Sendmail runs as one huge monolithic executable. It is inherently less
secure than MTA's which have unprivileged processes listening to the
outside world performing bounds checking and then interacting with
actual guts of the MTA via a well-defined interface. qmail and Postfix
both have some incarnation of this latter behavior.
Personally, I prefer Postfix. I've ranted about it on this list before,
so I'll behave and get to the point. From the qmail website:
"Postfix is a direct competitor to the qmail software by Dan Bernstein.
That's competitor, not enemy. I'm sure that friendly competition will
help to improve both programs. "
You can take a look at it's design goals here:
http://www.postfix.org/goals.html
IMHO, and in the opinion of many others, it has either met or exceeded
each of these goals.
It's secure, it's configuration file is in English, it has all the
features you actually want/need in an MTA, it scales up to
large ISP's, it behaves with other sendmail hosts (IOW, doesn't make them
crash), it will handle everything short of an outright DoS...Did I
mention that it's configuration files are in english? ;-)
Oh, and it's author is a gentleman (in contrast to qmail's author).
Personally I use DJB's djbdns, but that's only because it's the only
real alternative to BIND. (BIND is a discussion for another rant.)
And for those of you who haven't really heard of Postfix, and are
wondering if it's used on the 'net, a quick tour of a handful of MX's
indicate that mail.suse.de, murphy.debian.org, smtp.mandrake.com,
and mx1.freshmeat.net all use Postfix. The only site I tried that
wasn't using Postfix was Redhat.
I guess I ranted anyway. So sue me. Hacking my MX in retaliation
is simply NOT an option. ;-)
Thus spake Ronan Heffernan on the 19 day of the 09 month in the year 2002:
> I have been using qmail on a couple of hosts, for several years. It
> works (at least the older versions that I am running). I used to run
> sendmail (by default). I was hacked, and my ISP and I determined that
> it was through sendmail. That was enough to get me looking, and qmail
> was enough to get me to switch.
>
> Better administrators than I swear that sendmail scales better than
> qmail and is not inherently insecure. Keeping sendmail secure just
> requires some knowledge and some vigilance (e.g. applying security
> patches). I won't argue, but I am happy with qmail.
>
> --ronan
>
>
-- Matthew MoenOutlook is as attractive to email viruses as a heap of dead and rotting cows is to a fly. So long as that maggot-filled pile of corpses is there, swatting at the flies isn't going to work. Alan Bellingham, SDM
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 19:47:22 EDT