Re: Postfix/Exim Security

From: Seth Arnold (
Date: 12/12/01

Date: Wed, 12 Dec 2001 11:28:12 -0800
From: Seth Arnold <>

On Tue, Dec 11, 2001 at 04:17:48PM -0500, Ryan M Harris wrote:
> What are the specific problems with security on exim/postfix? Our decision
> has come down to security, since I have looked at both. It seems that exim
> has more features, but that may mean that it has less security (typically).
> Is this the case? (you may also wish to give me your reasons for liking one
> or the other, or you may want to throw another name in the mix)

Heh, you might not like to hear this, but I think both mailers would be
fine choices, even from a security perspective. I don't recall security
problems in exim, and the only security problem with postfix that I
recall didn't seem that impressive to me -- resource exhaustion. I think
I'd put more faith in there not being any new discovered problems in
postfix, but that is based mostly on Wietse's reputation. :)

Perhaps the deciding factor would be a feature in one or the other that
you need, or their documentation. I've not looked at setting up a
postfix system before, but it looks pretty straightforward. Exim's docs
could probably be published in a volume as large as's sendmail
book. :) (And yes, this is both good at bad. I was overwhelmed with the
sheer amount of documentation available on exim, but if you ever have
problems with it, chances are good the documentation can help. :)

In short -- I consider it a toss-up. Exim might work better for stranger
email setups, but for most people, postfix might be easier to configure.


Join the fight against terrorism by giving up your liberties today!

Relevant Pages

  • Re: [SLE] MTA Selection
    ... > security is an absolute requirement. ... qmail works right out of the box.. ... a lot smaller than Sendmail or Postfix. ... "It uses two large monolithic configuration files, ...
  • [UNIX] Posfix Remote DoS / Postfix Bounce Scanning
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: ... Postfix is "Wietse Venema's mailer that started life ... There is a remotely exploitable denial of service vulnerability in Postfix ... stopping any queue processing - all mail traffic suppressed. ...
  • Re: Secure Servers (SMTP, POP3, FTP)
    ... Postfix - Secure, quite light on system resources, growing support ... that I couldn't seperate them on the basis of security I went for Exim ...
  • MD5 checksum changed
    ... I've got a box running Mandrake 9. ... It's running the Apache it came with, postfix for smtp ... AFAIK, I haven't missed any security patches, I read ... from the original postfix rpm package, ...
  • Re: sendmail
    ... >>I not advocating postfix, exim or qmail, but it might be ... > sendmail doesn't have security issues just because it's tested more ... are mainly due to lack of KISS in the design. ... Not sure about sendmail. ...