[luau] sendmail patch

Vince Hoang luau at ml.altern8.net
Sun Sep 21 11:46:00 PDT 2003


On Sun, Sep 21, 2003 at 04:57:11PM -0400, Nicholas E. Walker wrote: 
> It's probably worth noting that exim has a history of buffer
> overflow attacks and/including root vulnerabilities. Some of
> that history is very recent.

Recent? Correct me if I am wrong, but exim seems to have had
a better recent track record than apache, openssh, samba, and
sendmail.

Admittedly, exim's design is monolithic and more likely to have
more security related issues than postfix or qmail.

My biggest concern with qmail is its source-code only format.
Vendors are forbidden to wrap it up in an easy to install
[binary] package. Value-added features exist as patches that
do not come with a security guarantee by djb.

In a community where most people avoid vim and prefer webmin, it
is easier to digest exim, with a decent track record, than qmail,
with a flawless track record, as a sendmail replacement.

But we do agree sendmail needs to go away. :)

-Vince



More information about the LUAU mailing list