Date: Thu, 1 Feb 2001 07:07:07 -0800 From: "Andre Hall" <ahall@pcgameauthority.com> To: "Dragos Ruiu" <dr@kyx.net>, "Christopher Farley" <chris@northernbrewer.com>, "Fenix" <fenix@xs4some.net> Cc: <freebsd-security@freebsd.org>, <freebsd-questions@freebsd.org> Subject: Re: sendmail vs. postfix question Message-ID: <001c01c08c60$a49ee640$040aa8c0@pcgameauthority.com> References: <01020104192002.01203@xs4some.net> <20010131235613.A7019@northernbrewer.com> <01020103331409.27656@smp.kyx.net>
next in thread | previous in thread | raw e-mail | index | archive | help
I once was faced with the same dilemma as you were. I finally decide to the Postfix way have not regretted my decision one bit. It was the easiest and fastest configuration I had experienced, a definite plus over Sendmail. From my first experience with Sendmail I always been displeased with how arcaic it is, especially if you need to make changes. Postfix's configuration file is very user-friendly- you don't have to be a rocket scientist to make changes. Straight and to the point. You can also find an abundance of support on the author's site. It's really based on personal preference. I hope my two cents helps you ----- Original Message ----- From: "Dragos Ruiu" <dr@kyx.net> To: "Christopher Farley" <chris@northernbrewer.com>; "Fenix" <fenix@xs4some.net> Cc: <freebsd-security@freebsd.org>; <freebsd-questions@freebsd.org> Sent: Thursday, February 01, 2001 3:22 AM Subject: Re: sendmail vs. postfix question > On Wed, 31 Jan 2001, Christopher Farley wrote: > > Fenix (fenix@xs4some.net) wrote: > > > > > I have a little question about sendmail vs. postfix .... > > > Are there any known recent problms with sendmail security ? > > > what about postfix ? > > > > Sendmail is a large, monolithic, complicated program that runs as > > root. Historically, it has been responsible for some of the most > > notorious and widespread security holes on the Internet, but I > > don't believe there are any (known) gaping holes in it today. > > Sendmail configuration is complicated and arcane -- it is the > > subject of one of the thickest books in the O'Reilly catalog. > > Actually, configuring sendmail is not that bad once you understand > > it -- you edit a human-readable config file which is processed by > > the m4 macro processor to build the much less human-readable > > sendmail.cf file. However, if you are like I am, and infrequently > > make configuration changes to your mail server, it may take more than a > > few minutes of grepping documentation to make even a tiny change. > > > > Postfix has a different architecture, but strictly conforms to the > > 'sendmail api'. That is to say that Postfix is more or less designed > > to be a drop-in replacement for Sendmail. Postfix is actually > > several small, specialized daemons that do not run as root (!), > > which has some positive security implications. Configuration of > > Postfix is very easy; there is no m4 macro processing here! I have > > always been able to make it do what I need it to do, although my > > needs aren't very great. According to my ISP (visi.com), Postfix > > outperforms Sendmail. > > > > Postfix performance exceeds sendmail performance on equivalent boxes in all my > experiences in terms of just about any metric you care to use, and I use it > exclusively these days. As anecdotal evidence, once when I configured it on a > very fast machine and sent a lot of mail through it, I had a large ISP call up > and complain that I was DoSing their mail server.... It was just postfix being > its normal, speedy, efficient self, and they had some NT lameware mail relay.... > > As far as security, given how much I rely on it, I recently(last year) decided > to re-audit its code, and after a couple of days spent looking for format > strings and other stuff I decided to discontinue the audit... Mr. Venema's code > is so rigorous that it even passes _internal_ data between routines through > filtering and cleaning functions (how paranoid is that :-) if that's any > indication of how it's built up. > > I personally think very highly of it. (Besides, I really would be fine > if I never have to look at another arcane sendmail ruleset ever > again... :-P ) > > cheers, > --dr > > -- > Dragos Ruiu <dr@dursec.com> dursec.com ltd. / kyx.net - we're from the future > gpg/pgp key on file at wwwkeys.pgp.net or at http://dursec.com/drkey.asc > http://cansecwest.com > CanSecWest/core01: March 28-30, Vancouver B.C. ------------^ > Speakers: Renaud Deraison/Nessus Attack Scanner, Martin Roesch/Snort/Advanced IDS, > Ron Gula/Enterasys/Strategic IDS, Dug Song/Arbor Networks/Monkey in the Middle, > RFP/Whisker2.0 and other fun, Mixter/2XS/Distributed Apps, Theo DeRaadt/OpenBSD, > K2/w00w00/ADMutate, HD Moore/Digital Defense/Making NT Bleed, Frank Heidt/@Stake, > Matthew Franz/Cisco/Trinux/Security Models, Fyodor/insecure.org/Packet Reconaissance, > Lance Spitzner/Sun/Honeynet Fun, Robert Graham/NetworkICE/IDS Technology Demo, > Kurt Seifried/SecurityPortal/Crypto: 2-Edged Sword, Dave Dittrich/UW/Forensics, > Sebastien Lacoste-Seris & Nicolas Fischbach/COLT Telecom/Securite.Org/Kerberized > SSH Deployment, Jay Beale/MandrakeSoft/Bastille-Linux/Securing Linux > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001c01c08c60$a49ee640$040aa8c0>