[luau] sendmail patch
Keith
krjw at optonline.net
Mon Sep 22 06:21:01 PDT 2003
* Nicholas E. Walker <new at gnu.org> [21/09/2003 1657EDT]:
> It's probably worth noting that exim has a history of buffer overflow
> attacks and/including root vulnerabilities. Some of that history is
> very recent.
>
> Postfix sounds like a reasonable alternative to qmail, though I've not
> tried it and cannot recommend it. I would recommend going with qmail,
> as it is very easy to install, configure, etc. The qmail author is
> against parsing (as he says it is an open invitation to security
> holes), so he puts each config option in a separate file. I like
> that. If you're using a modern filesystem such as XFS, you don't need
> to worry about running out of inodes.
http://cr.yp.to/qmail/guarantee.html
At the very least, that entire page is worth reading by anyone who has
any desire to run secure, reliable (even over NFS, ala LTSP), and fast mail
exchangers:
"In March 1997, I offered $500 to the first person to publish a
verifiable security hole in the latest version of qmail: for example, a
way for a user to exploit qmail to take over another account.
My offer still stands. Nobody has found any security holes in qmail."
If more folks were as commonsensical a programmer as DJB the Internet would be
a much safer place.
Regards,
krjw.
--
Keith R. John Warno [k r j w at optonline dot net]
More information about the LUAU
mailing list