Subject: Re: localhost security hole
To: David Porowski <>
From: Todd Vierling <>
List: tech-security
Date: 06/28/2003 23:50:39
On Sat, 28 Jun 2003, David Porowski wrote:

: Sorry to be a "butinski", but I feel compelled to reply
: to this thread.  As a user who is frequently "untethered",
: (laptop) and also security conscience, I would consider the
: following points:

All of which are known and stated, though there are people who put things
before "files" in nsswitch for versious reasons.  I don't, personally.

: I can comment however on sendmail:  it
: is the grandfather of all mail programs, and carries
: some interesting (and arcane) baggage.  Perhaps it is
: time to offer an alternative mail program, like qmail.

Postfix already comes with the base system.  It's a sane alternative to
sendmail -- unlike qmail, which has some major insanity built right in for
your admin hair-pulling pleasure.  And if you call now, we'll send you an
entire ream of RFC-illegal qmail bounces absolutely free!

Of course, I still use sendmail, as I use many more protocols than just SMTP
for mail exchange.  8-)

-- Todd Vierling <>