Re: sendmail config.mc for a firewall

[Bennett Todd <bet () rahul net>]

On Tue, Oct 14, 1997 at 02:21:33PM -0700, Bob Van Cleef wrote:
> I'm looking to upgrade sendmail on a firewall system, [...]

Don't do it, man!

Sendmail is the single biggest source of exploitable-over-the-net
security holes in Unix. It does _not_ belong on a firewall (internal
or external), or on any machine that's exposed to the internet.

If you have to have a full-featured MTA on your firewall (often
though not always the case) I'd recommend considering Qmail
<URL:http://www.qmail.org/>. When Weitse's MTA gets out of
development I'm sure that'll be the other candidate.

-Bennett