[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
Henry Bremridge wrote: > > http://lwn.net/Articles/196724/ I think the article misses the point about mail system security. > Exim is the default under debian but given that this is for a single > user desktop machine and that reading the documentation package gives > me a headache, I would prefer to have a simpler program. The question > is which? nullmailer perhaps? Although you should be able to purge Exim, and just install Exim with the default settings via debconf for this configuration. If you are fiddling with the config files, you've maybe already gone wrong? > In looking in the debian packages I see the following MTAs > > - Sendmail. This seems to be in use a lot but also there appear to be > security problems with it? > > - Postfix. Ditto No serious security issues with Postfix to my knowledge, there might have been a DoS in one release or some such, but given it's feature set, and size, is a tribute to both code quality, and more crucially sensible architecture, that it has practically no issues. The only security "issue" is that the Debian maintainer went with the more complex chroot install, but 99% of admins probably never noticed this. Only became an issue for me because we were deploying authentication via a socket, and that requires the socket to be inside the chroot of course. Wietse seems to think this more complex config is a mistake, although I'm not sure on his reasons (Google probably knows). Sendmail was still discovering whole new classes of security problems not so long ago, no one would go there out of choice. They plan a rewrite which is basically a clone of the Postfix security architecture. > both of these (along with exim) seem designed for mail servers. Calling sendmail designed is over generous, it evolved from a friendlier era. > ... in googling about mta's there seem to > be strong opinions on sendmail vs postfix vs qmail vs exim but not > really about the smaller packages.. Some folks have strong opinions of smail, and relatives, some of them very positive. Courier didn't get a mention, I think it does everything, but is a bit of a pain to set up. qmail is basically abandoned, it has a hard core following, but weird licensing discouraging folks from shipping something that is usable out of the box. As a case in point, no package in Debian for licence reasons. My problem with Exim is it lacks the security architecture that Postfix has. On the other side of the coin, I think it easier to administer which avoids a different set of potential security problems, and the authors seem to do an okay job of avoiding major security issues. For just an end user box that relays out, security is less of an issue (assuming it doesn't listen on port 25 of an IP address other than 127.0.0.1), you just want something simple. If you are a mail admin, go with what you use (I use Postfix), just so you learn more about it. If you just want admin emails and such like shipped out I think nullmailer should do the trick. Nullmailer probably isn't so suitable for a web server (that sends email via different tools), due to the non-standard /usr/lib/sendmail interface. I'm not too familiar with the other couple you mentioned.... Depends if you have time to play -- write us a comparison maybe?
Attachment:
signature.asc
Description: OpenPGP digital signature
-- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html