These people here don't think like normal people out in the workforce. Our managers view themselves as politicians trying to wield their agenda (software product) to make them look better. The more money you spend the better they think they are.
Brett
>>> paulf@quillandmouse.com 04/09/02 07:16PM >>>
On Tue, Apr 09, 2002 at 09:27:23AM -0400, Brett Simpson wrote:
> I appreciate the feddback I have recieved but now I know where the comments
> dealing with security came into play from my manager. The main reason is he
> wants to replace Sendmail with the Groupwise Internet agents. Does anyone
> have any comments on what my manager has wrote? Due to the nature of us
> being government I can't suggest using Postfix without being overridden
> in favor of Groupwise. As a side note our Groupwise system has crashed on
> numerous occasions under heavy and light loads (2000 users) but despite
> this I have to defeat this header information thing in order to keep
> Sendmail in place. Government is a crazy!
>
> Here's the email:
> "My original question that kicked this off is that Sendmail can be tricked
> into sending header information back to the recipient to give more clues up
> as to who we are and what our IP numbers and conventions are. In no way
> was I saying that Sendmail is an insecure product on the whole, however
> I think we need to revisit putting GroupWise directly onto the Internet."
>
Not sure why you can't suggest Postfix. Postfix is as good as Sendmail,
if you're comparing it to Groupwise (about which I know nothing). The
bigger question is where he got this information about Sendmail. Is this
something he read in a trade mag? Something someone told him?
Maybe sendmail does this, and maybe it doesn't. If it does and
shouldn't, is this an exploit? If so, it's most likely fixed by now.
Open source software has pretty quick repair cycles. Assuming it's not a
bug, then can sendmail be configured not to report such information? And
more important, what specifically does he believe could be reported?
Without that information, it's impossible to determine what to fix or
whether and how to fix it.
One major point here. Your Groupwise crashed under moderately heavy
load. OTOH, most of the internet mail across this planet runs on
sendmail. That means ISPs, who have a lot heavier mail load than you do.
I don't recall ever hearing of a sendmail server crashing because of
load. I have heard of it getting wedged, but that's a misconfiguration
issue.
Paul
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 19:59:05 EDT