[CentOS] Sendmail is considered deprecated

Sat Apr 1 00:03:24 UTC 2017
Alice Wonder <alice at domblogger.net>

On 03/31/2017 02:57 PM, Valeri Galtsev wrote:
> On Fri, March 31, 2017 4:46 pm, Alice Wonder wrote:
>> On 03/31/2017 02:40 PM, Kenneth Porter wrote:
>>> On 3/31/2017 2:15 PM, Valeri Galtsev wrote:
>>>> Well, it sounds like you are one of the companies with whose effort I
>>>> have
>>>> to fight constantly in my own effort to protect our users from spam...
>>> What makes Postfix superior in fighting spam?
> I actually made two independent statements:
> 1. That I use postfix forever (postfix was written by Wietse Venema with
> security in mind).
> 2. That the company the OP works for judging from my reading of OP's post
> makes money by facilitating the creation of spam (by their customers).
> By no means I meant to say posfix is superior to sendmail in fighting
> spam. Neither of them is designed for fighting spam, each of them is
> merely MTA. Postfix, however, having human readable configs with rather
> logical logics makes it easier (for me) to administer, therefore easier
> (for me again) to integrate with anti-spam components (amavisd,
> spamassassin, clamav - the last to scan for viruses - or rather virii I
> should say as that is plural of latin word ;-)
> Just my $0.02.
> Valeri

That's pretty much why I started using postfix, I don't remember when 
but I believe it was with Red Hat 7 (pre Fedora days). It was much 
easier for me to configure postfix on a web application server and have 
it send encrypted to their MX then it was to configure sendmail. It was 
possible with sendmail but I wasted hours trying to get sendmail 
configured, first time with postfix was cake.

Now I use it because of the support for opportunistic DANE (I run an 
updated version, built from CentOS src.rpm but with version bump) so 
that when the receiving MX has DNSSEC with a TLSA record on port 25, I 
know the message is either delivered to that MX encrypted or not at all.

The attack that strips the STARTTLS causing plain text won't work when 
the receiving MX is configured with DANE. Right now comcast is the only 
major ISP in the united states that has MX servers configured with DANE, 
but several small ones do as well, and several in Europe are as well 
(especially .nl and .de mail servers)

I don't know if sendmail has been updated to support DANE yet or not, 
but last time I looked, it did not.