SUMMARY: opinions on SUN's sendmail
2007-12-24 21:00:00
******************************************************
SUN managers,
I need opinions from experienced codeprof on SUN's version of sendmail.
How secure is that for an Internet-facing SMTP application ? Or is it common
opinion that the opensource version of sendmail (sendmail.org) is generally
more secure ? I know that SUN is always a couple of versions behind but is
that necessarily bad ?
Does SUN offer sendmail just as an "also offered" software or are they
serious about supporting it and quickly patching security holes if customers
have a problem ?
*******************************************************
Thanks to all the people who replied. My apologies if i missed someone -
Rainer Heilke
Tim Yocum
David Foster
Tim Chipman
Chris Hoogendyk
Hendrik Visage
Gaziz Nugmanov
Bryce Ryan
Rich Kulawiec
Timothy Lorenc
Steve Hammond
Juri Haberland
Lars Hecking
Gary Losito
Henrik Huhtinen
Sergio Gelato
Davorin Bengez
Andrew Stueve
SUMMARY -
About sendmail - Almost everyone said the same thing.... DO NOT use SUN's sendmail (or any other outdated version for that matter) for an Internet facing SMTP application. In fact i found something on SUN's website echoing the opinion. -
http://www.sun.com/blueprints/0401/security-updt1.pdf
If you have to go with sendmail then the most recent version (which opensource provides) is the best option.
Alternatives to sendmail -
There was an overwhelming number of people who preferred postfix and/or qmail over sendmail for various reasons like security,ease of configuring and maintaining etc. I would definitely look into these options.
Thanks to the list and everyone who took time to reply.
Rahul.
Comments
Got something to say?
You must be logged in to post a comment.
