Greg Owen {gowen} <[EMAIL PROTECTED]> wrote:
>
>On Tue, 13 Apr 1999, Marlon Anthony Abao wrote:
>> could anyone give me their reasons why they switched to qmail
>> from sendmail or any other mail server? anything convincing enough
>> for most of you would most likely be convincing for most other ppl not
>> in the know :)
>
> One word: security.
>
> When I was tasked with building mail relays for our new internet
>connection, I wanted a program I wouldn't need to upgrade every month as a
>new security exploit was found. That rules out sendmail.
I couldn't agree more. That's why I switched to qmail. However, that
one word reason is unlikely to convince sendmail fans, who will
immediately counter that sendmail hasn't had a serious security
problem in months/years. You should be prepared to argue that that
doesn't mean sendmail is secure. I use the line "I'm not dead, but
that doesn't mean I'm immortal" to point out the fallacy of assuming
sendmail is secure (immortal) because it's not currently exploitable
(dead). Of course, the same can be said of qmail, so explain how qmail
was designed for security: the modularity, the mutually untrusting
components, etc., whereas sendmail was designed back when everyone on
the net knew everyone else, and everyone was well behaved and it has
an inherently insecure design.
-Dave
