Subject: Re: version of postfix in base system?
To: David Laight <david@l8s.co.uk>
From: Steven M. Bellovin <smb@research.att.com>
List: netbsd-users
Date: 08/04/2003 17:28:38
In message <20030804222312.O810@snowdrop.l8s.co.uk>, David Laight writes:
>On Mon, Aug 04, 2003 at 04:26:26PM -0400, Steve Bellovin wrote:
>> What version of Postfix is in the base 1.6.1 system?  There have been a 
>> number of security advisories on Postfix 1.1.11 and 1.1.12.
>
>Mmmm, who was it who wanted to use postfix instead of sendmail
>because of all the vulnerabilities that have been found in sendmail?
>

I don't recall who was advocating it; I certainly think that Postfix 
has a much better track record, even with these two problems.  Have you 
read the announcements?  The issues are pretty small, and *don't* 
include system penetration.

		--Steve Bellovin, http://www.research.att.com/~smb