Date: Thu, 1 Feb 2001 08:45:17 -0600 From: "Paul T. Root" <proot@horton.iaces.com> To: security@freebsd.org Subject: Re: sendmail vs. postfix question Message-ID: <20010201084517.A11129@horton.iaces.com>
next in thread | raw e-mail | index | archive | help
I took the advanced Sendmail course from Allman back that the '99 LISA. At that time he said there had been no security holes found in sendmail in a few years (I don't remember the actual number), and in those 2 years, I don't remember any. I also run Sendmail Switch (the for sale version) on my main domain, and it installs running without root. > > Date: Thu, 1 Feb 2001 01:15:22 -0500 > From: "Richard Ward" <mh@neonsky.net> > Subject: Re: sendmail vs. postfix question > > That's very true. One of the features that stand out in the "Sendmail = > verses Postfix" war is that Postfix doesn't "need" root. With some = > modification, neither does Sendmail. Though many won't take the time to = > do this, it's one of the reasons Sendmail is deemed one of the most = > insecure "common" daemons. I prefer Sendmail over Postfix simply because = > I was brought up on to the Internet running Sendmail, it feels more like = > home. I do however have Postfix running on my local machine, and with = > keeping up-to-date on mailing lists such as this, none are a huge threat = > to my network. > > I would have to agree, doing anything in Sendmail takes some reading, = > though for the basic e-mail setup, there's little need to bring out = > O'Reilly. Both Sendmail and Postfix have a home on my network, I suppose = > it's just how much time you want to put in to it that depicts which MTA = > you will be running on your next computer. > > Just my two cents. > - -- > Richard Ward, CEO > richard@neonsky.net > Neonsky Internet Services > 877 249 6707 - US/Canada > > > - ----- Original Message -----=20 > From: Christopher Farley <chris@northernbrewer.com> > To: Fenix <fenix@xs4some.net> > Cc: <freebsd-security@FreeBSD.ORG>; <freebsd-questions@FreeBSD.ORG> > Sent: Thursday, February 01, 2001 12:56 AM > Subject: Re: sendmail vs. postfix question > > > > Fenix (fenix@xs4some.net) wrote: > >=20 > > > I have a little question about sendmail vs. postfix .... > > > Are there any known recent problms with sendmail security ? > > > what about postfix ? > >=20 > > Sendmail is a large, monolithic, complicated program that runs as > > root. Historically, it has been responsible for some of the most > > notorious and widespread security holes on the Internet, but I > > don't believe there are any (known) gaping holes in it today. > > Sendmail configuration is complicated and arcane -- it is the > > subject of one of the thickest books in the O'Reilly catalog. > > Actually, configuring sendmail is not that bad once you understand > > it -- you edit a human-readable config file which is processed by > > the m4 macro processor to build the much less human-readable > > sendmail.cf file. However, if you are like I am, and infrequently > > make configuration changes to your mail server, it may take more than = > a > > few minutes of grepping documentation to make even a tiny change. > >=20 > > Postfix has a different architecture, but strictly conforms to the > > 'sendmail api'. That is to say that Postfix is more or less designed > > to be a drop-in replacement for Sendmail. Postfix is actually > > several small, specialized daemons that do not run as root (!), > > which has some positive security implications. Configuration of > > Postfix is very easy; there is no m4 macro processing here! I have > > always been able to make it do what I need it to do, although my > > needs aren't very great. According to my ISP (visi.com), Postfix > > outperforms Sendmail.=20 > >=20 > > --=20 > > Christopher Farley > > www.northernbrewer.com > >=20 > >=20 > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > > -- Shaquille O'Neal, on his lack of championships: "I've won at every level, except college and pro." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010201084517.A11129>