|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: David Ford (dford
erisksecurity.com)Date: Wed Sep 26 2001 - 17:38:46 CDT
Mogens Valentin wrote:
>Thiago Conde Figueiro wrote:
>
>>Why not stop using sendmail altogether? Sendmail has a long, sad history
>>of exploits. Ever after I found out about Postfix (a secure replacement
>>for sendmail) my worries with smtp have dropped to almost zero.
>>
>Sure, but all it takes to make sendmail resonably secure is update to
>latest version and do somthing like:
>
Sendmail has had a very good recent reputation and out of the box
sendmail is a trusted MTA. Look carefully at the recent sendmail
advisories.
The moral of the story here isn't whether you're running postfix, exim,
qmail or sendmail. It's whether you're using an updated product.
Bugs are found and fixed. New methods of attack are discovered and more
bugs are found and fixed. Whether it is a denial of service or exploit,
it is still a problem and must be addressed.
The proper answer irrespective of the package in question is to keep
things updated.
David
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]