Sendmail still default?

James Antill james.antill at redhat.com
Sun Oct 19 03:58:42 UTC 2008 

On Sat, 2008-10-18 at 13:34 -0500, Les Mikesell wrote:

> Sendmail was a poor default back when it always ran everything as root 
> and accepted and delivered in the same process.  Maybe you didn't notice 
> that has changed or the enforced separation of the queuing and delivery 
> steps.

 There is a significant difference between dropping privileges from one
giant piece of code, and having exec boundaries that do separate tasks.
Without arguing the more nuanced differences, one obvious and simple
(and beneficial) difference is that SELinux can easily confine into
separate domains on exec boundaries. Which is why everything is lumped
into one sendmail_t, while postfix has a number of separate domains.

> > As an engineer who likes neat technical stuff and contributes to Fedora
> > because it tends to produce neat technical stuff it makes me cringe each
> > time I'm reminded we ship sendmail instead of something properly
> > designed for an untrusted TCP/IP network world.
> 
> Ummm, when was the last time you saw a network exploit for sendmail?

 There has been at least one remote buffer overflow in sendmail since
postfix went 1.0.

> > You may extend years of hole-fixing and patch a sieve enough it sort of
> > floats but it's still a poor excuse of a boat. Even if passengers only
> > see the "it floats" bit.
> 
> You seem to have missed the sea change.

 Probably, because most of us were already using something better before
sendmail decided to do the minimum of fixes to it's code base.

>   And the capabilities added by 
> the milter interface that it took the other contenders many years to 
> duplicate properly.

 Yes, sendmail has always had "more features" in that it was the first
MTA to have a turing complete language embedded within it (and an awful
one at that).
 But other MTAs have had the features everyone needs for a long time
now, and postfix has been a better default for more than long enough for
us to change it.


 I'd also like to say that personally I still use exim, and I'm likely
to continue to do so ... but I'm more than happy to see postfix as the
default, because it's probably a better default than exim and an
obviously better one than the current default.

-- 
James Antill <james.antill at redhat.com>
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20081018/61318395/attachment.sig>

More information about the fedora-devel-list mailing list