[luau] sendmail patch

Keith krjw at optonline.net
Mon Sep 22 06:21:01 PDT 2003


* Nicholas E. Walker <new at gnu.org> [21/09/2003 1657EDT]:
> It's probably worth noting that exim has a history of buffer overflow
> attacks and/including root vulnerabilities.  Some of that history is
> very recent.
> 
> Postfix sounds like a reasonable alternative to qmail, though I've not
> tried it and cannot recommend it.  I would recommend going with qmail,
> as it is very easy to install, configure, etc.  The qmail author is
> against parsing (as he says it is an open invitation to security
> holes), so he puts each config option in a separate file.  I like
> that.  If you're using a modern filesystem such as XFS, you don't need
> to worry about running out of inodes.

http://cr.yp.to/qmail/guarantee.html

At the very least, that entire page is worth reading by anyone who has
any desire to run secure, reliable (even over NFS, ala LTSP), and fast mail
exchangers:

    "In March 1997, I offered $500 to the first person to publish a
    verifiable security hole in the latest version of qmail: for example, a
    way for a user to exploit qmail to take over another account.

    My offer still stands. Nobody has found any security holes in qmail."

If more folks were as commonsensical a programmer as DJB the Internet would be
a much safer place.

Regards,
krjw.
-- 
Keith R. John Warno                  [k r j w  at  optonline dot net]



More information about the LUAU mailing list