Anne Wilson: >> A user of another distro has remarked that I should uninstall sendmail. >> <quote> Sendmail simply has too many security issues to leave it on any >> machine. </quote> >> >> Surely a box kept up to date would not have those security issues. Am I >> missing something? John Summerfied: > Only if RH is:-) > > It's still the default MTA installed by Red Hat's installer. Though, by default, it doesn't pay attention to anything other than the local box. So, like most things, I'd say it's the configuration of it that makes it good/bad, not *it* in itself. I think it's probably old news, very old news, as someone else pointed out. Similar comments have been made about postfix, it being unsafe, it being open to all and sundry, etc. Again, I think that was old news. If one was going to open up any sort of SMTP server to the WWW, I'd be researching all the information about how to make it secure. But if it's only for internal mail, or it acts as your mail gateway to send local mail out to the WWW, then you've got far less to worry about. As it comes (with FC4), you've got to fiddle around with your configuration so that you can use it as an SMTP server, at all. > sendmail has an enormous share of the "market" - it can't be _that_ bad. Hmm, shall I resist the urge... No, I won't... ;-) Windows has an enormous share of the market, and it's very bad. Proliferation isn't something I'd use to gauge the goodness of something. :-\ -- Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists.
