On Sun, 2006-01-22 at 21:45, Donald Arseneau wrote: > > A user of another distro has remarked that I should uninstall sendmail. > > <quote> Sendmail simply has too many security issues to leave it on any > > machine. </quote> > > > > Surely a box kept up to date would not have those security issues. Am I > > missing something? > > I can agree with the sentiment, but it is not a case of unpatched security > holes. Sendmail is just too difficult to configure for it to be used on > an average user's computer. It isn't a security hole just being there, > the way it is configured by default (nowadays), but if the user wants > to enable more, it is easy to accidentally make a spam remailer. The complexity is more than offset by the available expertise, though. Everything a normal user might want to do is a just a few lines of change in the .mc file that someone on the mail list will suggest. The next step beyond that is to add a milter handler like MimeDefang to get control that is fairly difficult to duplicate with any of the other mailers. And if you want to do something no one else has considered you can still do it at the sendmail.cf level. -- Les Mikesell lesmikesell@xxxxxxxxx
