> The essential question is: can a user who doesn't know much just set
> up a system with a mailer? My anser is: Not with sendmail. Not
> without being a menace to the rest of the internet community, and not
> unless they have a lot of free time to learn sendmail.
People who aren't willing to learn probably can't set up an email
system withouth being a menace to the rest of the Internet whatever
MTA they use. There are subtle issues that are related to email
itself, not to any particular MTA.
One of the largest groups of `menaces' are the Win95/NT admins who
install cc:Mail (which I'm guessing is more novice-friendly than
sendmail), regardless of the fact that it spams people with bogus
error messages when they post to a mailing list to which one of their
users is subscribed.
Some of them don't even bother to set up a postmaster account, so you
have to find their ISP and complain to them instead.
> > The Sendmail develpment team releases a superior product, and they
> > release it responsibly. Instead of rushing to push 8.9 out the door just
> > to appease the people too impatient to read some documentation on how to
> > add anti-spam rulesets, they put it through thorough beta testing.
> > Remember, Qmail has had its share of vulnerabilities. The only reason
> > why Sendmail has had so many more is because it's been around for so many
> > years.
>
> I don't consider their history to be responsible, and I feel burned by
> sendmail. The "superior" product is (if true) a very recent
> occurance. Your opinion, doesn't at all reflect the reality of this
> january's bug w/ not accurately recording the receiving IP address if
> a buffer of 1k is overflowed in the smtp conversation (essential to
> crack down on spam).
This `bug' has been present for as long as sendmail has existed. How
come it only became a bug in January? Probably because it started to
be exploited. The same scenario applies to just about every other
package in existence. Bugs don't get fixed until they're discovered.
> Nor does it address sendmail's long history of being unreliable and
> buggy.
All software is unreliable and buggy. Any program with a long history
will have a long history of being unreliable and buggy.
> I left sendmail after going through the long, boring, and frustrating
> cycle of having to upgrade "production" releases of sendmail about
> once per month. Until sendmail 8.8.5 anyone running sendmail and
> thinking their system was secure against attacks was sadly deceived.
Anyone who thinks that their system IS secure against attacks IS sadly
deceived. There will be new bug reports about sendmail, and qmail, and
every other networking daemon in existence. I have no doubts about
that.
> Anyone installing sendmail prior to 8.9.0 who thought they didn't like
> spam is destined to be force fed it sometime soon.
Unless they've configured the check_* rulesets, which have been
available for I-don't-know-how-long.
> There's no reason that anyone should have to learn about the
> internet this way, especially when better options abound.
Such as? The sort of people who think that switching to qmail will
provide a panacaea against spam are the sort of people who configure
their relaying permissions using hostnames rather than IP addresses
(can you say `DNS cache poisoning'?).
-- Glynn Clements <glynn@sensei.co.uk> - To unsubscribe from this list: send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.rutgers.edu