Date: Thu, 1 Feb 2001 21:33:38 -0500 (EST) From: David Gilbert <dgilbert@velocet.ca> To: "Andre Hall" <ahall@pcgameauthority.com> Cc: "Dragos Ruiu" <dr@kyx.net>, "Christopher Farley" <chris@northernbrewer.com>, "Fenix" <fenix@xs4some.net>, <freebsd-security@freebsd.org>, <freebsd-questions@freebsd.org> Subject: [security] Re: sendmail vs. postfix question Message-ID: <14970.7298.155915.471272@trooper.velocet.net> In-Reply-To: <001c01c08c60$a49ee640$040aa8c0@pcgameauthority.com> References: <01020104192002.01203@xs4some.net> <20010131235613.A7019@northernbrewer.com> <01020103331409.27656@smp.kyx.net> <001c01c08c60$a49ee640$040aa8c0@pcgameauthority.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[various, deleted] I must say that I actually understand sendmail at a low level. Back in '92 (before many alternatives were viable) I did signifcant raw .cf hacking that I am confident modern alternatives would not be able to grok. But those problems were extrodinary... Last year, I installed one of our machines with postfix. Since then, I have been happy and when opportunity has presented itself, I have loaded other machines with postfix in our network. It performs well, and I have only had minor issues. - recently rmail changed the flags it uses. Caused some coniptions before I relized what was causing delivery failure. Luckily uucp saves failed data. - One machine mysteriously "looses" the postfix master process. It's still running, but not working ... and (annoyingly) at a different PID than "postfix reload" expects it to be. I havn't got a fix for this one yet. - You can't get "real" status from Postfix. The latter is apparently a design issue. With little daemons doing little jobs, it's difficult to get the type of status info that you get from ps -axww about sendmail. That said, only one major machine in our network is left running sendmail. It will likely fall. I could fix what I don't like about it with .cf hacking, but postfix does it's job better and has more direct configuration for it's issue. In short, I like the security of non-root processing (esp. for smptd). I like the simple configuration and speed. I don't like that I can't tell that a certain smtp instance is talking to a certain host X. Dave. -- ============================================================================ |David Gilbert, Velocet Communications. | Two things can only be | |Mail: dgilbert@velocet.net | equal if and only if they | |http://www.velocet.net/~dgilbert | are precisely opposite. | =========================================================GLO================ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?14970.7298.155915.471272>