Sendmail vs postfix

Evan Leibovitch evan-ieNeDk6JonTYtjvyW6yDsg at public.gmane.org
Fri Nov 18 16:32:48 UTC 2005 

Lennart Sorensen wrote:

>On Fri, Nov 18, 2005 at 12:11:01AM -0500, Kevin Cozens wrote:
>  
>
>>Its interesting that you put Qmail on the bottom of the list in light of 
>>the fact you experienced security exploits when using Sendmail. One of the 
>>advantages of using Qmail is its atttention to security.
>>    
>>
>
>qmail isn't the only program that tries to be secure.
>  
>
Don't qmail and postfix have very similar architectures? They both seem 
to be based on splitting the MTA into a bunch of small programs, none of 
which trust each other and only a bare minimum of which run suid root. 
(This is in contrast to monolithic MTAs  such as sendmail and exim which 
run as one big suid root process.) I even seem to recall that the 
original logo of postfix, before it started using the rodent, was the 
flowchart indicating message-passing between the modules.

Is there anything in qmail's design that is inherently more secure than 
postfix, in theory _or_ practise?

- Evan

>  
>
>>I can understand it being at #4 if that is due to feelings of how 
>>easy/difficult it is to setup and configure compared to Sendmail. There are 
>>a number of additional softwares packages available from www.inter7.com 
>>that will be very helpful in setting up a Qmail system. You will find 
>>packages that will let you configure and administer the mail system via a 
>>web browser. Users can even administer their own domains. If you add 
>>sqwebmail you can allow users to access their e-mail via a web browser.
>>
>>The only other minor complication with installing Qmail is due to the 
>>bright spark(s) who added dbus to Fedora Core deciding to use a UID/GID 
>>which is used by the pre-compiled versions of Qmail. While Qmail predates 
>>dbus AFAIK, the dbus creator didn't know about Qmail or the UIDs/GIDs it 
>>used. Fortunately it may be easy to change the values used in dbus.
>>    
>>
>
>qmail has no business telling the system what userid to map to what
>username.  So that minor problem is simply a qmail bug.
>
>Lennart Sorensen
>--
>The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
>TLUG requests: Linux topics, No HTML, wrap text below 80 columns
>How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
>  
>

--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml

More information about the Legacy mailing list