why is sendmail the adopted mta?

Atte Peltomaki koston at iki.fi
Mon Jan 3 02:25:55 PST 2005


> > > > Why do I have gripes with sendmail?
> > > > 1) Its difficult to configure
> > > > 2) it has a lousy security track record
> > > > 3) there are very good (superior) alternatives
> 
> > about 2)
> > Sorry, but sendmail's track record on security isn't my opinion.. its
> > a know historical fact!
> > Postfix is more secure _by design_, and experience shows that on
> > field.... the security track record of postfix is simply _very good_.
> 
> Sendmail has a lot of eyeballs looking at it. Also, one of the sendmail
> maintainers (Mr. Shapiro) is keeping our version in base up to date.
> Please don't whine about sendmail. It works, it's tried and tested, and
> if you don't want it, then don't use it. Sendmail isn't even enabled as
> a MTA per default (only for local mail delivery and as a remote
> transport, not as a server that accepts mail and/or listens on a port).
> 
> For all intents and purposes, sendmail works fine. One could do a lot
> worse. And the security track-record of sendmail the last few years has
> been very good.

I took a look at freebsd.org and their security advisories. I found
these about sendmail from the last few years:

FreeBSD 4.9-RELEASE:
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:13.sendmail.asc
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:11.sendmail.asc

FreeBSD 4.8-RELEASE:
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:07.sendmail.asc
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:04.sendmail.asc

FreeBSD 4.4-RELEASE:
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:57.sendmail.asc

Three of the more recent exploits also seem to all relate to same issue
in the code. The record is not perfect, but I wouldn't say it's
unbearable either. 


-Atte





More information about the Users mailing list