View Full Version : Sendmail Alert
October 9, 2002, 05:06 AM
CERT has come out with a Sendmail alert.
Get details at http://news.com.com/2100-1001-961311.html?tag=fd_top_2.
As Linux grows in popularity, more attacks are being designed to target it.
Can anyone recommend a Linux oriented security newsletter? I need something that is emailed every week or so.
October 9, 2002, 09:29 AM
here is a hint : USE QMAIL or POSTFIX [exim also] !!!!
I will never understand why there is a need to run sendmail which has historically been insecure.
Qmail has not had a vulnerability in *many* years and therefore has had little updates to the code since 1998 (version 1.03) , just read the security doc . And just incase you wonder if qmail can handle load my company sends between 700k and 1M multipart messages through a qmail system during a campaign (lasting a couple hours). All from a 2x700MHz 512MB qmail server.
Sendmail is harder to understand than qmail or postfix, so i just don't get the loyalty.
October 9, 2002, 10:26 AM
oops i think i need to learn to read the CERT advisory before going on a rant , seems to be that some people downloaded a trojoned version of sendmail.
well it begs the question, why download sendmail from any other site but sendmail.org.
However my rant remains , since i think that people should be aware that there are secure alternatives to sendmail.
P.s. My co-worker tells me that depending on config. postfix is capable of sending more that qmail, yes i have caused a local flame war and it seems i am going to lose :(
Powered by vBulletin® Version 4.2.0 Copyright © 2013 vBulletin Solutions, Inc. All rights reserved.