Solved: Sendmail question. Problem with yahoo.

Tom Buskey tom at buskey.name
Mon Apr 14 11:55:18 EDT 2008 

On Mon, Apr 14, 2008 at 11:34 AM, Ben Scott <dragonhawk at gmail.com> wrote:

> On Mon, Apr 14, 2008 at 10:59 AM, Tom Buskey <tom at buskey.name> wrote:
> > Sendmail has a long history of security problems.
>
>   I have to point out that the above statement would be equally true
> if one wrote "Unix" instead of "Sendmail".  (This is not a snide
> remark, although it may qualify as "subtle".)


I can't disagree with you there.  I used to work at a paranoid security
firm.  Sendmail was written by 1 person & they avoided all code by that
person because of the coding techniques/style lent itself to buffer
overflows.  Unix had many more authors and different coding styles.

  Separate from the above: From what I know if it, Postfix has a more
> modular design than Sendmail.  Such designs usually lend themselves to
> task isolation and least-privilege, which is usually good for
> security.  It's interesting, but despite Sendmail's more flexible


Security was part of the design goal from day one.  Sendmail was created in
a different era.  In fact, the 1st internet worm in 1988 was enabled because
of the root access backdoor written into Sendmail.  That stuff isn't in
Sendmail anymore of course.

design, implemention of these concepts came later.  When they did
> arrive, though, they were implemented using the same Sendmail
> configuration facilities already existent.  I'm not sure that last
> part really matters, much, though.  The source code to everything is
> readily available.  What difference does it make if one has to write a
> new .c file vs a new .cf file?  That might matter on a
> slavery-software platform, but surely we all know that story by now.
>
>  It may be worth noting that Postfix was created by Wietse Venema,
> the same person who created tcp_wrappers.
>

Qmail was written by DJ Bernstien, also with a security mindset.

I know Qmail hasn't accepted outside code.  I don't think Sendmail has.
Does Postfix? Does Exim? Does any MTA have multiple authors?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.gnhlug.org/mailman/private/gnhlug-discuss/attachments/20080414/53ec3b9a/attachment.html

More information about the gnhlug-discuss mailing list