<<< Date Index >>>     <<< Thread Index >>>

[OT] Sendmail vs. Exim, and SMTP Advice (was: Re: selective smart host/sendmail choice)



> Hello David,

Hey, Spiro :-)

On Fri, Jun 11, 2004 at 04:38:42AM EDT, Spiro Trikaliotis wrote:
> * On Fri, Jun 11, 2004 at 04:08:07AM -0400 David Yitzchak Cohen wrote:
> > On Thu, Jun 10, 2004 at 03:02:13AM EDT, Spiro Trikaliotis wrote:

> > However, another good rule of thumb is that anything you can do with
> > another MTA after reading 2 pages of documentation, you'll have to
> > read 200 before being able to do with sendmail.  It's one of the
> > reasons why I love sendmail 8-)
> 
> This and the "great" history of sendmail vulnerabilities are the reasons
> why I don't like sendmail.

Yup, nobody ever said sendmail was the ideal MTA to run in a top security
environment, nor the ideal one to trust with your root account even
in your own home or office.  Many of the "security" problems found in
sendmail are actually configuration bugs (sometimes in the stock configs
shipped in the package), though, which just goes to illustrate what I
noted above.  (Obviously, even the sendmail people don't always read
all 200 pages before deciding "Hey, this is easy!" and make a bubu.)

> > If I were going to do that, my approach would probably be to define
> > two mailers, the smtp mailer, and the relay-to-smarthost mailer.  I'd
> > then tell sendmail to try smtp first for any given message, and
> > failing that (4xx error code) to fallback to the smarthost relay.
> > ("Can your exim do THAT?" ... hehe. . .)
> 
> This question came up more than once. I don't know if exim can handle
> it. In fact, I don't mind. IMHO, this precedure does not make sense.
> Especially as more and more, mail addresses which have a domain, but are
> sent in from another host, are take as one big hint for SPAM, this is
> not a good approach. I don't like my mails to be silently discarded just
> because I have not send them via the official mailer.

If somebody silently discards emails, he's setting himself up for
potential problems, now that email is legally recognized as the primary
(and sometimes sole) communication medium in many contracts.  If you want
to flag a message as suspected SPAM because it came from the wrong place,
that's fine.  (It's worth noting, though, that a huge percentage of the
non-junk mail sent today doesn't come from a host under the domain of
the sender.)  However, silently discarding anything that you're not 100%
sure is SPAM is a stupid idea, since not only are you losing real mail
(which you've legally received - it's like getting a piece of registered
mail, and just throwing it out after signing on the dotted line), but
you're not even letting the real mailer know that you just threw his
mail on the floor.  I _never_ claim to receive something and then throw
it on the floor; the most I do is temporarily block the sending IP.

 - Dave

-- 
Uncle Cosmo, why do they call this a word processor?
It's simple, Skyler.  You've seen what food processors do to food, right?

Please visit this link:
http://rotter.net/israel

Attachment: pgpL6TW0yXwcr.pgp
Description: PGP signature