Sendmail

Sendmail is one of the most venerable Internet software packages still in widespread use: it first appeared in 4.1c BSD Unix (April 1983), and to this day, it has remained the most relied-upon application of its kind. But Sendmail has both advantages and disadvantages.

Sendmail Pros and Cons

On the plus side, Sendmail has a huge user community; as a result, it’s easy to find both free and commercial support for it, not to mention a wealth of electronic and print publications. It’s also stable and predictable, being one of the most mature applications of all time.

On the down side, Sendmail has acquired a certain amount of “cruft” (layers of old code) over its long history, resulting in a reputation of being insecure and bloated. Both charges are open to debate, however.

While it’s true that Sendmail has had a number of significant vulnerabilities over the years, these have been brought to light and fixed very rapidly. An argument can therefore be made that Sendmail security is a glass half-empty/half-full situation. Depending on your viewpoint, Sendmail’s various vulnerability reports and subsequent patches may prove that Sendmail is inherently insecure; or perhaps the fact that they come to light and are fixed quickly prove that Sendmail’s development team and user community are pretty much on top of things; or maybe you think the truth is somewhere in between. (I’m in this last camp.)

A more useful criticism is that Sendmail is monolithic: a vulnerability in one portion ...

Get Building Secure Servers with Linux now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.