#1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2000
    Location
    Ontario, Canada
    Posts
    498
    Rep Power
    18

    secure alternative to sendmail


    What's the best alternative to the sendmail program? Some guy managed to hack his way onto my webserver through it, and I don't wanna have my clients emailless. Any suggestions?
    To alcohol! The cause of, and solution to, all of life's problems. -- Homer Simpson
  2. #2
  3. Modding: Oracle MsSQL Firebird
    Devshed Supreme Being (6500+ posts)

    Join Date
    Jun 2001
    Location
    Outside US
    Posts
    8,527
    Rep Power
    539
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2000
    Location
    Ontario, Canada
    Posts
    498
    Rep Power
    18
    Yeah, but is it secure? I'm going on a bit of a bender right now since I don't want anyone hacking onto my server...
    To alcohol! The cause of, and solution to, all of life's problems. -- Homer Simpson
  6. #4
  7. Modding: Oracle MsSQL Firebird
    Devshed Supreme Being (6500+ posts)

    Join Date
    Jun 2001
    Location
    Outside US
    Posts
    8,527
    Rep Power
    539
    Yes it is secure (see www.qmail.org) but, yust as any other program, you have to apply patches immediately after they are released!
    Look also for a secure ftp server like pureftpd, always use ssl, no telnet and so on ...
  8. #5
  9. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2001
    Posts
    4
    Rep Power
    0
    From Qmail Website:
    qmail is a modern SMTP server which makes sendmail obsolete, written by Dan Bernstein, who also has a web page for qmail. qmail is a secure package. There was a $1,000.00 prize for anyone who can show otherwise, which went unclaimed

    Anything that's secure by default doesn't mean you can configure it securely. Like what pabloj mentioned, you still need to apply appropriate security patches accordingly. In qmail, there are tons of patches (not vulnerability-releated) but enhancement.

    Smart people run qmail.
    Lazy people run postfix.
    Dumb people run Sendmail.

    Be sure to checkout http://www.lifewithqmail.org/ with you are really interested in migrating to qmail.
  10. #6
  11. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    May 2001
    Location
    North Vancouver, BC, Canada
    Posts
    44
    Rep Power
    14

    I am generallly out of line but ....


    Consider this....

    I write a new mail program to replace Sendmail called Bobmail.

    Now I can state:

    bobmail has never been hacked.
    bobmail is fantastically secure.
    bobmail is the best.
    bobmail has only one user.

    There are no experts I can call to advise me on how to patch
    bobmail as it is too new.

    So I look at the past:

    Sendmail has been around for a While.
    Qmail has also.

    But in the end you still need to secure and patch each.

    If I was an Insurance Adjuster contemplating writing a policy for a Company for their Mail program failure.

    I would consider the history of a mail program and the obvious
    side affects of slow patches vs failures industry wide.

    So which would rate a lower insurance cost.....

    Call your broker and ask !
    Thanks

    Foot in Mouth ver 1.2.5 Onion

IMN logo majestic logo threadwatch logo seochat tools logo