[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: sendmail trouble

James Vahn wrote:
> Bob Proulx wrote:
> > I think you will get at least ten responses suggesting that you should
> > move away from sendmail.  Half will be to postfix.  Half will be to
> > exim. 
> Any idea why? I've never understood why Debian moved to Exim as the
> default MTA. Longtime sendmail user, 10-11 years.
> ...
> But your statement is one that I've often wondered about...
> Any feedback? What am I missing? thanks!

I also ran Sendmail for years.  It was a good mailer in its day and
has set the standard.  But unfortunately it has had a long history of
security vulnerabilities.  Mostly this one thing is what has driven
people away from it.

The classic unix paradigm is to have many small programs that are
specific and targeted.  Each program does one thing and does it well.
Smaller programs are combined to form more powerful programs.  This is
the basis of the cat, grep, sed type of paradigm.

Sendmail violates this classic unix philosophy.  It is one huge
monolithic program.  Worse it is one huge monolithic program that runs
as root.  Therefore almost the entire program is available to find a
security whole.  And the history of security holes is very long in
Sendmail.  It is just a hard thing to secure.

Additionally sendmail's configuration syntax is complex in its
simplicity.  It has a very low level configuration language that makes
doing high level tasks tedious.  And being so very flexible it is
itself a vector of attack.  Of course now most people use the m4
macros to make this much easier.  But being macros you are really not
getting away from the underlying language and for many things you will
still need to work with the low level sendmail language.

To counter the problems in Sendmail programs like Postfix and Exim are
a fresh rewrite.  They benefit from the experience gained from
Sendmail.  But for example Postfix follows the unix paradigm and has
many smaller programs that do targeted tasks.  Very few of the
programs run with elevated privilege.  A non-root user is used for
tasks that allow this.  This isolation makes auditing the code much
easier because smaller sections of it are vulnerable to attack.
Historically Postfix and Exim have had significantly fewer
vulnerabilities and they were found were usually of lessor consequence
than Sendmail.

Personally I like Postfix because it is very powerful, fast and yet
simple to configure because it is almost entirely table driven.  I
don't know as much about Exim but through association it also seems to
be a capable mailer.

I hope this helps,

Attachment: signature.asc
Description: Digital signature

Reply to: