Bob Beck wrote:
| > I'd like to add to this question... I understood that sendmail 8.8.4
| > doesn't have the holes that necessitated smap for earlier versions. Is this
| > true? If not, why not?
| No. MTA's (like sendmail, etc) are designed with the first
| priority to make mail work well. They don't ignore security issues,
| but the first priority is that mail works. They are also constantly
| adding features that may bring in other problems. For example, do a
| diff --recursive on (take your pick) sendmail or any other MTA (like
| qmail's) source tree from the current version to the version from 1 or
Qmail was designed with security as an absolute requirement,
and I think it does a good job of it. Dan Bernstein (the author)
routinely refuses to add new features that can be done by external
scripts on the grounds that they're creaping featuritis, and threaten
the security of the system.
"It is seldom that liberty of any kind is lost all at once."