sendmail is a security nightmare, for versions <=7

sendmail is a security nightmare, for versions <=7

Posted Sep 1, 2006 1:03 UTC (Fri) by dlang (subscriber, #313)
Parent article: A comparison of Mail Transfer Agents - Part Two

since the 8.x release sendmail has been pretty good from a security point of view, to the extent that the old saw about the biggest target having the most reports has some validity.

it does suffer a little from supporting every OS under the sun (and the complications that are nessasary to do this)

sendmail also has a ton of features that most people don't need, but when you need them they are relativly easy to turn on.

sendmail has three different ways of configuring it

from easiest to hardest they are

1. the Sendmail INC GUI, (interprets and creates .m4 files)

2. manipulating m4 files (get compiled into .cf files)

3. manipulating .cf files

saying that sendmail is hard to administer becouse .cf files are bad is like saying that developing a compiled python program is hard becouse the resulting binary is hard to understand and change (here the three levels are python->C->machine code) only experts who are doing really strange things should ever need to manipulate the .cf files

this hasn't always been the case, back in the sendmail 5 days people were expected to work with the .cf files directly. Frankly I'm glad I'm young enough to have missed those days :-)

---

(Log in to post comments)