Mikkel L. Ellertson wrote:
The way to get security is to make the system consistent and easily
understandable. If users need to hand-edit complex config files for
common operations you haven't accomplished that. How, for example,
would you advise a user to check for whether sendmail was active on the
network or not, and how to change it? Why should this differ from what
you'd say about dovecot? If every program is a special case, few people
are going to understand the system well enough to keep it secure.
So you are saying that configuring Sendmail is too complicated for
the average user.
As is the kernel, as is ssh, as is just about every other program that
comes with a disto-provided config file. There is nothing special about
sendmail in that regard.
A good reason not to use Sendmail as the default
mail program.
No, like all of the other complicated services, it just needs a working
configuration supplied so each user doesn't have to roll his own.
Postfix might be a better choice. Configuring it is
more like configuring most other services.
When it works with MimeDefang, I might agree. Until then it is not a
substitute.
> Configuring Sendmail is
more like programming then configuring a service. Changing this wold
requiring rewriting Sendmail.
All programs are like programming... The difference is that with most of
the others, the distribution provides something that works so you don't
have to rewrite the programming yourself. The fact that sendmail's
macro language permits you to add unique operations is a feature, but
unless you need something unique (rare in a service with a standard
specification...) you shouldn't have to modify anything at that level.
--
Les Mikesell
lesmikesell@xxxxxxxxx