Rejecting some recipients after DATA?

Earl A. Killian earl@killian.com
Sat Apr 20 23:08:36 UTC 2002


Vernon Schryver writes:
 > Date: Sat, 20 Apr 2002 16:43:56 -0600 (MDT)
 > From: Vernon Schryver <vjs@calcite.rhyolite.com>
 > 
 > Since you guys keep saying that, I can't keep quiet.  It strikes me
 > as foolish to rely on code that has been around fewer decades than
 > sendmail and reviewed for security problems by far fewer people. 
 > At best you can hope to escape attack for the same reason the commercial
 > port of sendmail I was responsible for didn't notice the Morris Worm
 > despite my leaving debugging turned on.  That was because mine wasn't
 > for the most or second most common platform on the net.  Except for
 > that "minority defense," all of the security advantages over sendmail
 > that I've heard of for smtpd and all of the other alternatives are
 > somewhere between uninformed optimism and snake oil.  Call me experienced
 > or cynical as you please, but someone saying "it's [more] secure" only
 > makes me grumble "oh yeah? prove it."

Three things immediately come to mind:
(1) smtpd runs out of the box chroot'd, which is tricky to do with
    sendmail.
(2) smtpd runs out of the box with non-root uid/gid
(3) smtpd's code is 21x smaller than sendmail's, and so a lot easier
    to inspect for security holes.
I think the onus is on sendmail to prove it is secure.  I notice
frequent security fixes to it, whereas smtpd hasn't seen a new release
or a CERT advisory in my memory.



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.