Re: [Mailman-Users] Extremely High Membership lists
chuqui@plaidworks.com said:
My belief is that qmail and postfix are more inherently secure than sendmail - sendmail is one big chunk that does everything and has root privileges, so a compromise tends to take the whole machine out.
Qmail and postfix are suites of small programs with limited trusts and remits. If one of these components is compromised you might be able to get into the mail handler but its *very* unlikely you can break the whole machine (other than maybe DOS).
Exim has the severe disadvantage that it runs setuid root and is a big lump of code. It has the advantage of sendmail that it was written later and in a consistant style which should protect it against buffer overruns. Downside is that it has not had as much testing as sendmail in the wild, neither has it been formally audited to my knowledge. It has had one security exploit to my knowledge (however never exploited in the wild - again AFAIK). Exim *can* be run completely without root on systems which have no local users.
My take is that I have been working with and on exim since even before
it was around (I previously maintained smail 3). Exim is wonderfully
flexible and extensible. If I were starting out now I would probably
go for postfix, but don't currently feel the need to move currently.
If I was designing a real high volume list handler I would certainly
evaluate postfix which I think would probably outperform exim in this
situation. [qmail is not an option - it uses more bandwidth and thats
costly in the EU]
claw@cp.net said:
Apparently according to the sendmail marketing dweeb I saw a few weeks back they have something like 7 of the top 10 ISPs... which I don't really believe since it depends how you define things. AOL was mentioned... their MXes give back something rather customised. IMHO sendmail installations fall into 2 camps - those that know what they are doing and have good reasons for their choice. And those that use it because its what shipped on the box and they know no better - I avoid ISPs that do that latter, which makes up around 80% plus of all ISPs and a very low percentage of those with a clue.
Nigel.-- [ - Opinions expressed are personal and may not be shared by VData - ] [ Nigel Metheringham Nigel.Metheringham@VData.co.uk ] [ Phone: +44 1423 850000 Fax +44 1423 858866 ]
At 10:00 AM +0100 6/29/00, Nigel Metheringham wrote:
My belief is that qmail and postfix are more inherently secure than sendmail
The key word here is belief. Whether you like it or not, sendmail has a lot of field testing behind it, and a huge user base watching for (and when they're found, fixing) security problems. No matter how much you believe the others are more secure (and I agree with you on that, FWIW), that kind of real world testing and evaluation isn't belief, it's proof.
I'll leave it at that, since we're heading very off-topic and into one huge rathole of a religious fight.
-- Chuq Von Rospach - Plaidworks Consulting (mailto:chuqui@plaidworks.com) Apple Mail List Gnome (mailto:chuq@apple.com)
And they sit at the bar and put bread in my jar and say 'Man, what are you doing here?'"
At 10:00 AM +0100 6/29/00, Nigel Metheringham wrote:
My belief is that qmail and postfix are more inherently secure than sendmail
The key word here is belief. Whether you like it or not, sendmail has a lot of field testing behind it, and a huge user base watching for (and when they're found, fixing) security problems. No matter how much you believe the others are more secure (and I agree with you on that, FWIW), that kind of real world testing and evaluation isn't belief, it's proof.
I'll leave it at that, since we're heading very off-topic and into one huge rathole of a religious fight.
-- Chuq Von Rospach - Plaidworks Consulting (mailto:chuqui@plaidworks.com) Apple Mail List Gnome (mailto:chuq@apple.com)
And they sit at the bar and put bread in my jar and say 'Man, what are you doing here?'"
participants (2)
-
Chuq Von Rospach -
Nigel Metheringham