Sendmail and security

Tim ignored_mailbox at
Sun Jan 22 14:49:04 UTC 2006

Anne Wilson:
>> A user of another distro has remarked that I should uninstall sendmail.  
>> <quote> Sendmail simply has too many security issues to leave it on any 
>> machine. </quote>
>> Surely a box kept up to date would not have those security issues.  Am I 
>> missing something?

John Summerfied:
> Only if RH is:-)
> It's still the default MTA installed by Red Hat's installer.

Though, by default, it doesn't pay attention to anything other than the
local box.  So, like most things, I'd say it's the configuration of it
that makes it good/bad, not *it* in itself.

I think it's probably old news, very old news, as someone else pointed
out.  Similar comments have been made about postfix, it being unsafe, it
being open to all and sundry, etc.  Again, I think that was old news.

If one was going to open up any sort of SMTP server to the WWW, I'd be
researching all the information about how to make it secure.  But if
it's only for internal mail, or it acts as your mail gateway to send
local mail out to the WWW, then you've got far less to worry about.

As it comes (with FC4), you've got to fiddle around with your
configuration so that you can use it as an SMTP server, at all.

> sendmail has an enormous share of the "market" - it can't be _that_ bad.

Hmm, shall I resist the urge...  No, I won't...  ;-)  Windows has an
enormous share of the market, and it's very bad.  Proliferation isn't
something I'd use to gauge the goodness of something.  :-\

Don't send private replies to my address, the mailbox is ignored.
I read messages from the public lists.

More information about the users mailing list