Re: recommendations on mail user agent?

Fri, 12 Feb 1999 10:03:38 -0500 

On Thu, 11 Feb 1999, Mitchell Gil Maltenfort wrote:
> I've been reviewing security alerts (re: other post on virus questions) and
> I'm a little irked at how vulnerable pine (which I've used and like) and
> sendmail seem to be.

        Anything, if it's not well configured can become a security hole.
At least this is in the *nix world.  (windoze it's a security hole itself)
 
> Qmail looks like a satisfactory replacement for sendmail, but I'm not able
> to figure out what's a good mail user agent, or a good configuration for it.

        qmail is smaller than send mail.  This means it has less features
as well.  And it's newer.  So it's easier to set up.  The conclusion:
qmail can be better if you run a workstation.  Else stick with sendmail.
Some say qmail has less bugs.  But sendmail is older so there was more
time to point/fix bugs.  Anyway, this thread can lead to fights, because
in the end it's a matter of taste.  I use sendmail although I have limited
resources and I run only a workstation.  I made it work.  I'm aware that
some fine tunning can be done.  But so far it does it job.

> I don't care about HTML compatibility.  I just want to send and receive is
> text and the occasional file attachment.  I also want the option to see a
> list of all attachments with the option to save or toss (which is what keeps
> Happy99.exe off my Win partition). 

        Well... pine does that well.  And it just views the content of the
attachment - it doesn't run anything.
 
> I've reviewed the HOWTOs and the security notice on pine and I still can't
> sort out how to turn off MIME and whether doing that would be a bad thing.

        In windoze you have to turn off that feture because some readers
(ex outlook) have the bad habit of opening files without warning.  This
makes you vulnerable to most macro viruses.
        I read about a problem in pine which can let somebody run an
arbitrary command.  But that is not so dangerous in Linux because is one
basic rule which says mail is done from a regular user account.  And there
is a patch as well.  I never tested this BTW.
 
> So that familiar sloshing sound is me once again floundering.
> Clarifications, please?

        Pine and sendmail should be OK.
 
        Raider
--
                ``Liberate tu-temet ex inferis''

Reply via email to