Re: [Mailman-Users] Extremely High Membership lists
On Thu, 29 Jun 2000 10:00:10 +0100 Nigel Metheringham Nigel.Metheringham@VData.co.uk wrote:
My belief is that qmail and postfix are more inherently secure than sendmail - sendmail is one big chunk that does everything and has root privileges, so a compromise tends to take the whole machine out.
Aye, that's the argument of architectures. Postfix and QMail have architectures that lend themselves to being secure. That doesn't mean they are necessarily are, as the very rapid rash of fixes to both of those products in their early life attests (admittedly almost all for DoS or mail loss/corruption attacks, not system access), just that they basically follow the types of designs that people who do security profressionally tend to prefer (for very good reasons).
claw@cp.net said:
Note: I'm not aware of a single large scale high volume commercial service on the 'net that runs Sendmail. Not one. You can check this youself by telnetting to the SMTP port on their MXes and reading the HELO message.
Apparently according to the sendmail marketing dweeb I saw a few weeks back they have something like 7 of the top 10 ISPs... which I don't really believe since it depends how you define things. AOL was mentioned...
AOL is running an in-house developed custom MTA. I don't know what the code roots of that MTA are, but I have considerable reason to think it isn't Sendmail. (They were looking at outsourcing their MTA business a while ago to a company I was consulting to).
their MXes give back something rather customised.
$ telnet yg.mx.aol.com smtp Trying 205.188.156.228... Connected to yg.mx.aol.com. Escape character is '^]'. 220-rly-yg04.mx.aol.com ESMTP relay_in.9; Thu, 29 Jun 2000 11:36:03 -0400 220-America Online (AOL) and its affiliated companies do not 220- authorize the use of its proprietary computers and computer 220- networks to accept, transmit, or distribute unsolicited bulk 220 e-mail sent from the internet.
-- J C Lawrence Home: claw@kanga.nu ----------(*) Other: coder@kanga.nu --=| A man is as sane as he is dangerous to his environment |=--
I'm still getting multiple copies of stuff... I guess 2.0Beta3 was
premature? (Or was it ever determined to be a MailMan problem?)
--Derek
On Thu, 29 Jun 2000, J C Lawrence wrote:
-> On Thu, 29 Jun 2000 10:00:10 +0100
-> Nigel Metheringham Nigel.Metheringham@VData.co.uk wrote:
->
-> > My belief is that qmail and postfix are more inherently secure
-> > than sendmail - sendmail is one big chunk that does everything and
-> > has root privileges, so a compromise tends to take the whole
-> > machine out.
->
-> Aye, that's the argument of architectures. Postfix and QMail have
-> architectures that lend themselves to being secure. That doesn't
-> mean they are necessarily are, as the very rapid rash of fixes to
-> both of those products in their early life attests (admittedly
-> almost all for DoS or mail loss/corruption attacks, not system
-> access), just that they basically follow the types of designs that
-> people who do security profressionally tend to prefer (for very good
-> reasons).
->
-> > claw@cp.net said:
-> >> Note: I'm not aware of a single large scale high volume
-> >> commercial service on the 'net that runs Sendmail. Not one. You
-> >> can check this youself by telnetting to the SMTP port on their
-> >> MXes and reading the HELO message.
->
-> > Apparently according to the sendmail marketing dweeb I saw a few
-> > weeks back they have something like 7 of the top 10 ISPs... which
-> > I don't really believe since it depends how you define things.
-> > AOL was mentioned...
->
-> AOL is running an in-house developed custom MTA. I don't know what
-> the code roots of that MTA are, but I have considerable reason to
-> think it isn't Sendmail. (They were looking at outsourcing their MTA
-> business a while ago to a company I was consulting to).
->
-> > their MXes give back something rather customised.
->
-> $ telnet yg.mx.aol.com smtp
-> Trying 205.188.156.228...
-> Connected to yg.mx.aol.com.
-> Escape character is '^]'.
-> 220-rly-yg04.mx.aol.com ESMTP relay_in.9; Thu, 29 Jun 2000 11:36:03 -0400
-> 220-America Online (AOL) and its affiliated companies do not
-> 220- authorize the use of its proprietary computers and computer
-> 220- networks to accept, transmit, or distribute unsolicited bulk
-> 220 e-mail sent from the internet.
->
-> --
-> J C Lawrence Home: claw@kanga.nu
-> ----------(*) Other: coder@kanga.nu
-> --=| A man is as sane as he is dangerous to his environment |=--
->
-> ------------------------------------------------------
-> Mailman-Users maillist - Mailman-Users@python.org
-> http://www.python.org/mailman/listinfo/mailman-users
->
participants (2)
-
Derek Simkowiak
-
J C Lawrence