Spam problem
John Van Ostrand
john-Da48MpWaEp0CzWx7n4ubxQ at public.gmane.org
Thu Jun 14 19:26:09 UTC 2007
On Thu, 2007-06-14 at 10:40 -0400, Lennart Sorensen wrote:
> sendmail has a long history of being a security disaster. Why anyone
> ever uses it anymore is beyond my imagination. Why not postfix or exim?
> Simpler to configure, way less security problems over the years.
Okay with flame bait like that I need to at least give a compelling
counter argument.
Sendmail has a long list of vulnerabilities because it's been around
since the early 80's (postfix is only 8 years old). It was tagged as
insecure a long time ago and people just don't seem to want to give up
on that. It's had it's share of security issues, but so have lots of
other programs that we use every day (like Linux, OpenSSH, OpenSSL,
etc.)
I've run Sendmail since I gave up trying to get MMDF working in 1994 and
I have yet to fall victim to a vulnerability. That's on dozens of
systems that I administer for my company and clients.
Sendmail has been distributed in Unix systems for over a decade and it
may have achieved its notoriety because vendors back then did not ship
with a secure configuration leaving many systems configured as open
relays. It was also the predominant MTA for a very long time.
For some reason people also think its configuration is still difficult.
Again this is out-dated. It certainly was difficult when I was using it
back in 1995. However, its complex configuration allowed me to setup
virtual domain hosting when all the larger ISPs still used aliases (e.g.
so they couldn't have both sales-PV5Ro7/Mrj4 at public.gmane.org and sales-XauvlLoUTruG5qFZezUJ9A at public.gmane.org)
That changed years ago when M4 macros were put to use. Now I can
configure sendmail faster than Postfix and usually only a few lines of
M4 config file need to be changed to support very advanced features.
I do like Postfix too. I find its method of configuration in some ways
more flexible than sendmail and in others more constrictive.
sS for performance sendmail suits my needs. My heaviest email server
processes about 15,000 messages a day and, in times of heavy spam, has
peaked well above that and sendmail has been efficient. Now if I was
doing a million messages a day I might shop around.
And in the end Madison's problem may not have been sendmail after all.
Sorry for the rant, but as a long time sendmail user I wanted to at
least provide a more extensive viewpoint.
--
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy
mailing list