[2135] in bugtraq
sendmail alternative?
daemon@ATHENA.MIT.EDU (Robert Owen Thomas)
Fri Aug 18 12:14:48 1995
Date: Fri, 18 Aug 1995 09:27:25 -0500
Reply-To: Bugtraq List <BUGTRAQ@CRIMELAB.COM>
From: Robert Owen Thomas <rthomas@pamd.cig.mot.com>
X-To: Bugtraq List <BUGTRAQ@CRIMELAB.COM>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@CRIMELAB.COM>
In-Reply-To: "Dr. Frederick B. Cohen" <fc@all.net> "CERT Alert on new sendmail
bug - any info?" (Aug 18, 8:35am)
having seen many a post regarding sendmail vulnerabilities, perhaps an
alternative for sendmail should be considered. how about smail?
i have found smail to be simple to configure, easy to debug, as well as
both durable and secure. although there are a few particularly noxious
security holes, i have patched all (simple fixes) and have yet to happen
upon any more.
now i am not going to say that smail is 100% secure. nor will i say that
smail is necessarily better. site requirements will dictate that. i run
sendmail, smail, and (groan) MMDF at miscellaneous sites. rather, i think
it is important that admins realize there *is* an alternative.
the security holes were posted here some time ago. check the archives for
more information. you may obtain smail (latest version is 3.1.29) from:
ftp://gatekeeper.dec.com/.8/mail/ta/smail/
ftp://convex.convex.com/pub/smail/
ftp://cs.orst.edu/pub/src/comm/network/
not looking to start a religious war about MTA's,
--robert
--
o robert owen thomas: unix consultant. cymro ydw i. user scratching post. o
o e-mail: Robert.Thomas@pamd.cig.mot.com --or-- robt@cymru.com o
o vox: 708.435.7076 fax: 708.435.7360 o
o "When I die, I want to go sleeping, like my grandfather... o
o Not screaming, like the passengers in his car." o
