sendmail 8.14 has a serious memory corruption bug in it

Bill Hacker wbh at
Wed Feb 20 03:06:37 PST 2008

Matthias Schmidt wrote:
* Petr Janda wrote:
On Wed, 20 Feb 2008 11:50:22 am Bill Hacker wrote:

Sendmail fits better than most for low/no admin to JFW at getting logs
off-box and fit licensing parameters.
Those implementing a full-bore MTA for serious use will make 'a'
selection on the criteria dearest to them, and that has naught to do
with what is/is not in base anyway.
I don't think that answers the question why does Sendmail, a full blown mail 
daemon, with a long history of security issues have to be in the base: if DMA 
can satisfy for local mail delivery - required by some maintenance scripts, 
and would incidently be easier to maintain due to its small size.
dma can already deliver mails to local and remote destination.  The only
thing thats missing is .forward support, but I'm working on this.  It
will be in the tree some time after 1.12 is out.
Give dma a try, send bug reports, comments, fixes, patches :)

Isnt this the reason DMA was written anyway?
The reason why dma was written is easy.  We want to have a tiny piece of
software which can deliver mails to local and remote destinations
out-of-the-box.  No more, no less :)

Where can one find more info about dma?

My specific interest is relative resistance to abuse / misconfiguration 
with default settings - relative to sendmail et al.


More information about the Kernel mailing list