If you ask me those "My god Sendmail is insecure!" kind of narrow minded statements is somewhat outdated. If you know a little more about sendmail and if you watch the process of sendmail the few past years there hasnt been much security vulnerabilities found in the package. And you always need to run the latest versions of a daemon anyway.
Sendmails newest version 8.12.x improved a lot in terms of security. Sendmail doesnt have to run as root anymore and etc etc. Also a lot of people blaim sendmail for intrusions but if you look further on the system most of the times its the user / administrator that configured sendmail to a insecure setup. Thats why there is an option in sendmail called: DontBlaimSendmail which actually means that if you set this option you cant blaim sendmail for the compromise of your system. Now to the fun part... Where do you base you knowledge on why OpenBSD, which is a default secure OS, cant run sendmail ? Have you tested sendmail yourself on security vulnerabilities ? Have you looked at the source code ? Or do you just base your opinion on the security books you are reading? Most of these books base there theory on old sendmail versions. And not the latest new onces. At least in OpenBSD 3.x they run Sendmail 8.12.x. Which is IMO the best and secure version of sendmail you can run at the moment. Just my 2 (euro) cents Brenno > -----Original Message----- > From: Terry Dunlap [SMTP:[EMAIL PROTECTED]] > Sent: dinsdag 14 mei 2002 17:35 > To: [EMAIL PROTECTED] > Subject: Sendmail > > Have you ever noticed that OpenBSD and FreeBSD install Sendmail as part > of their default installs? I just installed OpenBSD 2.9 today on a test > box (I know there are new versions). I was shocked to find Sendmail > running on this OS which claims to offer a "secure" default install. > > Granted, I checked the OpenBSD site regarding their implementation of > Sendmail, and they have made some security changes to it. However, given > its track record, why is Sendmail a part of the default installs on > these *BSD flavors? Why is it part of ANY default install??? > -- > Terry Dunlap, MCSE > Network Security > > Western Kentucky University > 1 Big Red Way, WAB 313 > Bowling Green, KY 42101 > 270.745.6909 > > rm -f /usr/bin/laden
