Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

use Perl Log In

Log In

[ Create a new account ]

· Perl
· davorg
· nms
· nms_sendmail
· More on Tools
· Also by pudge

nms Releases sendmail Replacement

posted by pudge on 2002.05.01 15:20   Printer-friendly
Tools
davorg writes "The nms project has stepped slightly outside of its remit to rewrite Matt Wright's scripts. We've released nms_sendmail which is a standalone, pure-perl replacement for sendmail (or, at least, for the parts of sendmail that you need to send emails from a CGI program). Its main purpose is so that people whose web server is on a Windows machine can use our formmail program with needing sendmail -- all you need is access to an SMTP server."
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

nms Releases sendmail Replacement 13 Comments More | Login | Reply /

 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.

  • poll (Score:3, Funny)

    by jdavidb (1361) on 2002.05.01 15:37 (#7817) Homepage Journal

    Can we add an option to the poll, now? :)

    --
    J. David works really hard, has a passion for writing good software, and knows many of the world's best Perl programmers
    • No, no no, that's not statically valid. We'll have to start up a new poll and then do the whole thing again for another five months ;-)
  • From their website: "There was some discussion on PerlMonks about alternative meanings for nms, and whilst I like many of those ideas, I think that nms probably doesn't actually stand for anything."

    I guess, in this case, it stands for No More Sendmail. (Lame, I know, but *somebody* had to say it) :)

    --
    Buck
  • I was about to say "what about the modules for this", and then realized who the audience was. Nevermind, nothing to see here.
    --
    Were that I say, pancakes?
  • There seems to be a typo in the link for 'nms'.
    --
    Jeff Boes Hyper-real techno priest of Perl
  • Has anyone bothered asking Matt Wright about this? What has his response been? I mean, if I released something that was bothering people this much I would just fix it myself. Either that or just release binaries >:)
    Seriously though, has anyone ever asked him and gotten his opinions on these matters?

    • Binaries wouldn't fix the security flaws. It's not just that the code looks bad; it's that the things that are wrong with the code translate into real problems.

      I believe Matt has basically said that people are welcome to use his programs, but he is aware that they have problems and is no longer interested in fixing them (he's gone on to other things). I may have imagined I read that, though.

      --
      J. David works really hard, has a passion for writing good software, and knows many of the world's best Perl programmers
      • Of course a binary woudn't fix problems. I didn't imply that at all. A binary would help *conceal* the problem until the symptoms showed up instead of failing at code review stage. Oh yeah, and it was a joke. Now that summer is upon us , in my hemisphere anyway, maybe you can go outside and find a sense of humor.

        • Sorry, man. I didn't realize the joke. Since there are plenty of people who think the only problem with Matt's scripts is that the "Perl cabal" thinks they're bad scripts, it didn't seem farfetched to me that someone might think compiling them to binaries would be fine, because no one would ever know it was bad code. I was trying to be helpful and provide more information. If you already knew that, great! Maybe it will help someone else.

          --
          J. David works really hard, has a passion for writing good software, and knows many of the world's best Perl programmers

    • I've been in touch with Matt quite a lot over the last few months. He's recently released a new version (1.92) of formmail which fixes just about all of the insecurities and prevents it being used as a spam-relay.

      All the scripts still use pretty nasty code tho'. Matt doesn't see that as an issue although he freely admits that he was just learning to program when he wrote those scripts.

      He's also talked about linking to nms [sf.net] from the MSA web site, but that hasn't happened yet.

  • Ive been reading "Web Design in a nutshell" (2nd ed.) by Jennifer Niederst and came across a copy of a MSA script as well as recommendations for using it as a resource.

    No mention is made of the security issues and etc of MSA scripts. It appears it was printed in 2001 so perhaps it might be a good idea for you to let them know about the issues and about NMS.

    Demerphq

Stories, comments, journals, and other submissions on use Perl; are Copyright 1998-2006, their respective owners.