"On March 3rd, 2003, Internet Security Systems, in cooperation
with the Department of Homeland Security, issued a warning
regarding a hole found in Sendmail. Sendmail, of course, is
responsible for handling over half of the world's e-mail traffic.
The warning, echoed by CERT, warned system admins that any version
lower than 8.12.8 was vulnerable to a serious root exploit. I heard
the warning loud and clear, so I wasted little time upgrading each
system on our network.
"Sendmail has a long history of security holes, most of which
have been thoroughly documented on security sites around the world.
Why do people continue to run Sendmail? The majority of my systems
used to run Sendmail compared to the minority that ran other MTAs
such as Postfix or Qmail. Sendmail isn't easy to configure. It
lacks a user-friendly front end. It certainly doesn't come ready to
use or with easy-to-understand documentation. Is Sendmail still
used because it ships as the default mailer with almost every
flavor of Unix? Whatever the reason, many would agree its time to
adopt a more user friendly mail transport agent..."
