On Mon, 5 Jun 2000, mouss wrote:
> [EMAIL PROTECTED] wrote
> > ok firstly kill off sendmail and replace it with qmail (www.qmail.org)
>
> "just say no". while I am not a fan of sendmail, while qmail is
> certainly a good MTA, there is no complete and rigourous proof that
> would make it necessary for everybody to just replace sendmail with
> qmail.
Historical defects would be proof, not sure how rigorous you need, but
it's a no-brainer in my opinion. Sendmail's design and history carry a
lot of baggage that doesn't have a good place in a security solution.
> Sendmail is still widely used, and not only by stupid people.
The Baywatch argument doesn't hold water in security.
> Also, the FWTK's smap and smapd have been and are still used with
> sendmail, even on the Gauntlet, and nobody seems to say that this
> is stupid.
It's stupid. I've *never* relied on the smap/sendmail combination, even
on Gauntlet. Anyone with a good clue who was still using smap when
anti-relay code became necessary probably switched to somethign else then.
People who were stuck not modifying installs probably stuck a different
MTA on the outside as the primary MX.
I prefer Postfix to qmail, but both are easily better soltuions to
mail gatewaying that sendmail. Exim would probably be my third choice.
If you need a specific feature of sendmail, then by all means use it, but
if you don't, a smaller more modular MTA is preferable, most especially on
a firewall.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
[EMAIL PROTECTED] which may have no basis whatsoever in fact."
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
