On Wednesday 16 July 2003 14:48, Christopher Fisk wrote: > On Tue, 15 Jul 2003, Mikhail P. wrote: > >You can try qmail, which is much smaller than sendmail and much more > >secure. > > I'm sorry, what known security issues are there with Sendmail 8.12.9? > None? > > How many known security issues are there with qmail? None? > > Since when is None "much more" than None? > > > Christopher Fisk > -- > I WILL NOT USE ABBREV. > I WILL NOT USE ABBREV. > Bart Simpson on chalkboard in episode 2F33
You probably do not know history of sendmail very well, my friend. Latest version of qmail was released in 1998. Since that date nobody managed to find security holes in official qmail distribution (I'm not talking non official qmail patches, but plain qmail itself). Sendmail was written to be MTA with more features, but author did not think about security in sendmail. Did you count holes in sendmail since 1998? There was/is a lot of them according to bugtraq So basically once new hole in sendmail will be found, everyone (sendmail users) will need to rush and upgrade/patch sendmail before server will be root'ed - this can be very painful process if you have to maintain a lot of servers. While qmail users will still use qmail and not worry about security holes in it, which is a huge plus I think. Based on those 3 statements I'm saying that qmail is more secure than sendmail. -- To segfault is human; to bluescreen moronic. -- From a Slashdot.org post -- [EMAIL PROTECTED] mailing list
