Fedora Core 2 wishlists
Xose Vazquez Perez
xose at wanadoo.es
Tue Dec 9 20:31:54 UTC 2003
Michael K. Johnson wrote:
> Well, sendmail has not been so particularly bad in terms of security,
> and it's a lot easier to configure now with m4 -- speaking as someone
> who has written .cf files by hand from scratch.
> Security-wise, it really hasn't done particularly worse than most daemons
> in the recent past.
Sorry, but sendmail still gets security bugs:
"Sendmail 8.12.10 is available; it contains a fix for a critical security
problem discovered by Michal Zalewski. Sendmail urges all users to upgrade
to sendmail 8.12.10. Note: this is a different problem than earlier problems.
If you cannot upgrade to 8.12.10, then you must apply a patch. This patch is
valid for all supported sendmail versions before 8.12.10.
For those not running the open source version, check with your vendor for a
patch. If you use the commercial version from Sendmail, Inc. then please see
the download page."
"sendmail 8.12.10 is available (2003-09-17). Unfortunately we were forced to
release this version early without having a chance to coordinate with vendors
that distribute sendmail."
Sendmail 8 should die, it's big ugly old.
They are *rewriting* it: http://www.sendmail.org/~ca/email/sm-9-rfh.html
ZMailer, Postfix ... are _much better_ than the dinosaur.
More information about the devel