[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Qmail Vs. Sendmail
On Mon, 17 Aug 1998, Ira Abramov wrote:
> > * Doesn't REALLY improve security, though better than sendmail in this
> > issue
>
> then you are sugesting there are secutiry holes. well, there's a bounty of
> quite a nice sum (over $1000 AFAIR) that has been waiting there for over
> 18 months or more (since version 1.00) for the person who will find a
> security hole in it, go ahead and collect it, if you found such a hole.
> let me remind you that Sendmail is now about 10 YO and is at the ninth
> iteration of it's version 8, and still security fixes come at a rate of
> 3-4 a year.
ISS Internet Security LTD. has joined the offer by the author and the
so-called "bounty" is $100,000 for the past 7 monthes. Do you really think
nobody tried to find a remote/local security hole? It a damn big amount of
money. I'm on the qmail list for like the last 1.5 years, there have been
something like 15000 postings, of which only several dozens were by people
who thought they have bugs in qmail, none of of them is a security hole.
> > * not-so-compatible
>
> with what? like other replyers here said, it conforms with the RFCs.
> add-ons have been written to make it compatable with /etc/aliases and
> .forward files. (but I never use any of them really)
It supports /etc/aliases, .forward, procmail, vacation, and virtually
everything else you can use on top of sendmail.
Shachar Tal
-------------
Taub Computer Center, Technion, Israel Institute of Technology
KeyID 0481FEF1 fingerprint = 52 1B 97 6A F2 77 AE C6 64 B6 5A 5E 14 28 8E 7E