[linux-elitists] MTA roundup

Marc MERLIN marc@merlins.org
Mon Apr 29 12:00:35 PDT 2002


On Mon, Apr 29, 2002 at 10:54:42AM -0700, Rick Moen wrote:
> Quoting Marc MERLIN (marc@merlins.org):
> 
> > LJ asked me for a writeup on a variety of subjects, and I picked an MTA
> > roundup.
> 
> I like this round-up a great deal.  It's comprehensive, lucid, and yet
> very concise.
 
I just feel uneasy about my lack of knowledge on postfix/qmail and want to
make sure I do not advantage exim unfairly just because I know it better.
 
> It's my understanding that both sendmail and exim have implemented a
> security strategy of making the single binary drop privilege according
> to role.  

Yep, at least for exim (I don't know the decent details for sendmail).
Exim 3 had 3 security levels for that matter, although it's been simplified
in exim 4
http://www.exim.org/exim-html-4.00/doc/html/spec_47.html#IX1958
http://www.exim.org/exim-html-4.00/doc/html/spec_13.html#IX740

> Thus, the security advantage claimed by modular MTAs (postfix,
> qmail) is reduced, and you gain the advantage of a simpler, easier to
> audit/examine architecture.

Mmmh, I don't know if I'd go that far.
I would still consider qmail and postfix more secure than exim/sendmail

Marc
-- 
Microsoft is to operating systems & security ....
                                      .... what McDonalds is to gourmet cooking
  
Home page: http://marc.merlins.org/   |   Finger marc_f@merlins.org for PGP key



More information about the linux-elitists mailing list