Slashdot Mirror


Sendmail Removed From NetBSD

Derkjan de Haan writes "Christos Zoulas removed sendmail from the NetBSD source tree, after a lot of discussion about its security track-record. Sendmail will remain available from pkgsrc." But without sendmail.cf foo, how will we distinguish between the best admins and the mediocre? Sendmail was more useful as a litmus test than as an MTA ;)

4 of 248 comments (clear)

  1. sendmail.cf test by cowbutt · · Score: 4, Insightful
    But without sendmail.cf foo, how will we distinguish between the best admins and the mediocre? Sendmail was more useful as a litmus test than as an MTA ;)

    In that the mediocre admins will bodge some hacks into sendmail.cf to make sendmail appear to perform the job they need it to, whilst the best admins will take the presence of sendmail.cf as an indication that they need to remove sendmail and replace it with something that's actually fit for purpose? :-P

    1. Re:sendmail.cf test by tqbf · · Score: 4, Insightful

      Exim is not a secure replacement for Sendmail. qmail and Postfix were both designed explicitly for security, and include:

      1. Privilege seperation
      2. Rewritten IO and string libraries
      3. Minimal-privilege SMTP listeners
      4. The backing of a security luminary (Bernstein or Venema)

      Exim was designed as a modernized SMail. It's got the same monolithic architecture as Sendmail has, meaning security vulnerabilities in Exim are less survivable than they are in qmail or Postfix, where a buffer overflow (none of which have ever been found, unlike in Exim) only gets you a one-off UID.

      I don't know how Exim has managed to brand itself as one of the "secure MTAs", but it's just a marketing trick.

  2. Re:Sendmail is a pain in the ass by nullset · · Score: 4, Insightful

    Do you complain about how complex C is because editing object files (.o) is hard?

    sendmail.cf is a compiled file. If you configure sendmail with m4, the way it's supposed to be done, it's not that hard.

    ttyl,

    --buddy

  3. Re:The Security Concerns by arivanov · · Score: 4, Insightful
    Honestly, I've never heard of anyone being hacked through sendmail either.. but that doesn't mean it didn't happen.

    I had. Several times back in 1996. Made me switch to qmail and after that to exim.

    As far as sendmail is concerned it is a good MTA provided that:

    • You have the money to pay for every edition of the "Hanging Bat" as it comes out. No point to even try doing anything moderately complex without it. Similarly you have to be a kbd+book person. Not all admins are.
    • You work for a large corp or edu which has fairly complex mail handling requirements. Less complex cases can happily get around using Exim or Postfix.
    • You intend to buy commercial software for some functions. The choice for commercial interfacing of archiving, compliance, AV, AntiSPAM on Unix is between milter and milter. Very few products interface into something else like exim filters.
    --
    Baker's Law: Misery no longer loves company. Nowadays it insists on it
    http://www.sigsegv.cx/