Re: Postfix/Exim Security

From: jon schatz (jon@divisionbyzero.com)
Date: 12/12/01

Previous message: Paul Lussier: "Re: 2 security issues"
In reply to: Ryan M Harris: "Postfix/Exim Security"
Next in thread: David Chin: "Re: Postfix/Exim Security"
Next in thread: Seth Arnold: "Re: Postfix/Exim Security"
Reply: David Chin: "Re: Postfix/Exim Security"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: jon schatz <jon@divisionbyzero.com>
To: Ryan M Harris <rmharris-securityfocus@acdinc.net>
Date: 12 Dec 2001 11:09:03 -0800

On Tue, 2001-12-11 at 13:17, Ryan M Harris wrote:
> What are the specific problems with security on exim/postfix?

the big problem that djb rants about is the world writable mail drop
directory. djb's take can be found here:

http://cr.yp.to/maildisasters/postfix.html

wietse's take is here:

http://www.postfix.org/security.html

personally, i prefer postfix to all other mta's i've used (sendmail,
netscape messaging, exim, qmail). i like configuration files that make
sense, i like not being an open relay, and i like a semi-non-restrictive
license. i also like still having /usr/lib/sendmail work the way it
should in scripts. i find postfix to be easy to extend. for example, it
was fiarly trivial for me to write and incorporate a script that
authenticates relays based on imap logins. just my $.02 though . mta
conversations between sysadmins tend to be like editor wars between
coders.

-jon

-- jon@divisionbyzero.com || www.divisionbyzero.com gpg key: www.divisionbyzero.com/pubkey.asc think i have a virus?: www.divisionbyzero.com/pgp.html "You are in a twisty little maze of Sendmail rules, all confusing."

application/pgp-signature attachment: stored

Previous message: Paul Lussier: "Re: 2 security issues"
In reply to: Ryan M Harris: "Postfix/Exim Security"
Next in thread: David Chin: "Re: Postfix/Exim Security"
Next in thread: Seth Arnold: "Re: Postfix/Exim Security"
Reply: David Chin: "Re: Postfix/Exim Security"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

RE: Ubuntu & Postfix
... my network is protected against such as far as I know. ... Spam is a problem this is ... One of our customers is an open relay, ... Subject: Ubuntu & Postfix ...
(Ubuntu)
Re: Which mailserver should I choose?
... >> So you have to tell postfix to translate your hostaddress. ... >> you install an open relay and may be blocked immediately by different ... What system is running on your notebook. ... Für Vereine kostenloser Eintrag mit Veranstaltungen bis Ende 2004!! ...
(alt.os.linux.suse)
Re: Got Postfix now what?
... and all the other folks concerned about my system being an open relay I would like to let you know that you can sleep a little easier. ... So we can all breathe a little easier for the 3-4 hours a week that postfix will be running on my system. ... And thanks to the other useful information from Roger, Alexandre and a couple of others I recieved privately, I am well on my way to building a secure e-mail system on my Linux box. ...
(Fedora)
Re: Switch MTA -> Postfix
... > mail reports to root after switching from sendmail to postfix? ... to your actual sendmail binary. ... The scripts themselves don't need any ... Installing via the port is probably the easiest way to get postfix ...
(freebsd-questions)
Re: [SLE] Stopping open mail relay in SuSE standard server.
... > I've set up a mail server, using SuSe Standard Server, and while it's ... > According to what I've read in the O'Reilly Postfix book, ... > can't see anything that might be causing the open relay. ...
(SuSE)