Removing Sendmail

[Terry Lambert]

Dan Naumov wrote:
> Terry Lambert wrote:
> > Because syslog is unreliable.  See "BUGS" section of the man page.
> 
> Don't you think that if syslog is unreliable, then it should be fixed ?

Sure.  You should definitely fix it; you'll need to figure out
a way to know whether we've run out of mbufs, or can't connect
to the syslogd over TCP, or are experiencing a denial of service
attack, etc..


> If things are as you say, we have 2 problems: Sendmail gettings CERTs
> every other day and an unreliable system logger. Would you rather just
> let things be as they are ?

If you insist on painting this bikeshed...

Put any other mail server out there in place of Sendmail, and
all you will accomplish is a different set of CERTs.  Sendmail
gets a bad rap because of the amount of attention that's being
focussed on it.  Any time there's an SSL vulnerability, for
example OpenPKG-SA-2002.008, Postfix and everyone else who
supports StartTLS gets hit, too.

The system logger is unreliable because the transport mechanism
has too many causal links where it can be attacked.

I am always suspicious of people who want to replace the
default MTA/MSA code, and aren't willing to do the actual work
in making it possible to plug a different one in place of their
own favorite: it's too much like advocacy of their favorite
MTA/MSA code, if they aren't willing to make it possible for
people who don't like *their* MTA/MSA to use a different one.

-- Terry