Hume,

Please explain how sendmail is a security hole. There are some who may
still distribute very old and therefore insecure versions of sendmail but
the version that ships with NetBSD is quite recent.

On Tue, 8 Jun 1999, Hume Smith wrote:
> >Sendmail is THE program to handle mail. It is not easy to configure but
> >there is nothing better.
> 
> uhm... IMO, Sendmail is a security hole with the useful side effect of
> mail exchange.  It supports way more than most places need anymore,
> it's hell to configure (ie it's hard to have any confidence that it's
> working right)...  it's slow, even though it was originally built to
> run on slow machines (hence the hideous config file - easy to
> internalise).
> 
> i replaced it with Exim <URL:http://www.exim.org/> for an ISP once.  
> Exim just about dropped into place (Majordomo was the only thing that
> gave trouble; Exim may be a bit more POSIX about stderr or something),
> worked well, it was easy to get the spam blocking i needed...

--------------------
Claude Marinier, Information Technology Group    claude.marinier@dreo.dnd.ca 
Defence Research Establishment Ottawa (DREO)    (613) 998-4901  FAX 998-2675
3701 Carling Avenue, Ottawa, Ontario  K1A 0Z4         http://www.dreo.dnd.ca