Hi, On Mon, Jul 29, 2002 at 03:10:42PM -0400, Bulent Murtezaoglu wrote:
> [This is exactly the kind of exchange I was trying to avoid, oh well] Yes, but it's fun once in a while, isn't it ;-) > >>>>> "EvB" == Emile van Bergen <[EMAIL PROTECTED]> writes: > EvB> In short, you can only compare qmail and sendmail. Not only > EvB> does the latter have a bad reputation for complexity, but for > EvB> its amount of bugs and lack of security as well. > > What you say aboout sendmail was true in the late 80's to mid-90s. Its > recent track record is much better. Do you know of any recent > vulnerabilities other than the monor ones mentioned at > http://www.sendmail.org/ ? No, but I argue that even though a lot of its problems may have been because of simple programming bugs, it has a design that's hard to get secure anyway. Doing *everything* by employing a /macro/ language (the .cf, I'm not talking about M4 here) to rewrite addresses, which may occasionally also be interpreted as files or programs is asking for trouble IMHO. As you say, it has taken a *lot* of time to bolt enough checks on it to make it at least reasonably secure. > Sendmail is _very_ flexible but it is probably not good for the > inexperienced admin. If you are willing to read documentation and M4 > doesn't scare you, it is a fairly safe bet. Which bet being safe? That it can eventually do what you want, given enough time and attention? Probably. But that goes for most MTAs, and sendmail probably doesn't even score best as far as the time required to achieve a particular level of functionality goes. Really, other than its flexibility in *really* weird cases, I can see nothing that makes me even consider it above qmail. If qmail can't do what's needed for whatever reason, I'd look at Postfix first, and then perhaps at Exim, and then I'd think really hard if it's not a stupid idea I'm trying to do anyway, and *then* I'd see if Sendmail can do it. > In my most humble opinion one ought not be running an ISP of any > viable size if one has trouble getting sendmail to do what's needed. Ah, the old initiation-by-sendmail.cf idea. Well. I'd say that an administrator who has been through it probably has some stamina, and is able to grasp a certain level of complexity, but other than that, I wouldn't consider "willing and able to set up sendmail" a good criterium for knowing how to run an ISP. Grasping BGP, *SMTP*, DNS, HTTP, Unix and having some rudimentary knowledge about programming computers in general seem so much more important. If you do, you'll also have less trouble evaluating software on criteria other than "it's the standard", and "X says it works fine for him"... If those were the ones that matter most, we'd not be talking in a Debian forum but in windows-isps.msn.com. Cheers, Emile. -- E-Advies / Emile van Bergen | [EMAIL PROTECTED] tel. +31 (0)70 3906153 | http://www.e-advies.info -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]