Firewalls: Re: smap vs. smtpd

Firewalls
(January 1997)

Indexed By Thread: [Previous] [Next]

Subject:	Re: smap vs. smtpd
From:	Vikram Venkatasubramanian <c698317 @ showme . missouri . edu>
Date:	Fri, 24 Jan 1997 15:43:18 -0600 (CST)
To:	Bob Beck <beck @ obtuse . com>
Cc:	Mike Bernhardt <mike @ ptes . com>, firewalls @ GreatCircle . COM
In-reply-to:	<199701231821 . LAA00478 @ snouts . obtuse . com>

Who are you and why are you all sendng me these messages? Pls remove my
address form your mailing lists.
Vikram


--------------------------------------------------------------------------------
Vikram Venkatasubramanian
#118, 11 North College Avenue,
Columbia, Missouri 65201
Ph:(573)-443-3091
email:c698317 @
 showme .
 missouri .
 edu
-------------------------------------------------------------------------------

It is easier to change the specification to fit the program than vice
versa.

On Thu, 23 Jan 1997, Bob Beck wrote:

> > 
> > At 7:38 AM 1/22/97, Samuel D. Jones wrote:
> > >Can anyone enlighten me on the differences between
> > >smap/smapd and smtpd/smtpfwdd?  Which is more secure?
> > >
> > I'd like to add to this question... I understood that sendmail 8.8.4
> > doesn't have the holes that necessitated smap for earlier versions. Is this
> > true? If not, why not?
> > 
> 	No. MTA's (like sendmail, etc) are designed with the first
> priority to make mail work well. They don't ignore security issues,
> but the first priority is that mail works. They are also constantly
> adding features that may bring in other problems.  For example, do a
> diff --recursive on (take your pick) sendmail or any other MTA (like
> qmail's) source tree from the current version to the version from 1 or
> two years ago (which is still likely newer than anything you run from
> a vendor unless you're running bleeding edge linux or *BSD
> distributions).  Examine the diffs and tell me if any bugs were or
> were not introduced in the new code. I bet the diffs themselves are
> longer than the entire code for smtpd or smap.
> 
> 	The point of smtpd or smap is not to eliminate mail problems.
> quite frankly as long as users can be clueless and gullible (most of
> us are) you can't. The point is to run something simple, reviewable,
> paranoid, that adheres strictly to the protocol and knows about
> most of the *common* attack avenues against daemons (sendmail or
> otherwise).
> 
> 	It's like a condom. It doesn't eliminate the need to use your
> head. It doesn't eliminate the need to take reasonable precautions. 
> It does reduce the risk.
> 
> 	-Bob
> 
>  
> 
> 
> 	
> 
> 	
> 
> 
>

References:

Re: smap vs. smtpd
From: Bob Beck <beck @ obtuse . com>

Indexed By Date	Previous:	site scanning From: "Stanley Oh" <soh @ insas . po . my>
Indexed By Date	Next:	Re: smap vs. smtpd From: Carl Karlsson <ckn @ findata . se>
Indexed By Thread	Previous:	Re: smap vs. smtpd From: Adam Shostack <adam @ homeport . org>
Indexed By Thread	Next:	Re: smap vs. smtpd From: Sriram G <sriram @ alpha2 . iimb . ernet . in>