Is sendmail safe for SMTP?

Michael St. Laurent mikes at
Fri Apr 18 01:26:50 IST 2008

> > I've been using an SMTP proxy for years now but have been having
> > problems with it lately.  So I am wondering if it is safe to let
> > Sendmail talk SMTP to the outside world these days or if 
> that is still
> > considered a Bad Idea(tm).
> >   
> Sendmail is the most widely used MTA on the internet (>60%), when 
> vulnerabilities have been discovered in the past they were fixed very 
> quickly.
> Not sure where you get the concept "  *Still* a bad idea", 
> its the MTA 
> of choice in my book and has been for over 10 years and 
> facing it on the 
> internet correctly configured has never been a bad idea...
> Sendmail is over 25 years old and is still the number 1, its the most 
> configurable and provides the best functionality....
> A lot of sys admins are cautious of it because they don't know how it 
> works well enough... but its like anything these days once 
> you know how 
> to use it, its very simple to make it do what you want...

Oh, I can make it do what I want.  But when I first put things together
here I didn't have time to do a lot of research and there were some high
profile incidents took place involving Sendmail exploits.  In any case,
using a proxy sounded safer than *not* using one.

I hope the "Bad Idea" comment didn't give offense as it was not intended
to be any kind of a dig against Sendmail.

In any case, if that many folks have Sendmail facing the Internet...
well, that's good enough for me.  ;)

More information about the MailScanner mailing list