[ale] SMTP Servers

Jonathan Rickman jonathan at xcorps.net
Tue Dec 31 19:16:48 EST 2002


On Tue, 31 Dec 2002, Matty wrote:

> Greg wrote:
> > If it is a relatively simple deal, OpenBSD's code audited and stable version
> > of Sendmail might be ok, otherwise I am w/ John - Qmail or Postfix
>
> I am not so sure I trust their auditing practices. They audited SSH, and
> look what happened ;) I prefer postfix myself.

There's a little more to it than that. All the code audits in the world
can't stop someone from compromising the server the package is hosted on
and replacing it with another. Now, let's be clear on one thing, the
server that was compromised was not running OpenBSD. I'm not saying the
guys working on the OpenBSD project are perfect, but they do a pretty damn
good job of making sure their code is tight. That being said, plain old
sendmail works just fine. You just have to work a little harder at it.

--
Jonathan Rickman
X Corps Security
http://www.xcorps.net


_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale






More information about the Ale mailing list