Les Mikesell wrote:
Christopher Chan wrote:
How do you have a remote root exploit if you aren't running as root?
Ask the sendmail advisories for 8.12.x.
Wasn't the last bug found and fixed 5 or 6 years ago?
Which is great. Just saying that if there is one still lurking around, the current model of operation might still be vulnerable.
I fail to see how that becomes an advantage for sendmail.
It lets you control load very precisely. You can limit sendmail to some number of instances that can be much larger than the number of big/slow scanning backend processes that you permit and the sendmails don't wait for the milters until/unless they need one of their functions and you don't have to start a new process for each message.
Sorry, I meant to say, an advantage for sendmail over postfix.
I've been using it with sendmail for many years. Postfix has only recently added milter support and only very recently made it good enough to work with mimedefang. I don't know if it does the session multiplexing as efficiently - maybe...
I was the under the impression that it was mimedefang that handled that and not sendmail? In any case, postfix has long had very good multiplexing.
You know the answer to that one. If I am going to use MimeDefang for spamassassin and postfix obviously does not have anti-virus features (unless you call using body_checks to check for known patterns anti-virus support) where do you think I would plug in anti-virus support? Again, in a sendmail + mimedefang versus postfix + mimedefang, sendmail is the loser.
If you just started to use email, perhaps.
Ho hum. I do not know why you keep insisting that letting mimedefang handle say lookups to mysql and perform decisions based on those is faster than if sendmail had native support. It is after all, one less layer to going through and not run in something that is interpreted.
On the contrary, having the ability to extend through external software gives you unlimited options. Note that postfix eventually got around to copying this feature. Also with mimedefang you can do most of your special configuration in perl instead of having to learn yet another syntax.
Simply because it made sense to use available existing tools that support spamassassin and virus scanners than make yet another interface. No more smtp proxying. Good riddance amavisd. postfix was after all a replacement for sendmail and it would be incomplete without milter support.
And it was incomplete for a long time. Which is why sendmail is the standard.
More and more distributions are using postfix as the default even though it does not allow delivery to root. That 'is' will soon become 'was' despite its incomplete milter support. I guess milters are not all that standard then. So many alternatives to milters out there that got established when milters just were not stable enough (no fault of sendmail) so that today milters are not quite as well known as stuff like resource hog amavisd.