Sendmail vulnerability

Richard A Downing FBCS CITP richard at langside.org.uk
Thu Mar 30 13:18:37 PST 2006


Bruce Dubbs wrote:
> Richard A Downing FBCS CITP wrote:
>> Randy McMurchy wrote:
>>> There is a serious security problem in all versions of Sendmail prior
>>> to ...
>>
>> Isn't there always?  :-)
> 
> No, not really.  It has been quite stable the last five years or so.
> Actually the security is pretty good for a program originally written in
> 1979.  That's before PC-DOS.

Joking apart, every version of Sendmail eventually gets a security
problem and has to be replaced.  This means that the security problem
was always there, just never exploited.  So my joke isn't really funny
at all.  This doesn't mean that Sendmail is any better or worse than any
other mail server though, and I wasn't suggesting that.

I prefer XMail, but only because you don't need to spend 40 bucks to get
a book on how to set it up (pity I spent the 40 to find that out though).

Qmail is probably the best from a security POV, but I just can't bring
myself to use anything from that guy, and I can't be bothered to force
it into my idea of how the filestore should be anyway.

R.




More information about the lfs-security mailing list