[CentOS] sendmail substitute?

Thu Oct 14 09:06:02 UTC 2010
John Doe <jdmls at yahoo.com>

From: Giles Coochey <giles at coochey.net>

>   On 14/10/2010 09:11, Alexander Dalloz wrote:
> >> i'm following online guides to secure my centos  5.4
> >> it's advised to turn off sendmail service among  others.
> >> but how can i forward my /var/log/mail to my webmail  ?
> > To update to CentOS 5.5 with current updates (especially the  kernel!)
> > would improve security much more than deactivating Sendmail.  That said you
> > are not bound to 5.4 by any specific  usecase.
> >
> Agree with above.
> >> any help would be greatly  appreciated..
> > What is the rationale behind deactivating Sendmail. Just  curious. Or is it
> > the typical rant "Sendmail is insecure, see its  history"?
> >
> If he just wants to send emails generated by internal  programs on his 
> system and doesn't need a full blown MTA then something  smaller with 
> SMTP capability would be a more fitting choice.
> I run  sendmail myself, but then run a full blown mail system, want spam 
> /  anti-vrus checking and so on, but for ordinary systems 
> (non-mailservers)  something simpler with a smaller footprint and 
> capability is probably  better, not just from a security point of view.
> I commend anyone who choses  not to run a full-blown MTA if they are 
> technically uncertain about the  security  implications.

What could be so insecure about using sendmail localy?
Don't start the daemon, so it is not listening...
Or the firewall will block the port anyway...
If the mail is sent to a trusted mail server, there is no risks.
Am I missing something?