OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: Security on Sendmail vs Qmail
From: blind (blindPACKET-KIDS.COM)
Date: Sat Sep 02 2000 - 07:08:56 CDT

Sendmail is a suid program, and mostly only vulnerable to local exploits
only.
That is, one would need shell access to exploit it.
Qmail, on the other hand, was written with security and simplicity in
mind.
Qmail also has may great features that are easy to implement.
Sorry if this isn't too technical, but I would suggest Qmail.

Luis Gonzaga wrote:
>
> Hello all,
>
> I'm relative new to Linux world (I came from NT... ), so there's some
> things, maybe extremely easy that I'm missing. One of that things is
> security on mail systems.
>
> I think that one of the most popular linux mail packages is Sendmail. But I
> heard that sendmail is not completely secure, may be due to some buffer
> overflows... I'm not sure. Someone told me Qmail is much more secure,
> compared to Sendmail. Honest, I've no idea ;-)
>
> I take a look at one book which I found to be very good "Securing &
> Optimizing Linux: Red Hat Edition" at http://www.openna.com/books/book.php
> and they write about Sendmail, so I think I can deduce that Sendmail is
> secure enough.
>
> Question: I don't what to now which is the best mail software, or if
> Sendmail is best or worst than Qmail. The only thing I would like to hear
> from you is which package has security enough to be installed in a company
> that don't want to have the email hacked?
>
> Many thanks,
> Luis Gonzaga 

--
BLiNDpacket-kids.com
www.packet-kids.com