Today Timothy Murphy did spake thusly:
Rahul Sundaram wrote:
It is trivially easy to uncomment a line
and configure sendmail to connect to external ports.
Sorry, Rahul, I have to disagree with you there.
It is not trivially easy for normal human beings
to change anything in sendmail.
I managed, and I'm normal.
How many windows boxes are currently sending mail quite happily to you as
spam? And you think sendmail should be allowed to do the same?
People who can't work a computer shouldn't be allowed to work one. People
who can't work Linux shouldn't be allowed to use it. Just like people who
don't know how to drive a car shouldn't be allowed to use one. Not until
they've been taught, right?
But this is the real world, innit?
Sendmail has been exploited in the past. It's quite well known for having
been exploited lots in the past. And it's not just a user's machine that
gets compromised, it causes huge problems when a MTA is compromised and
used as an open relay for instance. So no, in my humble opinion, as a
fedora user, I'd say yes, I prefer that it's not running on external ports
by default. Because if an exploit is discovered then the people actually
running sendmail externally will be aware that they are and can fix/patch
it.
Remember the problems with RPC and windows being exploited? And the ones
with remote P&P and the remote registry hacks? All services running on
windows boxes that were unknown to the average user...
--
Scott van Looy - email:me@xxxxxxxxxxxxxx | web:www.ethosuk.org.uk
site:www.freakcity.net - the in place for outcasts since 2003
PGP Fingerprint: 7180 5543 C6C4 747B 7E74 802C 7CF9 E526 44D9 D4A7
-------------------------------------------
|/// /// /// /// WIDE LOAD /// /// /// ///|
-------------------------------------------
Any circuit design must contain at least one part which is obsolete, two parts
which are unobtainable, and three parts which are still under development.
