Ryan Russell/SYBASE wrote:
| How about if someone hacks port 25 via
| one of the seemingly endless mail bugs (are
| you using sendmail?) so that they now have
| control of a machine on your internal net?
|
| FWIW, I don't know of a good solution to this,
| short of being religious about keeping your
| mail demon updated and secure. Even if you
| have a mail server on the outside or on a DMZ
| which forwards to a mail server on the inside,
| it's just another hop. I suppose that would make
| it somewhat more difficult.
qmail.
www.qmail.org
Adam
quick comparison chart:
qmail sendmail
----- --------
210k tar.gz 900k tar.gz
many small binaries one huge binary
one setuid (qmail) one (root) setuid program
designed for security designed to handle complex mail,
like uucp/smtp/chaos
must be artificially oh-so-quick that it has its own rate
slowed to avoid maiming limiting program so it doesn't bring
sendmail itself to its knees
many small confusing one famously painful config file
config files
release of the month club bug of the month club
(soon to hit v1.0)
(no security holes)
possible hubris known bad value causes proper paranoia
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
Follow-Ups:
References:
|
|
