[linux-elitists] MTA roundup

Rick Moen rick@linuxmafia.com
Mon Apr 29 12:10:24 PDT 2002


Quoting Marc MERLIN (marc@merlins.org):

> Yep, at least for exim (I don't know the decent details for sendmail).
> Exim 3 had 3 security levels for that matter, although it's been simplified
> in exim 4
> http://www.exim.org/exim-html-4.00/doc/html/spec_47.html#IX1958
> http://www.exim.org/exim-html-4.00/doc/html/spec_13.html#IX740

For sendmail, it's mentioned in passing here:
http://www.tldp.org/HOWTO/Secure-Programs-HOWTO/minimize-privileges.html
http://www.sendmail.org/8.12.0.html
http://www.sendmail.org/%7Eca/email/doc8.12/SECURITY

>> Thus, the security advantage claimed by modular MTAs (postfix,
>> qmail) is reduced, and you gain the advantage of a simpler, easier to
>> audit/examine architecture.
> 
> Mmmh, I don't know if I'd go that far.
> I would still consider qmail and postfix more secure than exim/sendmail

I did say _reduced_, not reversed.

-- 
Cheers,                                      "Reality is not optional."
Rick Moen                                             -- Thomas Sowell
rick@linuxmafia.com



More information about the linux-elitists mailing list