On Fri, Jun 11, 2004 at 01:08:38PM EDT, Spiro Trikaliotis wrote: > * On Fri, Jun 11, 2004 at 09:32:59AM -0400 Mark Frank wrote: > > * On Fri, Jun 11, 2004 at 10:38:42AM +0200 Spiro Trikaliotis wrote: > > > This and the "great" history of sendmail vulnerabilities are the > > > reasons why I don't like sendmail. > > > > I hope you don't use OpenSSH either since it has a history of > > vulnerabilities. Yes, I know they've been fixed but so has > > sendmail's. > > Well, I think there is a big difference. Any piece of software has bugs > and vulnerabilities. I'm very aware of this. Nevertheless, if a piece of > software is vulnerable because of its cryptic configuration, then this > is a big problem IMHO. I don't want a GUI - I don't need it most of the > time - but I want a half-way understandable config file, which can be > edited even without going through handbooks and getting bored reading > over and over (and not understanding). I think this is the thing that > makes exim and postfix so popular, but not sendmail. Hey, you must admit that a manual gearbox requires a lot more "reading up" than an automatic if you want to be able to use it properly, and more advanced stuff like clutch braking and heal-toe downshifts take a lot more study and practice. That doesn't in any way, shape, or form, change the fact that a manual gearbox is a _lot_ more capable than an automatic. I think it's important to look at the sheer power that sendmail puts in your hands without ever editing a single line of sendmail source code. You can totally change almost everything from the address syntax all the way to the basic transport operation - all without touching the source code. If you ask me, that's rather remarkable. You've also got a rather powerful regex engine that you can use to your heart's content, not to mention that you can call external stuff if you prefer, or you can mix and match. I like sendmail because, quite simply, it's the _only_ MTA that gives me this kind of power. > I hope I made my point much more clearer. OpenSSH is much easier to > maintain than sendmail, isn't it? of course ... but OpenSSH isn't half as configurable ;-P > > Actually, a good question for the original poster is why not use the > > non-blacklisted smart host all the time? > > That's a thing I cannot understand either. Well, if you want to encourage sites to stop blocking dial-up IPs, preferring not to relay allows you to count for the "good" statistics as often as possible. My ISP has simply disabled port 25 access to outside our network, but that's also easy to get around by opening a port, say, 5225, on an outside host :-) Seriously, though, it's a matter of social engineering: if you want to take ISP's efforts to undermine user freedom lying down (or if you believe they're doing a Good Thing (TM) for whatever reason), by all means simply switch to your ISP's server. If you prefer to make a stand, though, powerful MTAs like sendmail are your friends. (Outwitting a clever sendmail.cf is not an easy task for an entire ISP sysadmin group.) - Dave -- Uncle Cosmo, why do they call this a word processor? It's simple, Skyler. You've seen what food processors do to food, right? Please visit this link: http://rotter.net/israel
Attachment:
pgpXOxvSPJW95.pgp
Description: PGP signature