Firewalls: Re: smap vs. smtpd

Firewalls
(January 1997)

Indexed By Thread: [Previous] [Next]

Subject:	Re: smap vs. smtpd
From:	Adam Shostack <adam @ homeport . org>
Date:	Thu, 23 Jan 1997 21:12:02 -0500 (EST)
To:	beck @ obtuse . com (Bob Beck)
Cc:	mike @ ptes . com, firewalls @ GreatCircle . COM
In-reply-to:	<199701231821 . LAA00478 @ snouts . obtuse . com> from Bob Beck at "Jan 23, 97 11:21:09 am"

Bob Beck wrote:
| > I'd like to add to this question... I understood that sendmail 8.8.4
| > doesn't have the holes that necessitated smap for earlier versions. Is this
| > true? If not, why not?

| 	No. MTA's (like sendmail, etc) are designed with the first
| priority to make mail work well. They don't ignore security issues,
| but the first priority is that mail works. They are also constantly
| adding features that may bring in other problems.  For example, do a
| diff --recursive on (take your pick) sendmail or any other MTA (like
| qmail's) source tree from the current version to the version from 1 or

	Qmail was designed with security as an absolute requirement,
and I think it does a good job of it.  Dan Bernstein (the author)
routinely refuses to add new features that can be done by external
scripts on the grounds that they're creaping featuritis, and threaten
the security of the system.

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume

Follow-Ups:

Re: smap vs. smtpd
From: Joao Brazao Ferreira <jbf @ tech . telepac . pt>

References:

Re: smap vs. smtpd
From: Bob Beck <beck @ obtuse . com>

Indexed By Date	Previous:	Re: NT 4.0 Bug FIX From: Todd Graham Lewis <lists @ reflections . mindspring . com>
Indexed By Date	Next:	RE: Journalism and security. From: Sam Chepkevich <samc @ aloha . net>
Indexed By Thread	Previous:	Re: smap vs. smtpd From: Bob Beck <beck @ obtuse . com>
Indexed By Thread	Next:	Re: smap vs. smtpd From: Joao Brazao Ferreira <jbf @ tech . telepac . pt>