On 10/14/2010 4:19 PM, Gary Greene wrote:
On 14/10/10 10:58 AM, "Baird, Josh"jbaird@follett.com wrote:
Actually, as of RHEL6, the default MTA is now Postfix.
Sendmail does indeed have a rather lengthy history of vulnerabilities. With that being said, in my opinion, Postfix is also a much more flexible MTA.
Josh
Well, I'd call that a red herring as Sendmail is just as flexible. The main issues that people have with Sendmail regarding security or flexibility come from the fact that you need to understand the configuration language that Sendmail's configuration files use. If you don't, yes, you can easily eff up the the security of your mail infrastructure and can get lost quickly if you're trying to configure it for more functionality/mail routing/etc.
Sure there have been vulnerabilities in the past, but so has postfix/exim/dbmail/etc.... I think the main reason upstream changed to Postfix is mostly a) most Linux distributions are using it as the default MTA now, and b) it is easier to configure and nothing more.
What you really want with sendmail is a milter-multiplexer like MimeDefang where you can do anything you want without slowing down the faster native sendmail steps and handle the unusual configuration parts in a snipped of perl. Now that postfix has gotten milters right I think you could use MimeDefang with it too.
But, sendmail these days is probably the most strictly audited piece of code on your server so I think the OP is just following bad advice.