[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: sendmail trouble

Bob Proulx wrote:
> I also ran Sendmail for years.  It was a good mailer in its day and
> has set the standard.  But unfortunately it has had a long history of
> security vulnerabilities.  Mostly this one thing is what has driven
> people away from it.

Sendmail/Exim/Postfix/Smail have all had security vulnerabilities
reported as recent as this year.

> Of course now most people use the m4 macros to make this much easier. 
> But being macros you are really not getting away from the underlying
> language and for many things you will still need to work with the low
> level sendmail language.

The examples I can think of are very few. Using m4 macro's is not
complicated.. Exim is complicated.

> But for example Postfix follows the unix paradigm and has
> many smaller programs that do targeted tasks. Very few of the programs
> run with elevated privilege.

I run mailq/runq once in a while, the former is a user command. I'm
unsure why sendmail runs as root if exim/postfix don't.

Well, I'm not exactly convinced that anyone should be saying anything
like "dump sendmail, run postfix or exim" (a poor quote, sorry). Do they
have nice config/setup programs? I don't like sendmail's very much, it
requires manually editing sendmail.conf. Not a particularly difficult
task, but still.. :(

        ~# dpkg-reconfigure sendmail  ...Doesn't work.

Reply to: