> The essential question is: can a user who doesn't know much just set
> up a system with a mailer? My anser is: Not with sendmail. Not
I disagree. By following the Installation instructions, someone with a
small degree of intelligence can configure Sendmail to run for a good
sized mailhost. It doesnt take much time, or effort to cut-and-paste
into a file to run through M4.
> without being a menace to the rest of the internet community, and not
> unless they have a lot of free time to learn sendmail. The problem
If you were going to write your own config file from scratch, you'd have
to learn Sendmail. However, you dont need to anymore. The first time I
built a config file for Sendmail, it took about 30 minutes. Thats not
bad from start to finish, and it only needed a few small minor tweaks to
get things running even better.
> with that is once you've learned to configure and work around
> sendmail, the knowledge you have applies only to sendmail, and not to
> any other MTA.
But considering the sheer number of hosts that use Sendmail, is that
such a bad thing?
> I don't consider their history to be responsible, and I feel burned by
Have you followed the development track for Sendmail? I have ran into a
few small problems with Sendmail over the years, and I was always able to
get help by posting a message to USENET. Whenever there is a security
hole for Sendmail, they rush to put out a fix, and usually have one out
within 24 hours. I consider this to be very responsible when they are
compared to big companies like Microsoft, or Sun even, who often times
take weeks to release patches for their OS's.
> sendmail. The "superior" product is (if true) a very recent
> occurance. Your opinion, doesn't at all reflect the reality of this
> january's bug w/ not accurately recording the receiving IP address if
> a buffer of 1k is overflowed in the smtp conversation (essential to
> crack down on spam). Nor does it address sendmail's long history of
> being unreliable and buggy.
What on earth are you talking about unreliable and buggy. We have been
using Sendmail for years, and send out a massive amount of email through
it on a daily basis (in excess of 20,000 messages every day) and not once
has Sendmail ever crashed, gotten hung up, or bogged the systems down so
that they were unuseable. My opinion is based on real-world scenarios.
I dont care if someone can hide their domain by passing a really long
HELO string, because the real SPAM problem is with third-party relaying,
and this bug has nothing to do with hindering that. I am more than
willing to be patient with small bugs like this, when the Sendmail
processes on our machines *never* die, and require little to no
intervention from us.
> I left sendmail after going through the long, boring, and frustrating
We have demoed everything from SIMS (Solstice Internet Mail Server) to
Qmail and always end up sticking with Sendmail. When high reliability,
scaleibility and productivity are a requirement, only Sendmail can be
relied upon in our environment. That is not to say that QMAIL, or SIMS,
or any other product is inferior, or not as good as Sendmail. The only
thing that I am saying is dont knock Sendmail, it's a damn good product
that has gotten consistently better.
> cycle of having to upgrade "production" releases of sendmail about
> once per month. Until sendmail 8.8.5 anyone running sendmail and
> thinking their system was secure against attacks was sadly deceived.
And what attacks are you refering to? Synflooding? Third-party
relaying?
> Anyone installing sendmail prior to 8.9.0 who thought they didn't like
> spam is destined to be force fed it sometime soon. There's no reason
We are running Sendmail version 8.8.8 on 6 servers supporting close to
30,000 users and the worst we get is maybe one or two spams from AOL
customers. Your not going to tell me QMAIL is going to stop this, are you?
> that anyone should have to learn about the internet this way, especially
> when better options abound.
Thats the good thing about computers, you can run whatever software you
want. If you think Sendmail is a poor product, you can run Qmail. Just
realize that Sendmail is running on infinitely more hosts than Qmail is,
and there is a reason for that.
> (note: I don't think you've ever used qmail).
We've been done serious research into building one centralized mail
server, and evaluated a lot of packages including Qmail. It just didnt
offer us anything that Sendmail didnt already have, and the senior
engineers felt that Sendmail was an established product, and Qmail
wasnt.
> I don't understand why you're splitting hairs here. I can do anything
> I want to in qmail - and get security that's been unbeaten since it's
> gamma release in mid 1996. There are a great many things that can be
> done in qmail. One of the great things about qmail is that by using
> and setting up the system, you learn more and more about the OS you're
> using, as well as the mailer.
Dont you think it's rather important to KNOW the OS before you setup the
mailer? I mean, come on now, lets be reasonable. Anyway, I dont want to
start a MY MAILER IS BETTER THAN YOUR MAILER thread. I just really get a
little bothered to see people bash software that has been given away for
many many years, and has done a lot of good for the net. I have seen
Qmail, and it has some nice features, but it just doesnt offer anything
that is worth switching for. I wasnt too impressed when the creator of
Qmail pretty much ripped the author of inetd a new asshole saying that
the only reason why he was saying qmail was buggy was because he
"..wanted to promote his own MTA" which was a rather nasty insult to
someone who has given the net a lot of good security software, and a lot
of good papers on Unix and net security in general.
Just wanted to put my $0.02 in and say "Sendmail is easy when you take
the time to read!" and that *no* piece of software is perfect.
-brian
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.rutgers.edu