
Most of the people using sendmail (Myself included) use it because its the only option for our needs.
Until qmail and/or postfix reach the feature set of sendmail (or come anywhere near it) it will remain useless to me.
Thank you for preaching, please drive through.
Re: (Score:2)
Re: (Score:2)
Re:Sendmail.... (Score:4, Interesting)
If anyone could give me either detailed instructions on how to translate from sendmail to qmail/postfix configs, or a good website that explains this, I would be most grateful.
Please do keep in mind my only experence with qmail or postfix was reading the documentation to see how hard it would be to convert my sendmail setup, and seeing most of the features i need not being listed, i didnt bother setting them up.
I am not at all familiar with the config files used by either.
I am also assuming in this post one IS familiar with sendmail.
Where i simply say virtusertable, that would of course be
I use the short names assuming you know what i mean. In a reply, please use the long form when describing qmail/postfix, as i have no clue whats what
My current setup uses sendmails virtusertable for all domains i handle.
There is never an instance where mail sent to user@domain will just deliver to the account user, which is sendmails default method of delivery.
Every domain i have in my cw file is in virtusertable.
That said, the features I need are:
Fall-through addresses
in sendmails virtusertable if you add @domain.com
if the email address doesnt match a specific entry in virtusertable for a domian, it will then deliver using that rule.
Configurable bounce errors
I have some addresses (and some domains fall-through address) have entrys as:
@domain.com error:nouser No such user
which returns the correct error code and the text message above.
Delivery to a piped process
in sendmails aliases file you can add an entry such as
somealias: "|/path/to/an/app"
and sendmail will execute that program passing the email to its stdin.
Backup mail spooling
Where the server accepts mail for a domain but doesnt attempt to deliver it locally, just forward to a mail server with a higher(lower) MX priority.
Support 'list' forwards
IE staff@domain.com -> account1, account2, outside@emailaddy.com
Sendmail does this really ghetto by using both virtusertable and aliases, as only aliases can have multiple places of delivery, but virtusertable can send domain mail to an alias easily enough.
Access controls for relaying
I use IP addresses to control who can send mail out through the mailserver (Only machines in my IP space, as well as a couple friends statics are on the list)
I would be interested in smtp-auth in the future but until I finished the server transistion I would want the functionality to remain as-is, and inform my users later for new and added features, preferably without having to say older features will no longer work.
Doing without smtp-auth would also be fine with me.
Domain mirroring
In sendmails virtusertable, if you have say 3 domains that use the same mappings, you can do the following:
user1@domain.com user1
user99@domain.com user99
@domain.com error:nouser No such user
@domain.NET %1@domain.com
@domain.ORG %1@domain.com
Then you only need to manage one list (for com) and if you sent mail to user1@domain.org it would rewrite it as user1@domain.com
Also for local delivery, the mailer would need to work with procmail.
Im sure qmail and postfix both do, so that shouldnt be a problem. Just wanted to mention it incase..
If qmail/postfix really can do everything above, then i stand corrected, but would ask either for a source of good documentation, or just an explnation on each point for how to do it the qmail/postfix way.
Thanks
Re:Sendmail.... (Score:3, Informative)
I hate setting up qmail, but it even has an easy to use web interface for configuring those things.
I haven't tried domain mirroring, but I'm sure you can do it with a simlink.
I don't know if anything else can do piped mail processing. If you ask me, I think that's a security risk in itself.
Re:Sendmail.... (Score:2)
I can tell you that postfix definitely works with procmail.
Re:Sendmail.... (Score:2)
Re:Sendmail.... (Score:2, Informative)
"Fall through addresses" (default delivery instructions)
put "example.com:alias-example-com" in
put default delivery instructions in ~alias/.qmail-example-com-default
"Configurable bounce errors"
You can do this either with piping
Re:Sendmail.... (Score:2)
Wrong. qmail can use procmail to deliver to
Re:Sendmail.... (Score:3, Informative)
Fall-through addresses: Done easily in vpopmail.
Configurable bounce errors: bounce-saying in the
Delivery to a process: put "|/bin/appname" in your
Backup mail spooling: Put the domain you want to be a secondary for in
Re:Sendmail.... (Score:2)
I will defiantly check that document out.
My main problem before was the only place i knew to look for docs was qmails site itself. Now hopefully that i know what to look for...
But i do have one question:
> Fall-through addresses: Done easily in vpopmail.
As a fall through address is something that is basically a method to deliver mail, how can a popper do this at all?
Mail comes into your MTA, not your popper
(I think im jus
Re:Sendmail.... (Score:2)
And yes, you can still access things via Pine, or Mutt, or IMAP, or POP3, or what have you. The mail is stored in the Maildir format, which is tremendously superior to mbox.
And yes, you can set the 'default' rule for a domain; be it to bounce, or deliver to a user.
Re:Sendmail.... (Score:2)
Mail comes into your MTA, not your popper
(I think im just misunderstanding)
You are misunderstanding. vpopmail [inter7.com] is a virtual domain manager for qmail.
Re:Sendmail.... (Score:3, Informative)
Main Configuration/Documenation
Most of the configuration is done with /etc/postfix/main.cf and /etc/postfix/master.cf. The first sets configuration variables,
and the second one sets up the various daemons which are used for queuing, delivering, sorting, and sending mail. The primary
documentation are the man page
Re:Sendmail.... Opps Hit submits too soon (Score:4, Informative)
This is just a really quick overview because there are a few things I would have to lookup again for postfix, and don't quite have time to write a fully detailed essay(good for postfix 1.11).
Main Configuration/Documenation
Most of the configuration is done with /etc/postfix/main.cf and /etc/postfix/master.cf. The first sets configuration variables,
and the second one sets up the various daemons which are used for queuing, delivering, sorting, and sending mail. The primary
documentation are the man pages that come with it, and /usr/<documentation directory>/postfix. Also see www.postfix.org for
FAQ's, HOWTO's [postfix.org] and mailing lists [postfix.org].
Tables
Postfix supports a wide variety of Table types. sendmail uses "hash" I think.. But you can also have tables based around mysql or ldap, for example. I use LDAP almost exclusively. So my knowledge is very much specialized about that behemoth. Anyway, when I say specify a table this is done in the form
The Type is the type of table/format being used. The Location is simply one of several things
For backwards compatibility, hash:/etc/alias is normally setup as an alias database.
Virtual Stuff
Also note the following distinctions that I used, I hope this doesn't confuse anyone reading the other documentation.
Fallback Address or "Catchalls"
Catch-alls operate like in sendmail, add an entry to a virtual user table in the variable virtual_maps with the "key" @domain.com. However, since virtual mailboxes are done after virtual_maps they aren't very compatible with catchalls.
Configurable bounce errors
I'm not sure this there is a way to completely customize the return error, but adding an entry domain.com (not @domain.com) the actual data doesn't matter, just the entry is importent,so set it to "unknown" for readability. This creates a postfix-style virtual domain which should reject unknown users with the appropiate error. see virtual(5) [berkeley.edu].
Delivery to a piped process
Yes you can. You have to edit the /etc/postfix/master.cf in order to setup the service for delivery.
Here are some examples:
Backup mail spooling
In postfix there is a transports map that has three fields: domain(key), transport(servic
Re:Sendmail.... (Score:2, Informative)
I don't see anything unusual in your list. Do you think there aren't qmail users who have widely varied and specialised needs? I'm not going to pretend that you won't have to do any reading and learning in order to migrate to qmail, but that's very different than claiming that only sendmail has the features you need. Unfortunately, I am unable to give you step-by-step ins
Re:Sendmail.... (Score:2)
Heh, apparently my employer's ISP is too stupid to realize this factoid. We (being a small company, where the suits handle IT stuff) have our email handles by our ISP, where we have username@ourcompany.com addresses. However, at least half of the spam I get is addressed to username@ourisp.net. I always knew this is what was happening, but I never realized exactly wh
Re: (Score:2)
Re:Sendmail.... (Score:2)
~alias/.qmail-domain-org-default
in .qmail-*:
|echo "Error message (#a.b.c)"; exit 100
in .qmail-*:
|command
add the domains to /var/qmail/control/rcpthosts but not to /var/qmail/control/locals; maybe also set up /var/qmail/control/smtproutes.
Add the addresses to ~alias/.qmail-address, you can even redirect bounces by setting up ~alias/.qmail-address-owner.
Re:Sendmail.... (Score:2)
Sendmail installs in RH (maybe more) have been configured exactly this way since 7.3 or earlier. May have been 7.2. During my 4-day RHCE class, I actually had to show the class (and instructor) how the default install was changed to INCLUDE a line in sendmail.cf causing sendmail to only bind to lo. Otherwise, without that line, sendmail will bind to all interfaces. I think it was a great idea
Re:Sendmail.... (Score:5, Funny)
It gives you something to do on Saturdays. See, the sendmail team knows how tedious it is to do things like spend time with your wife and kids, play fetch with the dog, wax the car, and mow the lawn. Therefore, every two to four weeks, they release a fantastic new remote exploit, so you can spend your Saturday patching stuff or running your package management program of choice.
This stands in start constrast to qmail. If you were running qmail, you'd have no choice but to spend all that annoying "quality" time with your friends and family. Secure and reliable? Honestly, I don't know what DJB was thinking.
Re:Sendmail.... (Score:2, Insightful)
And sendmail doesn't do as much as Exchange, so what's that got to do with it? The major weakness of sendmail compared to qmail is precisely that it's a monolithic beast that tries to do everything. Qmail's approach is to have small modules that perform one task, and perform it well (and securely - still no claims on the security guarantee [cr.yp.to] in six years).
Seems to be that like many others, it's the auth
Re:Sendmail.... (Score:2)
If i was using exchange and needed all its features, and someone told me to change to sendmail because it would be better, I would make the same reply as i just did.
I dont need exchanges features, but do need sendmails. Changing to qmail/postfix (assuming they really dont have all the features of sendmail) isnt an option, yet thats what everyone is telling me to do.
Thats what it has to do with it
> So go on, tell us
Re:Sendmail.... (Score:2)
Equally, exchange doesn't do as much as sendmail. They both have different feature sets, which overlap in places, but each does some things that the other doesn't. But then the two aren't really comparable in the first place. Sendmail is a pure MTA. Exchange isn't.
Re:Sendmail.... (Score:2)
Care to provide examples? I've never seen anyone actually come up with a useful thing you can do with sendmail but not postfix, for all the times people have said this.
Hell, even if you do have to patch Postfix's C source, it's probably still easier than doing whatever in sendmail's m4-preprocessed cf files. I have written a patch to Postfix, and it was not difficult.
Re:Sendmail.... (Score:2)
http://slashdot.org/comments.pl?sid=58903&cid=5
Already did in reply to another user
I would be most greatful for any help proving me wrong.
Re:Sendmail.... (Score:2)
Looking at that list, most of your stuff deals with sendmail's virtusertable. Postfix's virtual map does the same thing. The only thing I don't know that it supports is domain mirroring, but you could accomplish that by preprocessing the virtual file a bit.
The alias file format is the same as sendmail's. (Well, not quite true; it supports two file formats; one is the same.) Everything you can do with sendmail you can do there, though you need to k
Re:Sendmail.... (Score:2)
Unless you are a serious user of milter features (an extensive MIMEDefang [roaringpenguin.com] setup, for instance) I think you'll find a switch to postfix or qmail to be a net plus. The learning curve probably won't be as bad as you assume... just set up a test server someplace and see what's actually invol
Re:Sendmail.... (Score:2)
Re:Sendmail.... (Score:2)
Nice troll. qmail has no license. Thus, you are only restricted by copyright law. You are free to install and use the software. You are also free to distribute patches. How does this negatively affect your u
Re:Sendmail.... (Score:2)
Nice troll. qmail has no license. Thus, you are only restricted by copyright law. You are free to install and use the software. You are also free to distribute patches. How does this negatively affect your usage of the software?
True or false? -- It's illegal for me to modify the source code and redistribute the modified version.
True or false? -- Qmail complies with OSI's open source definition [opensource.org].
Re:Sendmail.... (Score:2)
How does this negatively affect your usage of the software?
True or false? -- Qmail complies with OSI's open source definition [opensource.org].
How does what OSI thinks negatively affect your usage of the software?
(I have at least a dozen machines running qmail. These magic problems don't affect me or anyone else I know that runs qmail. Yahoo! runs qmail. It doesn't seem to affect them either.)
Re:Sendmail.... (Score:2)
Re:Sendmail.... (Score:2)
Most sendmail patches are to work around bugs in the OS or libraries. Some of the race conditions patches that were patched long ago also exist today in other MTAs. If you look closely, you will see that some of t
Sendmail advertisement (Score:5, Funny)
Is Sendmail still worth it? (Score:5, Interesting)
I fought with the M4 format of sendmail.cfg for a while in setting up a complex system before switching to qmail. Ive tried postfix too, but I still see diehard sendmailers around.
For one, sendmail is really not intuitive. If youre given a server youve never seen before and have to alter some fancy configs in it, could you do it faster than if it were say qmail? Maybe if I stare at M4 pinfo I could begin to get it, I gave up early there.
Secondly these security problems.
So beside the fact that sendmail is the standard, quite mature and very flexible if you know how to config it, does it have any big edge over postfix or qmail that everyone should know about?
And can the sendmail developers be brave trailblazers and finally change the config file syntax to just text words like httpd.conf?
Re:Is Sendmail still worth it? (Score:3, Insightful)
That's not insightful; that's personal opinion. Sendmail's m4 configuration is pretty logical and editable for me, but I have no idea how to alter a running Qmail setup. Does that make Sendmail better than Qmail? No. It makes me better at runnin
Re:Is Sendmail still worth it? (Score:2)
My main sendmail config file is a whole 32 lines long and includes SMTP authentication methods, blacklists, load avg checks, privacy options and of course the delivery mechanism.
The only thing I don't have that I've been thinking about adding is LDAP support, but that's only another line in my conf file and modification to where all the db maps point to.
I have trouble sharin
What does commercial sendmail cost? (Score:2)
Advisories, more like invatations to exploit (Score:4, Informative)
Re:Advisories, more like invatations to exploit (Score:3, Interesting)
Sendmail (Score:1)
Re:Sendmail (Score:2, Insightful)
Why? For the love of SMTP, why??? j/k
-Kevin
Re:Sendmail (Score:2)
Usually people suggest you to switch to postfix, qmail and courier - all three are open source as well.
I'll add that Courier's major developer is a very arrogant persont ignoring real life things and that gives you a quite good MTA with no support whatsoever.
The major complain of Qmail users (acrttually admins) is very similar: the major developer is concentratied on revolutionary new version of his program,
Sednmail holes are GOOD (Score:5, Funny)
Re:Sednmail holes are GOOD (Score:2)
Re:Sednmail holes are GOOD (Score:2)
qmail (Score:1)
Dear IT Workers (Score:5, Funny)
Thank you,
--The rest of the fucking Internet
Re:Dear IT Workers (Score:2)
Qmail is free. The source is free for all to see. It's not Open Source.
Both those statements are true. Informally, you can say that qmail is free and open source - it costs no money, and you get access to the source. Formally, though, it's neither Free nor Open Source - it violates the Free Software Foundation's definition of Free Software, and the Open Source Initiative's definition of Open Source.
But I think it's extre
HOLY SHIT (Score:2)
Qmail and postfix hippies: shut the hell up please (Score:4, Insightful)
But that still doesn't make sendmail bad. Software has bugs. Your precious MTAs have bugs too. As a matter of fact, sendmail works. It has worked for decades. It's still around. And it will stay around for decades more.
Before y'all jump up and say: "Look! a possibly remote exploit!". Read the advisory. This will be VERY hard to exploit, besides your test lab where you control the address space and eventual host naming that just MIGHT overflow something, and then you need to figure out if it's even possible to do something more fun other than let some sendmail spawned child crash, whoopdeedoo.
Although it's not impossible to do, I still maintain that admins should patch their systems, but you don't have to rush. I don't see script kiddies exploting this one in the coming time yet. And besides, my data isn't worth crap either, so I'm harly a target.
So qmail and postfix zealots, shut the hell up please. We know. Yes, qmail and postfix are nice, and yes, they have some merits over sendmail and yes, I sometimes choose to prefer them for some jobs, but the inverse is also true. Right tool for the job and all that. Now be happy with your MTA and be done with it. Geez, it's only a mail server.
Re:Qmail and postfix hippies: shut the hell up ple (Score:2)
Guess what, you are not "hardly a target". Script kiddies will hack your machine purely to have another platform to run DDOS attacks from, or to hack into yet other machines.
It doesn't matter who you are or what data you have. If you have an IP address, you are a target, period.
Re:Qmail and postfix hippies: shut the hell up ple (Score:2)
I dare you to hack into this IP address and do something awful to it! I double dog dare you!
I'll even leave sendmail running to help you get in!
Re:Qmail and postfix hippies: shut the hell up ple (Score:2, Interesting)
It's "only" a mail server, but what about a company whose email contains very sensitive information? They may feel safe using, say, smtps and imaps, but if sendmail isn't secure, they're sunk. In addition, getting on a mail server may allow access to a local network filled with insecure windows boxes. Oops.
You seem to be way too attached to sendmail. There are better alternatives [postfix.org] available, so why not use them? I brok
Re:Qmail and postfix hippies: shut the hell up ple (Score:2)
About my "attachement to sendmail": It's all dependant what the machines job is. Read my post aga
Re:Qmail and postfix hippies: shut the hell up ple (Score:2)
And it's only an editor.
And it's only an operating system.
Come on, without fans of programs, the world would be lots less exciting.
Although it's not impossible to do, I still maintain that admins should patch their systems, but you don't have to rush. I don't see script kiddies exploting this one in the coming time yet. And besides, my data isn't worth crap either, so I'm harly a target.
Yeah, I used to say the same thing until I had a box get broken into.
Re:Qmail and postfix hippies: shut the hell up ple (Score:2)
-russ
Re:Qmail and postfix hippies: shut the hell up ple (Score:2)
All software has bugs. Bug-free software and hardware do NOT EXIST
In fact, the fact that nobody claimed that award, does not mean that Qmail is bugfree. Do you really think that some blackhat will give away an advisory? He couldn't care less about $ 500, he can intrude into Qmail boxes that are deployed widely and thought to be secure. That's priceless.
Of co
Re:Qmail and postfix hippies: shut the hell up ple (Score:2)
Clarification: I of course don't intend malice. I just never agreed with DJB's money for bugs scheme, because it will cause the adverse effect of what he's trying to achieve. I don't agree with his licensing either.
Re:You're just the same (Score:2)
Re:No you didn't (Score:2)
Whatever...
Re:Qmail and postfix hippies: shut the hell up ple (Score:2)
Interesting. So
-russ
Re:Qmail and postfix hippies: shut the hell up ple (Score:2)
Not yet, anyway... But read on:
With the current track record I think we can agree that sendmail has had tons of bugs. Since you are claiming that qmail has them to - please point us to ONE.
Claiming *any* piece of software is bug free is naieve. Sure there are bugs. They might not be straightforward to find, but sure,
Re:Qmail and postfix hippies: shut the hell up ple (Score:2)
qmail has no security holes. Hundreds, if not thousands, o
Anyone know if . . . (Score:2)
Re:Anyone know if . . . (Score:2)
Re:Anyone know if . . . (Score:2, Informative)
This is new.
What's the difference (Score:3, Funny)
You need a password to get root access through telnet!
*ducks barrage of rotten fruit*
But seriously, and without the bad humor, it makes me wonder why everyone allways sees X as the bloated, non-scensical, anacronistic piece of junk that is holding LINUX/BSD back. Hell at least I can understand a XF86Conf-4 file (although the old style XF86Conf file is still rather infuriating).
Re:What's the difference (Score:2)
HTH.
Mandatory Postfix ad (Score:3, Informative)
Is your sendmail buggy? Would it be time to change to Postfix [postfix.org]?
Only $0,00.
I use qmail (Score:4, Informative)
Re:I use qmail (Score:2)
Unofficial patched sendmail SRPM (Score:2)
I converted the security patch to a unidiff and applied it to Red Hat's latest sendmail errata SRPM for Red Hat Linux 8.0. Use at your owk risk.
sendmail security (Score:3, Funny)
Take one down debug it around 58 flaws in the code...
supported fix for Red Hat 6.2? (Score:2)
I ask as I belive this weekend is the offical EOL for 6.2 errata.
I still choose Sendmail as my MTA (Score:5, Insightful)
I personally like the way the sendmail community handles these issues when they arise. 2 reports in a row is a bummer, but the frequency is exaggerated. I respect the fact that there are other open source MTAs and think they can be made to work well too (postfix, qmail, exim, etc...).
Please keep in mind that this MTA was around when the network was more of a community (not a lot of
Sendmail pioneered lots of the AntiSPAM/AntiSPAMMER features that are taken for granted today (advanced relay control, ip to dns a record verify, DNS blacklisting etc...).
There are reasons why many (think mega sized corporations around the world) use sendmail in front of their message store systems (Exchange, Notes, Cyrus,
It has/provides:
The ability to use LDAP information for routing.
The ability to use LDAP instead of a flat Alias file.
LDAP intelligence at the port 25 gateway (Think not have unreturnable bounce messages traveling all the way into the network and then getting stuck at your message store) A smart MTA at the gateway will break the connection and not waste time trying to pass the message through.
Pass based (w/crypt options) SMTP Authentication
Certificate base SMTP authentication
Unlimited relay control options (rule sets and milters)
Built in SMTP encryption (TLS/SSL) with support for PKI systems
Multiple queues and deterministic queuing (queue groups)
Fallback MX (this is huge for failover)
Mid-protocol conversation filtering (Milter, do all of your attachment stripping and message scanning without adding extra hops).
Capable of sending email just as fast as any other MTA without violating RFCs (do you really not want to commit your data to stable storage?) and putting your data at risk.
SMTP pipelining (why open a new connection each time?)
Active development with developers developing to the RFC/IETF's standards and the needs of today's internet.
Ability to be configured to avoid port 25 Denial of service attacks that other MTAs are vulnerable to.
My 2 pennies, just another opinion, now leaving verbose mode...
Why I don't like qmail (Score:3, Informative)
2) There are like 5 different programs, each with different user accounts (qmaild, qmaill, qmailp, qmialq, qmailr, qmails, vmail, etc) - all running from the same !@#!@ bin directory! Talk about confusing as !@#! hell when you want to audit permissions!
3) Qmail has a truly hideous license. Yeah, it's "open source", but you can't redistribute changes!!?!
This means:
4) If you want something decent (such as LDAP support,antivirus filtering or integration with SpamAssassin, etc.) you have to apply 57 god-knows patches to the "official" qmail source, and in just the right order to get everything working.
5) The log format is different than sendmail's. While this is understandable, it means that all these neat reporting tools for sendmail can't be used.
And finally,
6) Administering Sendmail on RH Linux is a breeze. up2date sendmail;
-Ben
Re:Why I don't like qmail (Score:2)
You can use qmail with inetd if you want. But inetd is a potential security hazard; why would you complain about an alternative that improves that situation?
2) There
Too Cool for Secure Code (Score:3, Interesting)
I know some places process alot of mail with sendmail and need all the speed they can get, but the monster sites seem to have gone to qmail anyway. Considering the speed of my computer vs. the speed of my 'net pipe, I don't have much of a load on my mailserver, which leads me to ask:
Does anybody know of a good mailserver written in a higher-level language?
This is what, the 82nd remote root-exploit in sendmail due to C coding problems? Let's see something written in Perl or Python or Java, even.
The best sendmail fix out there... (Score:2)
Morality (Score:2)
Send mail with Qmail.
Re:So? (Score:1)
go back rebooting your exchange "server"
All Linux users should be using postfix (Score:3, Insightful)
Sendmail takes (on my system) a thousand-line config file just to have sane settings for the modern world. It has a horrendous security history.
Postfix has non-dumb defaults, is quite secure, and I cannot see why anyone wouldn't use it.
Re:love or hate sendmail..... (Score:2)
BUT most importantly, I haven't needed to patch AFTER installing and configuring. Same for the other DJB stuff. Patches would be to add _features_.
In contrast the ISC stuff is practically in the same category as MS stuff as far as I'm concerned.
Given how DJB is, I'm sure there are tons of people just longing to find an exploit just to stick it to him (I'm sure he knew that too).
And because it's been quite a number of years since my first install, without