Dan Naumov wrote: > Terry Lambert wrote: > > Because syslog is unreliable. See "BUGS" section of the man page. > > Don't you think that if syslog is unreliable, then it should be fixed ? Sure. You should definitely fix it; you'll need to figure out a way to know whether we've run out of mbufs, or can't connect to the syslogd over TCP, or are experiencing a denial of service attack, etc.. > If things are as you say, we have 2 problems: Sendmail gettings CERTs > every other day and an unreliable system logger. Would you rather just > let things be as they are ? If you insist on painting this bikeshed... Put any other mail server out there in place of Sendmail, and all you will accomplish is a different set of CERTs. Sendmail gets a bad rap because of the amount of attention that's being focussed on it. Any time there's an SSL vulnerability, for example OpenPKG-SA-2002.008, Postfix and everyone else who supports StartTLS gets hit, too. The system logger is unreliable because the transport mechanism has too many causal links where it can be attacked. I am always suspicious of people who want to replace the default MTA/MSA code, and aren't willing to do the actual work in making it possible to plug a different one in place of their own favorite: it's too much like advocacy of their favorite MTA/MSA code, if they aren't willing to make it possible for people who don't like *their* MTA/MSA to use a different one. -- TerryReceived on Wed Apr 02 2003 - 11:27:21 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:02 UTC