Subject: Re: Help with setting up a pop server
From: Jim Cole (greyleaf@yggdrasill.net)
Date: Sun Aug 05 2001 - 17:06:53 MDT
Can someone point me to references discussing the apparently infinite
number of security holes in sendmail? A quick search for sendmail on
CERT's site turned up several advisories, the most recent of which are a
few years old. Also references to studies that show sendmail's performance
to be deplorable as compared to other packages with equal functionality
would be appreciated.
Not trying to start anything here. Just looking for some minimally biased
facts upon which to make future decisions ;)
Jim
Graham Leggett's bits of Sun, 5 Aug 2001 translated to:
>Robert Brandtjen wrote:
>
>> PS. Not to start a flame war - but I like sendmail, after reading u on it,
>> it's not so hard to configure a secure daemon with it - you have to remember
>> that if sendmail receives more hacks then any other MTA it's because it
>> moves nearly 90% of the "net's mail.
>
>Not true - a product doesn't become more or less secure simply because
>there are more installations of it. A hole is a hole regardless and
>sendmail is full of them. Another reason to ditch sendmail is
>performance - it ranks pretty much stone last by a long margin.
>
>Regards,
>Graham
>
This archive was generated by hypermail 2a24 : Sun Aug 05 2001 - 16:14:32 MDT