At 9:13 AM +1000 2002/08/12, Cameron Simpson wrote:
> I had thought I'd explained that. If you're going to have a mail system
> on your home machine that talks to the outside world, you NEED a valid,
> deliverable domain for it.
Not true. If they have an external mail relay that is configured
to accept anything they transmit (hopefully secured via SMTPAUTH or
TLSSMTP), then this isn't a problem. You just need to make sure that
the envelope sender is set to a valid deliverable domain, but that's
a problem you can easily solve with mutt.
> And that CANNOT be your ISP's domain,
> because there's plenty of accounts on your home machine whose name
> will collide with names in the ISP domain, or just be plain
> undeliverable.
Just make sure that the envelope sender address is set correctly,
and you don't have a problem.
> Egro, you need a domain, and a listening sendmail.
Not true. Provably so.
> As I remarked, my ISP (optus@home) blocks SMTP delivery and therefore
> I can't run a mail service on my home machine without extra finagling.
> And nor can other Optus customers.
It's easy enough to set up port forwarding, including port
forwarding to a different port.
> So in short, many people are not in a position to setup up a valid
> mail system at home, and further don't need one - they only need
> to be able to do SMTP dispatch.
Actually, this statement is true. Just use the SMTP servers from
your network provider.
> Actually, I now have a correctly configured sendmail at home, having
> made external delivery arrangements for my domain. And I still use my
> special wheel, because sendmail doesn't do what I want, not will ANY
> email only tool.
In what way will sendmail not do what you want?
> Since my script does less (and more; I dispatch news with it too) and
> sendmail has a long history of vunerabilities and is overfeatured for
> my needs, I would call that logic a little shakey.
When was the last security advisory for sendmail? That is,
sendmail the program, not some library that all applications use, or
some other mail-related problem that can be potentially resolved with
sendmail.
The most recent CERT Advisory for sendmail that I can find is
dated January 28, 1997 at
<http://www.cert.org/advisories/CA-1997-05.html>.
Now, when I left AOL as their Sr. Internet Mail Systems
Administrator, they were doing an average of about a mail message a
day per user (five million at the time). I understand that they're
over 30 million users today. If you assume linear growth (which
should underestimate the traffic), you would get about five million
users additional per year.
That would be 1.825 billion e-mail messages in 1997 alone, and a
total of about 38 billion e-mail messages over that five year period
of time. And that's just for AOL. Total Internet traffic
transmitted via sendmail is almost certainly many orders of magnitude
larger than this.
How many trillions of e-mail messages has your custom script
delivered over the past five years?
Long ago, Eric got tired of being the security whipping boy of
the Internet. This is why the list of "DONTBLAMESENDMAIL"
configuration options is so incredibly long -- there are so many
things that you should not be doing (for security purposes), but
because people care more about making things work than making them
secure, they need to turn on one or more of these options.
In the past, Eric let these things slide, but no more. Hence,
the options so that people can turn security off again, and make
things work.
> Sorry, but if I were installing from scratch I'd use postfix, not
> sendmail. As it is, I've arranged my own domain and set the (fairly
> easy for a techie) setting in the RedHat sendmail.mc file and am now
> happy. But I still don't use it for mutt dispatch, and never will.
Yes, theoretically, postfix is more secure than sendmail, because
of the "mutually distrustful/absolutely least possible priviledge"
mode of operation. In practice, I don't think it is all that much
less secure, in part because there are so many fewer places around
the world that are running it, and because the code has not yet lived
long enough to be able to claim to truly stand the test of time.
Keep in mind that I've been involved with the development of
postfix since 1998, back when it was still called VMailer. I'm very
proud of this involvement, and there are a lot of things for which
postfix is quite good for.
But if you want to objectively compare the security history of
postfix to that of sendmail, you have to keep in mind that sendmail
hasn't had a CERT Alert issued since a year before postfix existed.
Moreover, there are some features of sendmail that postfix can't
really touch. While it is intended to be a drop-in replacement for
sendmail, so far it has only been able to asymptotically approach
this goal, in part because sendmail has been adding new features in
the meanwhile.
While it is still a very good program overall (including the
simplest and easiest-to-understand configuration file that I have
ever seen in my life), there are a number of ways in which postfix is
markedly inferior to sendmail.
--
Brad Knowles, <[EMAIL PROTECTED]>
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-Benjamin Franklin, Historical Review of Pennsylvania.
GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E W+++(--) N+ !w---
O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++)
tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++)
