mrbiafra> Remember, Qmail has had its share of vulnerabilities.
Since release 1.0 well over a year ago, Qmail's author
(D.J. Bernstein) has offered a $1000 prize for *any* security
vulnerability. Thus far, the prize remains unclaimed.
If you are referring to Wietse Venema's denial-of-service "exploit",
Bernstein has quite a bit to say about that:
http://pobox.com/~djb/qmail/venema.html
Granted, his manner is a little... brusque, perhaps? But as far as I
can tell, he is almost always right.
mrbiafra> The only reason why Sendmail has had so many more is
mrbiafra> because it's been around for so many years.
No, it is because sendmail's architecture is fundamentally broken.
Don't believe me? Try having this discussion on comp.mail.sendmail
and see what kind of responses you get.
For a quick summary of the issues involved with qmail and sendmail,
use dejanews to read the thread "A tribute to Eric Allman's
programming skill" in comp.mail.sendmail. I think it is fair to say
that 1) Dan Bernstein has a bad attitude; and 2) qmail is faster,
(almost certainly) more reliable, and (almost certainly) more secure
than sendmail.
- Pat
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.rutgers.edu