On Wed, Jun 16, 2004 at 10:03:05AM -0400, Mark Frank typed:Just curious. What sendmail bugs are you referring? Have you reported them to sendmail.org?
Probably just hear-say. There's so much bad-mouthing sendmail! Most of it by people who got lost in sendmail's many configuration options, but instead of reading some docs they drop it, telling everybody they should avoid sendmail at all cost.
There are many people who find it difficult to configure sendmail and thus criticise sendmail as a result, agreed. Some of those complaints are unjustified, agreed.
However....
Too bad, 'cause to me and many others sendmail is one of the most reliable and compliant MTA's in existance today. And there hasn't been
a major security problem in years.
The last major security hole in sendmail was 8 months ago:
8.12.10/8.12.10 2003/09/24 (Released: 2003/09/17)
SECURITY: Fix a buffer overflow in address parsing. Problem
detected by Michal Zalewski, patch from Todd C. Miller
of Courtesan Consulting.There have been around 70 security issues mentioned since the beginning of sendmail-8 circa 1993, or about six per year. Recently, things have gotten better, but a dispassionate evaluation of the security history of sendmail does not inspire any great confidence that one can set up sendmail, leave it unpatched, and expect the software to still be free of known remotely-exploitable security problems two years later.
-- -Chuck
_______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
