Re: (OT) Prejudice against sendmail?

[John Kelly <jak@isp2dial.com>]

On Fri, 1 Sep 2006 12:49:48 +0200, Martin Möller <listen@andvari.de>
wrote:

>Do you have some expirience with sendmail

Sendmail has the best integration with cyrus imapd, via socket maps.

Sendmail also has a commercial organization which relies on the open
source codebase, so you have more than one paid developer working with
the code.

The linux kernel has security holes on a more frequent basis than
sendmail.  But I stay up to date with fixes, and my systems have never
been compromised via sendmail or the linux kernel.

With postfix the learning curve is not as steep as sendmail, and the
postfix community is densely populated with unskilled users.  There's
more experience and skill in the sendmail community, though newcomers
may find it hard to extract.



On Fri, 1 Sep 2006 13:11:53 +0200, martin f krafft
<madduck@debian.org> wrote:

>It's a monolithic setuid binary. It's flawed by design, IMHO.

daves:~ # ls -al /usr/sbin/sendmail
-r-xr-sr-x  1 root mail 681648 2006-08-12 14:59 /usr/sbin/sendmail

setgid mail.



Also see:

http://www.postfix.org/MILTER_README.html

which says:

>The Postfix Milter implementation uses two different lists of mail
>filters: one list of filters that are used for SMTP mail only, and
>one list of filters that are used for non-SMTP mail. The two lists
>have different capabilities, which is unfortunate. Avoiding this
>would require major restructuring of Postfix.

And thus postfix is a very weak argument against monolithic design.