> I couldn't agree more. That's why I switched to qmail. However, that
> one word reason is unlikely to convince sendmail fans, who will
> immediately counter that sendmail hasn't had a serious security
> problem in months/years. You should be prepared to argue that that
> doesn't mean sendmail is secure.
Good point. I would, however, collect all the CERT reports that detail
holes in sendmail, and draw a graph of exploits found over time for Sendmail
and Qmail. Guess what, one line will look like a teenager with acne, one
will be bare...
Mind you, I still run sendmail internally, but a few more needs to mess
with the sendmail.cf macro configuration and I'll probably make the switch.
The biggest obstacle is that qmail is home-directory oriented, and I run a
sealed server.
> I use the line "I'm not dead, but
> that doesn't mean I'm immortal" to point out the fallacy of assuming
> sendmail is secure (immortal) because it's not currently exploitable
> (dead). Of course, the same can be said of qmail, so explain how qmail
> was designed for security: the modularity, the mutually untrusting
> components, etc., whereas sendmail was designed back when everyone on
> the net knew everyone else, and everyone was well behaved and it has
> an inherently insecure design.
Yes, "designed for security" says a lot of that for me.
I'd also point out the enormous amount of cruft. Sure, you can write a
tic tac toe processor with sendmail.cf format, but I'd prefer my mailer be
doing mail than playing games. That sort of complexity may have been
required way back when, but is it now? I don't think so. Another huge plus
of qmail is the simple configuration protocol (although the documentation
could be seriously improved; let's hope Russell's upcoming book does that).
--
gowen -- Greg Owen -- [EMAIL PROTECTED] -- [EMAIL PROTECTED]
Please note my new [EMAIL PROTECTED] address which will
become my default address in March, and which works now.
