RE: Sendmail takes long time t start

[Jamie Ostrowski <jamie getsetnet net>]

On Sat, 24 Mar 2001, Kalum / Grendel wrote:

> On  Fri, 23 Mar 2001, Jamie Ostrowski commented thusly,
> 
> >        Well, I don't know if I would leap to those conclusions. I would
> > carefully study Sendmail, as well as Postfix and Qmail. I am a relative
> > newbie, (been using Linux for about a year and a half) and I have
> > successfully set up Sendmail to host for many different domains running on
> > the same box, as well as going through alias configuration and forward,
> > etc. 
> 
> Your level of dedication to sendmail is indeed praiseworthy, but it is
> rather too much hard work isnt it, for the average newbie its very
> confusing and it needs time and a good degree of patience to understand
> it.

     Yeah, I agree. It is a lot of work. It took me about 4 months (on and
off again) to figure out how to get it all configured. I haven't used
qmail or Postfix yet. I guess it's because I haven't seen a need since I
have things running now. I agree that someone who is new to network apps
should start with something nice and easy like qmail or Postfix. Once they
have things up and running, you can move to Sendmail if you have a need
to. 


> 
> >There is a very impressive number of systems still using Sendmail, so
> 
> This is no longer true Jamie, the systems running sendmail have dropped
> drastically, I hve more info below to back this up.
> 
> > I think it would be profitable to understand and know it. 
> 
> Quite correct, much as I would hate to admit it, sendmail configuration
> should be mandatory knowledge for any sysadmin.
> 
> Although in the past sendmail had a awesome 70% of the market share, it
> is loosing ground rapidly as the latest surveys shows qmail, postfix
> eating away its share, and now sendmail is run on only 47% of the servers
> out there.
> 
> <http://pobox.com/~djb/docs/maildisasters/sendmail.html> has more info
> about sendmail, it should be read by anyone who is running sendmail as
> there MTA.
> 
> Here is a bit more info copied from one of DJB's posts,
> 
> D. J. Bernstein <djb cr yp to> schreef in berichtnieuws
>   2000Oct507 51 14 11491 cr yp to   
> 
> I looked up PTR records for 1000000 random IP addresses. 25777 of the IP
> addresses had PTR records.
> 
> I tried to connect to each address at the SMTP port. I obtained
> successful connections to 908 servers. Evidently there were nearly 4
> million reachable SMTP servers on the Internet at that moment.
> 
> I then sent a series of SMTP commands to each server, and fed the
> responses through a script that guesses what SMTP software is running on
> each host. Some comments on the results:
> 
>    * UNIX remains the most common operating system. 62% of the servers
>      are running UNIX-only software; 26% are running Windows-only
>      software; 6% provide answers consistent with both UNIX and Windows.
> 
>    * Sendmail is continuing to drop in popularity. The Sendmail company
>      claims on its web pages that Sendmail ``powers the majority of the
>      Internet's mail servers''; that claim is no longer true.
> 
>    * As in previous surveys, most of the Sendmail servers announce
>      version numbers known to have security holes, in some cases
>      remotely exploitable. Very few servers are running the most recent
>      free version of Sendmail, or any commercial version of Sendmail.
>      Apparently most Sendmail users simply take what comes with the
>      operating system.
> 
> Here are the software tallies:
> 
>    47%  430  UNIX Sendmail
>    16%  149  Windows Microsoft Exchange
>     9%   82  UNIX qmail
>     6%   55  Windows Ipswitch IMail
>     3%   26  unknown (``Relay not authorized'')
>          21  UNIX smap
>          19  not sure
>          15  UNIX Exim
>          10  UNIX/Windows Check Point firewall
>           9  UNIX/Windows Software.com Post.Office
>           9  UNIX/Windows GroupWise
>           9  UNIX/Windows DatCon IMS
>           6  Windows Gordano NTMail
>           6  UNIX IBM Postfix, formerly VMailer
>           4  Windows Sendmail
>           4  Windows Atrium MERCUR
>           3  unknown (``ESMTP hello!'')
>           3  Windows Deerfield.com MDaemon
>           3  VMS CISCO MultiNet, formerly TGV/MultiNet
>           3  UNIX/Windows Netscape Messaging Server, formerly Netscape
> Mail
>   Server
>           3  UNIX/Windows Lotus Domino
>           3  UNIX Zmailer
>           3  UNIX Smail
>           3  UNIX Obtuse SMTPD
>           2  Windows Vircom VOP Mail
>           2  Windows Rockliffe MailSite
>           2  Windows O'Reilly WebBoard
>           2  Windows InterScan VirusWall
> 
> 
> >Not to mention
> > the fact that Sendmail is very versatile on very large and complex network
> > configurations. 
> 
> What would you prefer, configurability rather than security, and who says
> that qmail and postfix cant be run on big networks, qmail is run on
> hotmail.com, egroups.com and other large and complex networks etc, please
> see <www.qmail.org> for a impressive list of heavy and complex sites that
> run it.
> 
> Infact sendmail would be soo slow on large networks, so that the larger
> the network and the larger the bulk of mail handled, the more you would
> have to gain by running qmail or postfix.



       Yeah, that makes sense. I am not enough of a email guru to really
engage in meaningful dialogue regarding MTA pros and cons. My claim is
that while you are correct, Sendmail has had more back doors revealed,
qmail and Postfix haven't stood the same test of time that Sendmail
has. Perhaps qmail and Postfix are as secure as Sendmail, but you and I
both would have to acknowledge, whether you like it or not, or whether I
like it or not, the fact that the number of times Sendmail has been
tampered with by crackers far exceeds the number of times different
crackers have tried to exploit qmail or Postfix. I bet over the long
length of time Sendmail has been implemented on a large scale across the
internet there have been, say 1,000,000 attempts made by 800,000 hackers
to breach it's security. Qmail or Postfix have, in the duration of their
existence and on the scale they have been implemented, been subject to,
say 500,000 hack attempts by 300,000 different hackers. (of course these
numbers are totally imaginary. I am only using them to illustrate my
point.) I don't know of course what those numbers would be, but I think
the proportions are probably somewhat close to the mark. If in the course
of time qmail and Postfix are run as long and to the same extent that
Sendmail has been, you may find the same sort of exploit statistics. I
don't know. Maybe I am wrong but that is what I am suspicious of. So to
make he claim that once is more secure than the other can really only be
known in the distant future, or not so distant, with the rate the Internet
is growing.

 
> >Postfix certainly has it's place. Most simple
> > configurations will handle Postfix quite nicely, and it is easier to
> > configure, but I would hesitate before I go and bad mouth Sendmail.
> 
> Well I for one know that you can install postfix or qmail and go on a
> even several months holiday without being sure that no new exploit will be
> discovered and someone hacks into your setup before you return :) 
> 
> The point I am trying to make is that running sendmail is such a liability
> and so many people arent just aware of the security risks they are running
> by having sendmail as there MTA, there are so many CERT warnings that you
> HAVE to be running the current version of sendmail to be sure that your
> system is safe. There are so many systems running buggy old sendmail
> versions and it is astonishing that these sysadmins dont know the risk
> that they are taking.
> 
> > It has
> > it's position in complex environments. It is a very powerful tool.
> 
> So do other MTA's, infact they are much easily configured and perform
> better in comlpex environments under heavy loads, even this list we are on
> was run by qmail for a long time, and at the moment it is run on postfix. 
> 
> > There
> > is a reason it is hard for many to understand. 
> 
> Many reasons, badly designed with a high level of user knowhow expected,
> it is correct to expect such knowledge in the 1980's when most people who
> wanted to configure sendmail were sysadmins, but it is certainly not true
> now, where the person who wants to configure sendmail for some simple task
> is a user with moderate knowledge of unix.
> 
> Also it is soo trusting and low on security, lets face it, when it was
> designed in the good old days decades ago, security was not a prime
> concern as now is it.


      Yes, this is unfortunate but definately relevant. And I suspect we
haven't seen anything yet. 



> 
> >So is calculus. This
> > doesn't make it bad, just more versatile than more elementary math, for
> > example.
> 
> But suppose there was a way to get the same thing done using elementary
> math, then why should we bother to learn calculus? Wouldnt it be just a
> plain waste of time.   
> 


    Yes it would, and as soon as they find a way to do with elementary
math what is done with calculus, I will listen to what they have to
say. Until then, I will have to stick to understanding limits and
derivatives to accomplish certain tasks and elementary math for
calculating my bill payments at the end of the month, although those seem
to be approaching infinity...  :)




       cheers,

     - Jamie







> 
> Best Wishes,
> Grendel
> 
> 
> 

-- 

   "It's pretty hard to stop a man who eats his toast every morning."