Re: Postfix/Exim Security

From: Seth Arnold (sarnold@wirex.com)
Date: 12/12/01 

Date: Wed, 12 Dec 2001 11:28:12 -0800
From: Seth Arnold <sarnold@wirex.com>
To: focus-linux@securityfocus.com

On Tue, Dec 11, 2001 at 04:17:48PM -0500, Ryan M Harris wrote:
> What are the specific problems with security on exim/postfix? Our decision
> has come down to security, since I have looked at both. It seems that exim
> has more features, but that may mean that it has less security (typically).
> Is this the case? (you may also wish to give me your reasons for liking one
> or the other, or you may want to throw another name in the mix)

Heh, you might not like to hear this, but I think both mailers would be
fine choices, even from a security perspective. I don't recall security
problems in exim, and the only security problem with postfix that I
recall didn't seem that impressive to me -- resource exhaustion. I think
I'd put more faith in there not being any new discovered problems in
postfix, but that is based mostly on Wietse's reputation. :)

Perhaps the deciding factor would be a feature in one or the other that
you need, or their documentation. I've not looked at setting up a
postfix system before, but it looks pretty straightforward. Exim's docs
could probably be published in a volume as large as ora.com's sendmail
book. :) (And yes, this is both good at bad. I was overwhelmed with the
sheer amount of documentation available on exim, but if you ever have
problems with it, chances are good the documentation can help. :)

In short -- I consider it a toss-up. Exim might work better for stranger
email setups, but for most people, postfix might be easier to configure.

Cheers! 

-- 
Join the fight against terrorism by giving up your liberties today!

Relevant Pages

  • Re: [SLE] MTA Selection
    ... > security is an absolute requirement. ... qmail works right out of the box.. ... a lot smaller than Sendmail or Postfix. ... "It uses two large monolithic configuration files, ...
    (SuSE)
  • [UNIX] Posfix Remote DoS / Postfix Bounce Scanning
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Postfix is "Wietse Venema's mailer that started life ... There is a remotely exploitable denial of service vulnerability in Postfix ... stopping any queue processing - all mail traffic suppressed. ...
    (Securiteam)
  • Re: Secure Servers (SMTP, POP3, FTP)
    ... Postfix - Secure, quite light on system resources, growing support ... that I couldn't seperate them on the basis of security I went for Exim ...
    (FreeBSD-Security)
  • MD5 checksum changed
    ... I've got a box running Mandrake 9. ... It's running the Apache it came with, postfix for smtp ... AFAIK, I haven't missed any security patches, I read ... from the original postfix rpm package, ...
    (comp.os.linux.security)
  • Re: sendmail
    ... >>I not advocating postfix, exim or qmail, but it might be ... > sendmail doesn't have security issues just because it's tested more ... are mainly due to lack of KISS in the design. ... Not sure about sendmail. ...
    (comp.os.linux.security)