[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Newbie: Is there a basic Debian-for-ISP HOWTO?

Hi,

On Mon, Jul 29, 2002 at 03:10:42PM -0400, Bulent Murtezaoglu wrote:

> [This is exactly the kind of exchange I was trying to avoid, oh well]

Yes, but it's fun once in a while, isn't it ;-)

> >>>>> "EvB" == Emile van Bergen <emile-deb@evbergen.xs4all.nl> writes:

>     EvB> In short, you can only compare qmail and sendmail. Not only
>     EvB> does the latter have a bad reputation for complexity, but for
>     EvB> its amount of bugs and lack of security as well. 
> 
> What you say aboout sendmail was true in the late 80's to mid-90s.  Its
> recent track record is much better.  Do you know of any recent
> vulnerabilities other than the monor ones mentioned at
> http://www.sendmail.org/ ?

No, but I argue that even though a lot of its problems may have been
because of simple programming bugs, it has a design that's hard to get
secure anyway. Doing *everything* by employing a /macro/ language (the
.cf, I'm not talking about M4 here) to rewrite addresses, which may
occasionally also be interpreted as files or programs is asking for
trouble IMHO. As you say, it has taken a *lot* of time to bolt enough
checks on it to make it at least reasonably secure.

> Sendmail is _very_ flexible but it is probably not good for the
> inexperienced admin.  If you are willing to read documentation and M4
> doesn't scare you, it is a fairly safe bet.  

Which bet being safe? That it can eventually do what you want, given
enough time and attention? Probably. But that goes for most MTAs, and
sendmail probably doesn't even score best as far as the time required to
achieve a particular level of functionality goes.

Really, other than its flexibility in *really* weird cases, I can see
nothing that makes me even consider it above qmail. If qmail can't do
what's needed for whatever reason, I'd look at Postfix first, and then
perhaps at Exim, and then I'd think really hard if it's not a stupid
idea I'm trying to do anyway, and *then* I'd see if Sendmail can do it.

> In my most humble opinion one ought not be running an ISP of any
> viable size if one has trouble getting sendmail to do what's needed.  

Ah, the old initiation-by-sendmail.cf idea. Well. I'd say that an
administrator who has been through it probably has some stamina, and is
able to grasp a certain level of complexity, but other than that, I
wouldn't consider "willing and able to set up sendmail" a good criterium
for knowing how to run an ISP. Grasping BGP, *SMTP*, DNS, HTTP, Unix and
having some rudimentary knowledge about programming computers in general
seem so much more important. If you do, you'll also have less trouble
evaluating software on criteria other than "it's the standard", and "X
says it works fine for him"... If those were the ones that matter most,
we'd not be talking in a Debian forum but in windows-isps.msn.com.

Cheers,


Emile.

--
E-Advies / Emile van Bergen   |   e-advies@evbergen.xs4all.nl
tel. +31 (0)70 3906153        |   http://www.e-advies.info


-- 
To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: