[Mimedefang] Another Sendmail security problem: Upgrade to 8.12.9

David F. Skoll dfs at roaringpenguin.com
Sun Mar 30 12:39:01 EST 2003


On Sun, 30 Mar 2003, Dirk Mueller wrote:

> Sorry, but thats utter nonsense. Postfix and Qmail are secure _by_
> _design_,

That is true.

> every little sendmail problem is a root exploit.

That is not true any more, because Sendmail is no longer SUID-root, by
default.

The "only" part of Sendmail that runs as root is the SMTP listener.  Of
course, that's a big chunk of code. :-)

I do not have plans to integrate MIMEDefang with Qmail, because the
licensing terms of Qmail are unacceptable to me.  I took a very quick
look at Postfix, and it looks more promising.  I may investigate it
further, but until/unless someone actually asks for Postfix
integration and puts up funding (or contributes code), it probably
won't get past the thinking stage.

Regards,

David.



More information about the MIMEDefang mailing list